From 30275954a0f40dbf556e95b45e5467f6353db105 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Sat, 11 Nov 2023 07:28:50 -0600 Subject: [PATCH 01/15] updates --- .../brownfield/addSessionHosts/deploy.bicep | 565 ++++++++++++++++++ .../modules/existingHostPool.bicep | 23 + .../addSessionHosts/modules/hostPool.bicep | 35 ++ .../add-session-hosts.parameters.all.json | 15 + ...add-session-hosts.parameters.min-test.json | 27 + .../add-session-hosts.parameters.min.json | 27 + .../brownfield/addSessionHosts/readme.md | 38 ++ 7 files changed, 730 insertions(+) create mode 100644 workload/bicep/brownfield/addSessionHosts/deploy.bicep create mode 100644 workload/bicep/brownfield/addSessionHosts/modules/existingHostPool.bicep create mode 100644 workload/bicep/brownfield/addSessionHosts/modules/hostPool.bicep create mode 100644 workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.all.json create mode 100644 workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json create mode 100644 workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min.json create mode 100644 workload/bicep/brownfield/addSessionHosts/readme.md diff --git a/workload/bicep/brownfield/addSessionHosts/deploy.bicep b/workload/bicep/brownfield/addSessionHosts/deploy.bicep new file mode 100644 index 000000000..37be84144 --- /dev/null +++ b/workload/bicep/brownfield/addSessionHosts/deploy.bicep @@ -0,0 +1,565 @@ +targetScope = 'subscription' + + +// ========== // +// Parameters // +// ========== // + +@sys.description('AVD disk encryption set resource ID to enable server side encyption. (Default: "")') +param diskEncryptionSetResourceId string = '' + +@sys.description('AVD subnet ID. (Default: )') +param subnetId string + +@sys.description('Location where to deploy compute services. (Default: )') +param location string + +@minLength(2) +@maxLength(4) +@sys.description('The name of the resource group to deploy. (Default: AVD1)') +param deploymentPrefix string = 'AVD1' + +@sys.description('AVD resources custom naming. (Default: false)') +param customNaming bool = false + +// @sys.description('General session host batch identifier') +// param managedIdentityStorageResourceId int + +@maxLength(11) +@sys.description('AVD session host prefix custom name. (Default: vmapp1duse2)') +param sessionHostCustomNamePrefix string = 'vmapp1duse2' + +@maxLength(9) +@sys.description('AVD availability set custom name. (Default: avail)') +param avsetCustomNamePrefix string = 'avail' + +@sys.description('Resource Group name for the session hosts. (Default: )') +param computeRgResourceID string + +@sys.description('Quantity of session hosts to deploy. (Default: 1)') +param count int = 1 + +@allowed([ + 'Dev' // Development + 'Test' // Test + 'Prod' // Production +]) +@sys.description('The name of the resource group to deploy. (Default: Dev)') +param deploymentEnvironment string = 'Dev' + +@sys.description('The session host number to begin with for the deployment. (Default: )') +param countIndex int + +@sys.description('Creates an availability zone and adds the VMs to it. Cannot be used in combination with availability set nor scale set. (Default: true)') +param useAvailabilityZones bool = true + +@sys.description('The service providing domain services for Azure Virtual Desktop. (Default: ADDS)') +param identityServiceProvider string = 'ADDS' + +@sys.description('Required, Eronll session hosts on Intune. (Default: false)') +param createIntuneEnrollment bool = false + +@sys.description('Session host VM size. (Default: Standard_D4ads_v5)') +param vmSize string = 'Standard_D4ads_v5' + +@sys.description('Enables accelerated Networking on the session hosts. (Default: true)') +param enableAcceleratedNetworking bool = true + +@allowed([ + 'Standard' + 'TrustedLaunch' + 'ConfidentialVM' +]) +@sys.description('Specifies the securityType of the virtual machine. "ConfidentialVM" and "TrustedLaunch" require a Gen2 Image. (Default: TrustedLaunch)') +param securityType string = 'TrustedLaunch' + +@sys.description('Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. securityType should be set to TrustedLaunch or ConfidentialVM to enable UefiSettings. (Default: true)') +param secureBootEnabled bool = true + +@sys.description('Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. securityType should be set to TrustedLaunch or ConfidentialVM to enable UefiSettings. (Default: true)') +param vTpmEnabled bool = true + +@sys.description('OS disk type for session host. (Default: Standard_LRS)') +param diskType string = 'Standard_LRS' + +@sys.description('Set to deploy image from Azure Compute Gallery. (Default: false)') +param useSharedImage bool = false + +@sys.description('Source custom image ID. (Default: "")') +param avdImageTemplateDefinitionId string = '' + +@sys.description('Storage Managed Identity Resource ID.') +param storageManagedIdentityResourceId string = '' + +@sys.description('Local administrator username. (Default: "")') +param vmLocalUserName string = 'avdVmLocalUserName' + +@sys.description('Resource ID of keyvault that contains credentials. (Default: )') +param keyVaultResourceId string + +@sys.description('VM local admin keyvault secret name. (Default: )') +param vmLocalAdminPasswordSecretName string + +@sys.description('Domain join user password keyvault secret name. (Default: domainJoinUserPassword)') +param domainJoinPasswordSecretName string = 'domainJoinUserPassword' + +@sys.description('FQDN of on-premises AD domain, used for FSLogix storage configuration and NTFS setup. (Default: "")') +param identityDomainName string = '' + +@sys.description('AVD session host domain join user principal name. (Default: NoUsername)') +param domainJoinUserName string = 'NoUsername' + +@sys.description('OU path to join AVd VMs. (Default: "")') +param sessionHostOuPath string = '' + +@sys.description('Application Security Group (ASG) for the session hosts. (Default: "")') +param asgResourceId string = '' + +@sys.description('AVD Host Pool resource ID. (Default: )') +param hostPoolResourceID string + +@sys.description('Deploy Fslogix setup. (Default: false)') +param createAvdFslogixDeployment bool = false + +@sys.description('FSLogix storage resource ID. (Default: )') +param fslogixStorageResourceId string = '' + +@sys.description('FSLogix file share name. (Default: )') +param fslogixFileShareName string = '' + +@sys.description('Log analytics workspace for diagnostic logs. (Default: "")') +param alaWorkspaceResourceId string = '' + +@sys.description('Deploy AVD monitoring resources and setings. (Default: false)') +param deployMonitoring bool = false + +@allowed([ + 'win10_21h2' + 'win10_21h2_office' + 'win10_22h2_g2' + 'win10_22h2_office_g2' + 'win11_21h2' + 'win11_21h2_office' + 'win11_22h2' + 'win11_22h2_office' +]) +@sys.description('AVD OS image SKU. (Default: win11-21h2)') +param osImage string = 'win11_22h2' + +@sys.description('Do not modify, used to set unique value for resource deployment.') +param time string = utcNow() + +@sys.description('Enables a zero trust configuration on the session host disks. (Default: false)') +param diskZeroTrust bool = false + +@sys.description('Disk encryption set to use for zero trust setup. (Default: )') +param ztDiskEncryptionSetResourceId string = '' + +@sys.description('Apply tags on resources and resource groups. (Default: false)') +param createResourceTags bool = false + +@sys.description('The name of workload for tagging purposes. (Default: Contoso-Workload)') +param workloadNameTag string = 'Contoso-Workload' + +@allowed([ + 'Light' + 'Medium' + 'High' + 'Power' +]) +@sys.description('Reference to the size of the VM for your workloads (Default: Light)') +param workloadTypeTag string = 'Light' + +@allowed([ + 'Non-business' + 'Public' + 'General' + 'Confidential' + 'Highly-confidential' +]) +@sys.description('Sensitivity of data hosted (Default: Non-business)') +param dataClassificationTag string = 'Non-business' + +@sys.description('Department that owns the deployment, (Dafult: Contoso-AVD)') +param departmentTag string = 'Contoso-AVD' + +@allowed([ + 'Low' + 'Medium' + 'High' + 'Mission-critical' + 'Custom' +]) +@sys.description('Criticality of the workload. (Default: Low)') +param workloadCriticalityTag string = 'Low' + +@sys.description('Tag value for custom criticality value. (Default: Contoso-Critical)') +param workloadCriticalityCustomValueTag string = 'Contoso-Critical' + +@sys.description('Details about the application.') +param applicationNameTag string = 'Contoso-App' + +@sys.description('Service level agreement level of the worload. (Contoso-SLA)') +param workloadSlaTag string = 'Contoso-SLA' + +@sys.description('Team accountable for day-to-day operations. (workload-admins@Contoso.com)') +param opsTeamTag string = 'workload-admins@Contoso.com' + +@sys.description('Organizational owner of the AVD deployment. (Default: workload-owner@Contoso.com)') +param ownerTag string = 'workload-owner@Contoso.com' + +@sys.description('Cost center of owner team. (Default: Contoso-CC)') +param costCenterTag string = 'Contoso-CC' + +@sys.description('Sets the number of fault domains for the availability set. (Default: 2)') +param avsetFaultDomainCount int = 2 + +@sys.description('Sets the number of update domains for the availability set. (Default: 5)') +param avsetUpdateDomainCount int = 5 + +// =========== // +// Variable declaration // +// =========== // +var varDeploymentPrefixLowercase = toLower(deploymentPrefix) +var varSessionHostLocationAcronym = varLocations[varSessionHostLocationLowercase].acronym +var varDeploymentEnvironmentComputeStorage = (deploymentEnvironment == 'Dev') ? 'd' : ((deploymentEnvironment == 'Test') ? 't' : ((deploymentEnvironment == 'Prod') ? 'p' : '')) +var varSessionHostNamePrefix = customNaming ? sessionHostCustomNamePrefix : 'vm${varDeploymentPrefixLowercase}${varDeploymentEnvironmentComputeStorage}${varSessionHostLocationAcronym}' +var varDeploymentEnvironmentLowercase = toLower(deploymentEnvironment) +var varComputeStorageResourcesNamingStandard = '${varDeploymentPrefixLowercase}-${varDeploymentEnvironmentLowercase}-${varSessionHostLocationAcronym}' +var varAvsetNamePrefix = customNaming ? '${avsetCustomNamePrefix}-${varComputeStorageResourcesNamingStandard}' : 'avail-${varComputeStorageResourcesNamingStandard}' + +var varLocations = loadJsonContent('../../../variables/locations.json') +var varTimeZoneSessionHosts = varLocations[varSessionHostLocationLowercase].timeZone +var varSessionHostLocationLowercase = toLower(replace(location, ' ', '')) +var varMaxSessionHostsPerTemplate = 10 +var varMaxSessionHostsDivisionValue = count / varMaxSessionHostsPerTemplate +var varMaxSessionHostsDivisionRemainderValue = count % varMaxSessionHostsPerTemplate +var varSessionHostBatchCount = varMaxSessionHostsDivisionRemainderValue > 0 ? varMaxSessionHostsDivisionValue + 1 : varMaxSessionHostsDivisionValue +var varMaxAvsetMembersCount = 199 +var varDivisionAvsetValue = count / varMaxAvsetMembersCount +var varDivisionAvsetRemainderValue = count % varMaxAvsetMembersCount +var varAvsetCount = varDivisionAvsetRemainderValue > 0 ? varDivisionAvsetValue + 1 : varDivisionAvsetValue + +var varComputeSubId = split(computeRgResourceID, '/')[2] +var varComputeRgName = split(computeRgResourceID, '/')[4] + +var varHostpoolSubId = split(hostPoolResourceID, '/')[2] +var varHostpoolRgName = split(hostPoolResourceID, '/')[4] +var varHostPoolName = split(hostPoolResourceID, '/')[8] + +var varKeyVaultSubId = (identityServiceProvider != 'AAD') ? split(keyVaultResourceId, '/')[2] : '' +var varKeyVaultRgName = (identityServiceProvider != 'AAD') ? split(keyVaultResourceId, '/')[4] : '' +var varKeyVaultName = (identityServiceProvider != 'AAD') ? split(keyVaultResourceId, '/')[8] : '' +var varManagedDisk = empty(diskEncryptionSetResourceId) ? { + storageAccountType: diskType +} : { + diskEncryptionSet: { + id: diskEncryptionSetResourceId + } + storageAccountType: diskType +} +var varFslogixStorageAccountName = createAvdFslogixDeployment ? split(fslogixStorageResourceId, '/')[8] : '' +var varFslogixStorageFqdn = createAvdFslogixDeployment ? '${varFslogixStorageAccountName}.file.${environment().suffixes.storage}' : '' +var varFslogixSharePath = createAvdFslogixDeployment ? '\\\\${varFslogixStorageAccountName}.file.${environment().suffixes.storage}\\${fslogixFileShareName}' : '' + +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' +var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' +var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' +var varAllAvailabilityZones = pickZones('Microsoft.Compute', 'virtualMachines', location, 3) +var varAvdDefaultTags = { + 'cm-resource-parent': hostPoolResourceID + Environment: deploymentEnvironment + ServiceWorkload: 'AVD' + CreationTimeUTC: time +} +var varCustomResourceTags = createResourceTags ? { + WorkloadName: workloadNameTag + WorkloadType: workloadTypeTag + DataClassification: dataClassificationTag + Department: departmentTag + Criticality: (workloadCriticalityTag == 'Custom') ? workloadCriticalityCustomValueTag : workloadCriticalityTag + ApplicationName: applicationNameTag + ServiceClass: workloadSlaTag + OpsTeam: opsTeamTag + Owner: ownerTag + CostCenter: costCenterTag +} : {} +var varNicDiagnosticMetricsToEnable = [ + 'AllMetrics' +] +var varMarketPlaceGalleryWindows = { + win10_21h2: { + publisher: 'MicrosoftWindowsDesktop' + offer: 'windows-10' + sku: 'win10-21h2-avd' + version: 'latest' + } + win10_21h2_office: { + publisher: 'MicrosoftWindowsDesktop' + offer: 'office-365' + sku: 'win10-21h2-avd-m365' + version: 'latest' + } + win10_22h2_g2: { + publisher: 'MicrosoftWindowsDesktop' + offer: 'windows-10' + sku: 'win10-22h2-avd-g2' + version: 'latest' + } + win10_22h2_office_g2: { + publisher: 'MicrosoftWindowsDesktop' + offer: 'office-365' + sku: 'win10-22h2-avd-m365-g2' + version: 'latest' + } + win11_21h2: { + publisher: 'MicrosoftWindowsDesktop' + offer: 'Windows-11' + sku: 'win11-21h2-avd' + version: 'latest' + } + win11_21h2_office: { + publisher: 'MicrosoftWindowsDesktop' + offer: 'office-365' + sku: 'win11-21h2-avd-m365' + version: 'latest' + } + win11_22h2: { + publisher: 'MicrosoftWindowsDesktop' + offer: 'Windows-11' + sku: 'win11-22h2-avd' + version: 'latest' + } + win11_22h2_office: { + publisher: 'MicrosoftWindowsDesktop' + offer: 'office-365' + sku: 'win11-22h2-avd-m365' + version: 'latest' + } + winServer_2022_Datacenter: { + publisher: 'MicrosoftWindowsServer' + offer: 'WindowsServer' + sku: '2022-datacenter-g2' + version: 'latest' + } + winServer_2022_Datacenter_smalldisk_g2: { + publisher: 'MicrosoftWindowsServer' + offer: 'WindowsServer' + sku: '2022-datacenter-smalldisk-g2' + version: 'latest' + } + winServer_2022_datacenter_core: { + publisher: 'MicrosoftWindowsServer' + offer: 'WindowsServer' + sku: '2022-datacenter-core-g2' + version: 'latest' + } + winServer_2022_Datacenter_core_smalldisk_g2: { + publisher: 'MicrosoftWindowsServer' + offer: 'WindowsServer' + sku: '2022-datacenter-core-smalldisk-g2' + version: 'latest' + } +} + +// =========== // +// Deployments // +// =========== // + +// Call on the hotspool +resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2019-12-10-preview' existing = { + name: varHostPoolName + scope: resourceGroup('${varHostpoolSubId}', '${varHostpoolRgName}') +} + +// call on the keyvault +resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = if (identityServiceProvider != 'AAD') { + name: varKeyVaultName + scope: resourceGroup('${varKeyVaultSubId}', '${varKeyVaultRgName}') +} + +// Call to the ALA workspace +resource alaWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(alaWorkspaceResourceId) && deployMonitoring) { + scope: az.resourceGroup(split(alaWorkspaceResourceId, '/')[2], split(alaWorkspaceResourceId, '/')[4]) + name: last(split(alaWorkspaceResourceId, '/'))! +} + +// Availability set +module availabilitySet '../../modules/avdSessionHosts/.bicep/availabilitySets.bicep' = if (!useAvailabilityZones) { + name: 'AVD-Availability-Set-${time}' + scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') + params: { + namePrefix: varAvsetNamePrefix + location: location + count: varAvsetCount + faultDomainCount: avsetFaultDomainCount + updateDomainCount: avsetUpdateDomainCount + tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags + } + dependsOn: [ + ] +} + +// Session hosts +@batchSize(3) +module sessionHosts '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/deploy.bicep' = [for i in range(1, count): { + scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') + name: 'SH-${i - 1}-${time}' + params: { + name: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' + location: location + timeZone: time + systemAssignedIdentity: (identityServiceProvider == 'AAD') ? true : false + availabilityZone: useAvailabilityZones ? take(skip(varAllAvailabilityZones, i % length(varAllAvailabilityZones)), 1) : [] + encryptionAtHost: diskZeroTrust + availabilitySetResourceId: useAvailabilityZones ? '' : '/subscriptions/${varComputeSubId}/resourceGroups/${varComputeRgName}/providers/Microsoft.Compute/availabilitySets/${varAvsetNamePrefix}-${padLeft(((1 + (i + countIndex) / varMaxAvsetMembersCount)), 3, '0')}' + osType: 'Windows' + licenseType: 'Windows_Client' + vmSize: vmSize + securityType: securityType + secureBootEnabled: secureBootEnabled + vTpmEnabled: vTpmEnabled + imageReference: useSharedImage ? json('{\'id\': \'${avdImageTemplateDefinitionId}\'}') : varMarketPlaceGalleryWindows[osImage] + osDisk: { + createOption: 'fromImage' + deleteOption: 'Delete' + diskSizeGB: 128 + managedDisk: varManagedDisk + } + adminUsername: vmLocalUserName + adminPassword: keyVault.getSecret(vmLocalAdminPasswordSecretName) + nicConfigurations: [ + { + nicSuffix: 'nic-01-' + deleteOption: 'Delete' + enableAcceleratedNetworking: enableAcceleratedNetworking + ipConfigurations: !empty(asgResourceId) ? [ + { + name: 'ipconfig01' + subnetResourceId: subnetId + applicationSecurityGroups: [ + { + id: asgResourceId + } + ] + } + ] : [ + { + name: 'ipconfig01' + subnetResourceId: subnetId + } + ] + } + ] + // ADDS or AADDS domain join. + extensionDomainJoinPassword: (identityServiceProvider != 'AAD') ? keyVault.getSecret(domainJoinPasswordSecretName) : 'domainJoinUserPassword' + extensionDomainJoinConfig: { + enabled: (identityServiceProvider == 'AAD') ? false : true + settings: { + name: identityDomainName + ouPath: !empty(sessionHostOuPath) ? sessionHostOuPath : null + user: domainJoinUserName + restart: 'true' + options: '3' + } + } + // Microsoft Entra ID Join. + extensionAadJoinConfig: { + enabled: (identityServiceProvider == 'AAD') ? true : false + settings: createIntuneEnrollment ? { + mdmId: '0000000a-0000-0000-c000-000000000000' + } : {} + } + nicdiagnosticMetricsToEnable: deployMonitoring ? varNicDiagnosticMetricsToEnable : [] + diagnosticWorkspaceId: deployMonitoring ? alaWorkspaceResourceId : '' + tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags + } + dependsOn: [ + keyVault + ] +}] + +// Add antimalware extension to session host. +module sessionHostsAntimalwareExtension '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/extensions/deploy.bicep' = [for i in range(1, count): { + scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') + name: 'SH-Antimal-${i - 1}-${time}' + params: { + location: location + virtualMachineName: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' + name: 'MicrosoftAntiMalware' + publisher: 'Microsoft.Azure.Security' + type: 'IaaSAntimalware' + typeHandlerVersion: '1.3' + autoUpgradeMinorVersion: true + enableAutomaticUpgrade: false + settings: { + AntimalwareEnabled: true + RealtimeProtectionEnabled: 'true' + ScheduledScanSettings: { + isEnabled: 'true' + day: '7' // Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday) + time: '120' // When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM. + scanType: 'Quick' //Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick) + } + Exclusions: createAvdFslogixDeployment ? { + Extensions: '*.vhd;*.vhdx' + Paths: '"%ProgramFiles%\\FSLogix\\Apps\\frxdrv.sys;%ProgramFiles%\\FSLogix\\Apps\\frxccd.sys;%ProgramFiles%\\FSLogix\\Apps\\frxdrvvt.sys;%TEMP%\\*.VHD;%TEMP%\\*.VHDX;%Windir%\\TEMP\\*.VHD;%Windir%\\TEMP\\*.VHDX;${varFslogixSharePath}\\*\\*.VHD;${varFslogixSharePath}\\*\\*.VHDX' + Processes: '%ProgramFiles%\\FSLogix\\Apps\\frxccd.exe;%ProgramFiles%\\FSLogix\\Apps\\frxccds.exe;%ProgramFiles%\\FSLogix\\Apps\\frxsvc.exe' + } : {} + } + enableDefaultTelemetry: false + } + dependsOn: [ + sessionHosts + ] +}] + +// Add monitoring extension to session host +module monitoring '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/extensions/deploy.bicep' = [for i in range(1, count): if (deployMonitoring) { + scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') + name: 'SH-Mon-${i - 1}-${time}' + params: { + location: location + virtualMachineName: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' + name: 'MicrosoftMonitoringAgent' + publisher: 'Microsoft.EnterpriseCloud.Monitoring' + type: 'MicrosoftMonitoringAgent' + typeHandlerVersion: '1.0' + autoUpgradeMinorVersion: true + enableAutomaticUpgrade: false + settings: { + workspaceId: !empty(alaWorkspaceResourceId) ? reference(alaWorkspace.id, alaWorkspace.apiVersion).customerId : '' + } + protectedSettings: { + workspaceKey: !empty(alaWorkspaceResourceId) ? alaWorkspace.listKeys().primarySharedKey : '' + } + enableDefaultTelemetry: false + } + dependsOn: [ + sessionHostsAntimalwareExtension + alaWorkspace + ] +}] + +// Apply AVD session host configurations +module sessionHostConfiguration '../../modules/avdSessionHosts/.bicep/configureSessionHost.bicep' = [for i in range(1, count): { + scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') + name: 'SH-Config-${i}-${time}' + params: { + location: location + name: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' + hostPoolToken: hostPool.properties.registrationInfo.token + baseScriptUri: varSessionHostConfigurationScriptUri + scriptName: varSessionHostConfigurationScript + fslogix: createAvdFslogixDeployment + identityDomainName: identityDomainName + vmSize: vmSize + fslogixFileShare: varFslogixSharePath + fslogixStorageFqdn: varFslogixStorageFqdn + identityServiceProvider: identityServiceProvider + } + dependsOn: [ + sessionHosts + monitoring + ] +}] diff --git a/workload/bicep/brownfield/addSessionHosts/modules/existingHostPool.bicep b/workload/bicep/brownfield/addSessionHosts/modules/existingHostPool.bicep new file mode 100644 index 000000000..406196eb1 --- /dev/null +++ b/workload/bicep/brownfield/addSessionHosts/modules/existingHostPool.bicep @@ -0,0 +1,23 @@ +// ========== // +// Parameters // +// ========== // + +@description('Required. The name of the host pool.') +param hostPoolName string + + +// ========== // +// Deployments // +// ========== // + +// Host pool. +resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2021-07-12' existing = { + name: hostPoolName +} + + +// ========== // +// Outputs // +// ========== // + +output info object = hostPool.properties diff --git a/workload/bicep/brownfield/addSessionHosts/modules/hostPool.bicep b/workload/bicep/brownfield/addSessionHosts/modules/hostPool.bicep new file mode 100644 index 000000000..db7307ee1 --- /dev/null +++ b/workload/bicep/brownfield/addSessionHosts/modules/hostPool.bicep @@ -0,0 +1,35 @@ +// ========== // +// Parameters // +// ========== // + +@description('Required. The name of the host pool.') +param hostPoolName string + +@description('Required. The type of host pool.') +param hostPoolType string + +@description('Required. The type of load balancer for the host pool.') +param loadBalancerType string + +@description('Required. The location of the host pool.') +param location string + +@description('Required. The preferred app group type for the host pool.') +param preferredAppGroupType string + + +// ========== // +// Deployments // +// ========== // + +// Host pool. +resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2021-07-12' = { + name: hostPoolName + location: location + properties: { + hostPoolType: hostPoolType + loadBalancerType: loadBalancerType + preferredAppGroupType: preferredAppGroupType + startVMOnConnect: true + } +} diff --git a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.all.json b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.all.json new file mode 100644 index 000000000..1245a87b0 --- /dev/null +++ b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.all.json @@ -0,0 +1,15 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "avdObjectId": { + "value": "<>" + }, + "hostPoolResourceId": { + "value": "<>" + }, + "location": { + "value": "<>" + } + } +} \ No newline at end of file diff --git a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json new file mode 100644 index 000000000..1492c908f --- /dev/null +++ b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json @@ -0,0 +1,27 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "subnetId": { + "value": "/subscriptions/a7bc841f-34c0-4214-9469-cd463b66de35/resourceGroups/rg-avd-x036-dev-use-network/providers/Microsoft.Network/virtualNetworks/vnet-x036-dev-use-001/subnets/snet-avd-x036-dev-use-001" + }, + "location": { + "value": "eastus" + }, + "computeRgResourceID": { + "value": "/subscriptions/a7bc841f-34c0-4214-9469-cd463b66de35/resourceGroups/rg-avd-x036-dev-use-pool-compute" + }, + "countIndex": { + "value": 1 + }, + "vmLocalAdminPasswordSecretName": { + "value": "vmLocalUserPassword" + }, + "keyVaultResourceId": { + "value": "/subscriptions/a7bc841f-34c0-4214-9469-cd463b66de35/resourceGroups/rg-avd-x036-dev-use-service-objects/providers/Microsoft.KeyVault/vaults/kv-sec-x036-dev-use-fv" + }, + "hostPoolResourceID": { + "value": "/subscriptions/a7bc841f-34c0-4214-9469-cd463b66de35/resourceGroups/rg-avd-x036-dev-use-service-objects/providers/Microsoft.DesktopVirtualization/hostpools/vdpool-x036-dev-use-001" + } + } +} \ No newline at end of file diff --git a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min.json b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min.json new file mode 100644 index 000000000..a32049d51 --- /dev/null +++ b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min.json @@ -0,0 +1,27 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "subnetId": { + "value": "<>" + }, + "location": { + "value": "<>" + }, + "computeRgResourceID": { + "value": "<>" + }, + "countIndex": { + "value": "<>" + }, + "vmLocalAdminPasswordSecretName": { + "value": "<>" + }, + "keyVaultResourceId": { + "value": "<>" + }, + "hostPoolResourceID": { + "value": "<>" + } + } +} \ No newline at end of file diff --git a/workload/bicep/brownfield/addSessionHosts/readme.md b/workload/bicep/brownfield/addSessionHosts/readme.md new file mode 100644 index 000000000..73cb2750f --- /dev/null +++ b/workload/bicep/brownfield/addSessionHosts/readme.md @@ -0,0 +1,38 @@ +# Start VM On Connect + +This solution will deploy Start VM On Connect. The feature allows stopped / deallocated VMs to be started on demand when an end user requests a session host from their assigned application group using the AVD client. For more details, see the Microsoft Learn page for this feature: [Start VM On Connect](https://learn.microsoft.com/azure/virtual-desktop/start-virtual-machine-connect?tabs=azure-portal). + +## Requirements + +- Permissions: below are the minimum required permissions to deploy this solution. + - User Access Administrator on the target Subscription + - Desktop Virtualization Host Pool Contributor on the resource group containing the target host pool +- Resources: this solution assumes a host pool already exists in the target subscription. + +## Deployment Options + +### Azure portal UI + +[![Deploy to Azure](https://aka.ms/deploytoazurebutton)](https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fbrownfield%2FdeployStartVmOnConnect.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fbrownfield%2FportalUiStartVmOnConnect.json) [![Deploy to Azure Gov](https://aka.ms/deploytoazuregovbutton)](https://portal.azure.us/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Farm%2Fbrownfield%2FdeployStartVmOnConnect.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Favdaccelerator%2Fmain%2Fworkload%2Fportal-ui%2Fbrownfield%2FportalUiStartVmOnConnect.json) + +### PowerShell + +```powershell +New-AzDeployment ` + -Location '' ` + -TemplateFile 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/brownfield/startVmOnConnect/solution.json' ` + -AvdObjectId '' ` + -HostPoolResourceId '' ` + -Verbose +``` + +### Azure CLI + +```azurecli +az deployment sub create \ + --location '' \ + --template-uri 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/brownfield/startVmOnConnect/solution.json' \ + --parameters \ + AvdObjectId '' \ + HostPoolResourceId '' +``` From b44df04f7ba922799c7f2178e577bf6ada668b58 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Sat, 11 Nov 2023 18:52:33 -0600 Subject: [PATCH 02/15] updates --- .../brownfield/addSessionHosts/deploy.bicep | 365 +++++++++--------- ...add-session-hosts.parameters.min-test.json | 2 +- 2 files changed, 180 insertions(+), 187 deletions(-) diff --git a/workload/bicep/brownfield/addSessionHosts/deploy.bicep b/workload/bicep/brownfield/addSessionHosts/deploy.bicep index 37be84144..7d8df5126 100644 --- a/workload/bicep/brownfield/addSessionHosts/deploy.bicep +++ b/workload/bicep/brownfield/addSessionHosts/deploy.bicep @@ -1,6 +1,5 @@ targetScope = 'subscription' - // ========== // // Parameters // // ========== // @@ -162,10 +161,10 @@ param createResourceTags bool = false param workloadNameTag string = 'Contoso-Workload' @allowed([ - 'Light' - 'Medium' - 'High' - 'Power' + 'Light' + 'Medium' + 'High' + 'Power' ]) @sys.description('Reference to the size of the VM for your workloads (Default: Light)') param workloadTypeTag string = 'Light' @@ -227,7 +226,6 @@ var varSessionHostNamePrefix = customNaming ? sessionHostCustomNamePrefix : 'vm$ var varDeploymentEnvironmentLowercase = toLower(deploymentEnvironment) var varComputeStorageResourcesNamingStandard = '${varDeploymentPrefixLowercase}-${varDeploymentEnvironmentLowercase}-${varSessionHostLocationAcronym}' var varAvsetNamePrefix = customNaming ? '${avsetCustomNamePrefix}-${varComputeStorageResourcesNamingStandard}' : 'avail-${varComputeStorageResourcesNamingStandard}' - var varLocations = loadJsonContent('../../../variables/locations.json') var varTimeZoneSessionHosts = varLocations[varSessionHostLocationLowercase].timeZone var varSessionHostLocationLowercase = toLower(replace(location, ' ', '')) @@ -239,14 +237,11 @@ var varMaxAvsetMembersCount = 199 var varDivisionAvsetValue = count / varMaxAvsetMembersCount var varDivisionAvsetRemainderValue = count % varMaxAvsetMembersCount var varAvsetCount = varDivisionAvsetRemainderValue > 0 ? varDivisionAvsetValue + 1 : varDivisionAvsetValue - var varComputeSubId = split(computeRgResourceID, '/')[2] var varComputeRgName = split(computeRgResourceID, '/')[4] - var varHostpoolSubId = split(hostPoolResourceID, '/')[2] var varHostpoolRgName = split(hostPoolResourceID, '/')[4] var varHostPoolName = split(hostPoolResourceID, '/')[8] - var varKeyVaultSubId = (identityServiceProvider != 'AAD') ? split(keyVaultResourceId, '/')[2] : '' var varKeyVaultRgName = (identityServiceProvider != 'AAD') ? split(keyVaultResourceId, '/')[4] : '' var varKeyVaultName = (identityServiceProvider != 'AAD') ? split(keyVaultResourceId, '/')[8] : '' @@ -254,14 +249,13 @@ var varManagedDisk = empty(diskEncryptionSetResourceId) ? { storageAccountType: diskType } : { diskEncryptionSet: { - id: diskEncryptionSetResourceId + id: diskEncryptionSetResourceId } storageAccountType: diskType } var varFslogixStorageAccountName = createAvdFslogixDeployment ? split(fslogixStorageResourceId, '/')[8] : '' -var varFslogixStorageFqdn = createAvdFslogixDeployment ? '${varFslogixStorageAccountName}.file.${environment().suffixes.storage}' : '' -var varFslogixSharePath = createAvdFslogixDeployment ? '\\\\${varFslogixStorageAccountName}.file.${environment().suffixes.storage}\\${fslogixFileShareName}' : '' - +var varFslogixStorageFqdn = createAvdFslogixDeployment ? '${varFslogixStorageAccountName}.file.${environment().suffixes.storage}' : '' +var varFslogixSharePath = createAvdFslogixDeployment ? '\\\\${varFslogixStorageAccountName}.file.${environment().suffixes.storage}\\${fslogixFileShareName}' : '' var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' @@ -289,76 +283,76 @@ var varNicDiagnosticMetricsToEnable = [ ] var varMarketPlaceGalleryWindows = { win10_21h2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'windows-10' - sku: 'win10-21h2-avd' - version: 'latest' + publisher: 'MicrosoftWindowsDesktop' + offer: 'windows-10' + sku: 'win10-21h2-avd' + version: 'latest' } win10_21h2_office: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win10-21h2-avd-m365' - version: 'latest' + publisher: 'MicrosoftWindowsDesktop' + offer: 'office-365' + sku: 'win10-21h2-avd-m365' + version: 'latest' } win10_22h2_g2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'windows-10' - sku: 'win10-22h2-avd-g2' - version: 'latest' + publisher: 'MicrosoftWindowsDesktop' + offer: 'windows-10' + sku: 'win10-22h2-avd-g2' + version: 'latest' } win10_22h2_office_g2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win10-22h2-avd-m365-g2' - version: 'latest' + publisher: 'MicrosoftWindowsDesktop' + offer: 'office-365' + sku: 'win10-22h2-avd-m365-g2' + version: 'latest' } win11_21h2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'Windows-11' - sku: 'win11-21h2-avd' - version: 'latest' + publisher: 'MicrosoftWindowsDesktop' + offer: 'Windows-11' + sku: 'win11-21h2-avd' + version: 'latest' } win11_21h2_office: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win11-21h2-avd-m365' - version: 'latest' + publisher: 'MicrosoftWindowsDesktop' + offer: 'office-365' + sku: 'win11-21h2-avd-m365' + version: 'latest' } win11_22h2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'Windows-11' - sku: 'win11-22h2-avd' - version: 'latest' + publisher: 'MicrosoftWindowsDesktop' + offer: 'Windows-11' + sku: 'win11-22h2-avd' + version: 'latest' } win11_22h2_office: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win11-22h2-avd-m365' - version: 'latest' + publisher: 'MicrosoftWindowsDesktop' + offer: 'office-365' + sku: 'win11-22h2-avd-m365' + version: 'latest' } winServer_2022_Datacenter: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-g2' - version: 'latest' + publisher: 'MicrosoftWindowsServer' + offer: 'WindowsServer' + sku: '2022-datacenter-g2' + version: 'latest' } winServer_2022_Datacenter_smalldisk_g2: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-smalldisk-g2' - version: 'latest' + publisher: 'MicrosoftWindowsServer' + offer: 'WindowsServer' + sku: '2022-datacenter-smalldisk-g2' + version: 'latest' } winServer_2022_datacenter_core: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-core-g2' - version: 'latest' + publisher: 'MicrosoftWindowsServer' + offer: 'WindowsServer' + sku: '2022-datacenter-core-g2' + version: 'latest' } winServer_2022_Datacenter_core_smalldisk_g2: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-core-smalldisk-g2' - version: 'latest' + publisher: 'MicrosoftWindowsServer' + offer: 'WindowsServer' + sku: '2022-datacenter-core-smalldisk-g2' + version: 'latest' } } @@ -389,15 +383,14 @@ module availabilitySet '../../modules/avdSessionHosts/.bicep/availabilitySets.bi name: 'AVD-Availability-Set-${time}' scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') params: { - namePrefix: varAvsetNamePrefix - location: location - count: varAvsetCount - faultDomainCount: avsetFaultDomainCount - updateDomainCount: avsetUpdateDomainCount - tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags + namePrefix: varAvsetNamePrefix + location: location + count: varAvsetCount + faultDomainCount: avsetFaultDomainCount + updateDomainCount: avsetUpdateDomainCount + tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags } - dependsOn: [ - ] + dependsOn: [] } // Session hosts @@ -406,76 +399,76 @@ module sessionHosts '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/d scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') name: 'SH-${i - 1}-${time}' params: { - name: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' - location: location - timeZone: time - systemAssignedIdentity: (identityServiceProvider == 'AAD') ? true : false - availabilityZone: useAvailabilityZones ? take(skip(varAllAvailabilityZones, i % length(varAllAvailabilityZones)), 1) : [] - encryptionAtHost: diskZeroTrust - availabilitySetResourceId: useAvailabilityZones ? '' : '/subscriptions/${varComputeSubId}/resourceGroups/${varComputeRgName}/providers/Microsoft.Compute/availabilitySets/${varAvsetNamePrefix}-${padLeft(((1 + (i + countIndex) / varMaxAvsetMembersCount)), 3, '0')}' - osType: 'Windows' - licenseType: 'Windows_Client' - vmSize: vmSize - securityType: securityType - secureBootEnabled: secureBootEnabled - vTpmEnabled: vTpmEnabled - imageReference: useSharedImage ? json('{\'id\': \'${avdImageTemplateDefinitionId}\'}') : varMarketPlaceGalleryWindows[osImage] - osDisk: { - createOption: 'fromImage' - deleteOption: 'Delete' - diskSizeGB: 128 - managedDisk: varManagedDisk - } - adminUsername: vmLocalUserName - adminPassword: keyVault.getSecret(vmLocalAdminPasswordSecretName) - nicConfigurations: [ + name: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' + location: location + timeZone: varTimeZoneSessionHosts + systemAssignedIdentity: (identityServiceProvider == 'AAD') ? true : false + availabilityZone: useAvailabilityZones ? take(skip(varAllAvailabilityZones, i % length(varAllAvailabilityZones)), 1) : [] + encryptionAtHost: diskZeroTrust + availabilitySetResourceId: useAvailabilityZones ? '' : '/subscriptions/${varComputeSubId}/resourceGroups/${varComputeRgName}/providers/Microsoft.Compute/availabilitySets/${varAvsetNamePrefix}-${padLeft(((1 + (i + countIndex) / varMaxAvsetMembersCount)), 3, '0')}' + osType: 'Windows' + licenseType: 'Windows_Client' + vmSize: vmSize + securityType: securityType + secureBootEnabled: secureBootEnabled + vTpmEnabled: vTpmEnabled + imageReference: useSharedImage ? json('{\'id\': \'${avdImageTemplateDefinitionId}\'}') : varMarketPlaceGalleryWindows[osImage] + osDisk: { + createOption: 'fromImage' + deleteOption: 'Delete' + diskSizeGB: 128 + managedDisk: varManagedDisk + } + adminUsername: vmLocalUserName + adminPassword: keyVault.getSecret(vmLocalAdminPasswordSecretName) + nicConfigurations: [ + { + nicSuffix: 'nic-01-' + deleteOption: 'Delete' + enableAcceleratedNetworking: enableAcceleratedNetworking + ipConfigurations: !empty(asgResourceId) ? [ { - nicSuffix: 'nic-01-' - deleteOption: 'Delete' - enableAcceleratedNetworking: enableAcceleratedNetworking - ipConfigurations: !empty(asgResourceId) ? [ - { - name: 'ipconfig01' - subnetResourceId: subnetId - applicationSecurityGroups: [ - { - id: asgResourceId - } - ] - } - ] : [ - { - name: 'ipconfig01' - subnetResourceId: subnetId - } - ] + name: 'ipconfig01' + subnetResourceId: subnetId + applicationSecurityGroups: [ + { + id: asgResourceId + } + ] } - ] - // ADDS or AADDS domain join. - extensionDomainJoinPassword: (identityServiceProvider != 'AAD') ? keyVault.getSecret(domainJoinPasswordSecretName) : 'domainJoinUserPassword' - extensionDomainJoinConfig: { - enabled: (identityServiceProvider == 'AAD') ? false : true - settings: { - name: identityDomainName - ouPath: !empty(sessionHostOuPath) ? sessionHostOuPath : null - user: domainJoinUserName - restart: 'true' - options: '3' + ] : [ + { + name: 'ipconfig01' + subnetResourceId: subnetId } + ] } - // Microsoft Entra ID Join. - extensionAadJoinConfig: { - enabled: (identityServiceProvider == 'AAD') ? true : false - settings: createIntuneEnrollment ? { - mdmId: '0000000a-0000-0000-c000-000000000000' - } : {} + ] + // ADDS or AADDS domain join. + extensionDomainJoinPassword: (identityServiceProvider != 'AAD') ? keyVault.getSecret(domainJoinPasswordSecretName) : 'domainJoinUserPassword' + extensionDomainJoinConfig: { + enabled: (identityServiceProvider == 'AAD') ? false : true + settings: { + name: identityDomainName + ouPath: !empty(sessionHostOuPath) ? sessionHostOuPath : null + user: domainJoinUserName + restart: 'true' + options: '3' } - nicdiagnosticMetricsToEnable: deployMonitoring ? varNicDiagnosticMetricsToEnable : [] - diagnosticWorkspaceId: deployMonitoring ? alaWorkspaceResourceId : '' - tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags + } + // Microsoft Entra ID Join. + extensionAadJoinConfig: { + enabled: (identityServiceProvider == 'AAD') ? true : false + settings: createIntuneEnrollment ? { + mdmId: '0000000a-0000-0000-c000-000000000000' + } : {} + } + nicdiagnosticMetricsToEnable: deployMonitoring ? varNicDiagnosticMetricsToEnable : [] + diagnosticWorkspaceId: deployMonitoring ? alaWorkspaceResourceId : '' + tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags } dependsOn: [ - keyVault + keyVault ] }] @@ -484,33 +477,33 @@ module sessionHostsAntimalwareExtension '../../../../carml/1.3.0/Microsoft.Compu scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') name: 'SH-Antimal-${i - 1}-${time}' params: { - location: location - virtualMachineName: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' - name: 'MicrosoftAntiMalware' - publisher: 'Microsoft.Azure.Security' - type: 'IaaSAntimalware' - typeHandlerVersion: '1.3' - autoUpgradeMinorVersion: true - enableAutomaticUpgrade: false - settings: { - AntimalwareEnabled: true - RealtimeProtectionEnabled: 'true' - ScheduledScanSettings: { - isEnabled: 'true' - day: '7' // Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday) - time: '120' // When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM. - scanType: 'Quick' //Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick) - } - Exclusions: createAvdFslogixDeployment ? { - Extensions: '*.vhd;*.vhdx' - Paths: '"%ProgramFiles%\\FSLogix\\Apps\\frxdrv.sys;%ProgramFiles%\\FSLogix\\Apps\\frxccd.sys;%ProgramFiles%\\FSLogix\\Apps\\frxdrvvt.sys;%TEMP%\\*.VHD;%TEMP%\\*.VHDX;%Windir%\\TEMP\\*.VHD;%Windir%\\TEMP\\*.VHDX;${varFslogixSharePath}\\*\\*.VHD;${varFslogixSharePath}\\*\\*.VHDX' - Processes: '%ProgramFiles%\\FSLogix\\Apps\\frxccd.exe;%ProgramFiles%\\FSLogix\\Apps\\frxccds.exe;%ProgramFiles%\\FSLogix\\Apps\\frxsvc.exe' - } : {} + location: location + virtualMachineName: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' + name: 'MicrosoftAntiMalware' + publisher: 'Microsoft.Azure.Security' + type: 'IaaSAntimalware' + typeHandlerVersion: '1.3' + autoUpgradeMinorVersion: true + enableAutomaticUpgrade: false + settings: { + AntimalwareEnabled: true + RealtimeProtectionEnabled: 'true' + ScheduledScanSettings: { + isEnabled: 'true' + day: '7' // Day of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday) + time: '120' // When to perform the scheduled scan, measured in minutes from midnight (0-1440). For example: 0 = 12AM, 60 = 1AM, 120 = 2AM. + scanType: 'Quick' //Indicates whether scheduled scan setting type is set to Quick or Full (default is Quick) } - enableDefaultTelemetry: false + Exclusions: createAvdFslogixDeployment ? { + Extensions: '*.vhd;*.vhdx' + Paths: '"%ProgramFiles%\\FSLogix\\Apps\\frxdrv.sys;%ProgramFiles%\\FSLogix\\Apps\\frxccd.sys;%ProgramFiles%\\FSLogix\\Apps\\frxdrvvt.sys;%TEMP%\\*.VHD;%TEMP%\\*.VHDX;%Windir%\\TEMP\\*.VHD;%Windir%\\TEMP\\*.VHDX;${varFslogixSharePath}\\*\\*.VHD;${varFslogixSharePath}\\*\\*.VHDX' + Processes: '%ProgramFiles%\\FSLogix\\Apps\\frxccd.exe;%ProgramFiles%\\FSLogix\\Apps\\frxccds.exe;%ProgramFiles%\\FSLogix\\Apps\\frxsvc.exe' + } : {} + } + enableDefaultTelemetry: false } dependsOn: [ - sessionHosts + sessionHosts ] }] @@ -519,25 +512,25 @@ module monitoring '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/ext scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') name: 'SH-Mon-${i - 1}-${time}' params: { - location: location - virtualMachineName: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' - name: 'MicrosoftMonitoringAgent' - publisher: 'Microsoft.EnterpriseCloud.Monitoring' - type: 'MicrosoftMonitoringAgent' - typeHandlerVersion: '1.0' - autoUpgradeMinorVersion: true - enableAutomaticUpgrade: false - settings: { - workspaceId: !empty(alaWorkspaceResourceId) ? reference(alaWorkspace.id, alaWorkspace.apiVersion).customerId : '' - } - protectedSettings: { - workspaceKey: !empty(alaWorkspaceResourceId) ? alaWorkspace.listKeys().primarySharedKey : '' - } - enableDefaultTelemetry: false + location: location + virtualMachineName: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' + name: 'MicrosoftMonitoringAgent' + publisher: 'Microsoft.EnterpriseCloud.Monitoring' + type: 'MicrosoftMonitoringAgent' + typeHandlerVersion: '1.0' + autoUpgradeMinorVersion: true + enableAutomaticUpgrade: false + settings: { + workspaceId: !empty(alaWorkspaceResourceId) ? reference(alaWorkspace.id, alaWorkspace.apiVersion).customerId : '' + } + protectedSettings: { + workspaceKey: !empty(alaWorkspaceResourceId) ? alaWorkspace.listKeys().primarySharedKey : '' + } + enableDefaultTelemetry: false } dependsOn: [ - sessionHostsAntimalwareExtension - alaWorkspace + sessionHostsAntimalwareExtension + alaWorkspace ] }] @@ -546,20 +539,20 @@ module sessionHostConfiguration '../../modules/avdSessionHosts/.bicep/configureS scope: resourceGroup('${varComputeSubId}', '${varComputeRgName}') name: 'SH-Config-${i}-${time}' params: { - location: location - name: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' - hostPoolToken: hostPool.properties.registrationInfo.token - baseScriptUri: varSessionHostConfigurationScriptUri - scriptName: varSessionHostConfigurationScript - fslogix: createAvdFslogixDeployment - identityDomainName: identityDomainName - vmSize: vmSize - fslogixFileShare: varFslogixSharePath - fslogixStorageFqdn: varFslogixStorageFqdn - identityServiceProvider: identityServiceProvider + location: location + name: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' + hostPoolToken: hostPool.properties.registrationInfo.token //hostPool.properties.registrationInfo.token + baseScriptUri: varSessionHostConfigurationScriptUri + scriptName: varSessionHostConfigurationScript + fslogix: createAvdFslogixDeployment + identityDomainName: identityDomainName + vmSize: vmSize + fslogixFileShare: varFslogixSharePath + fslogixStorageFqdn: varFslogixStorageFqdn + identityServiceProvider: identityServiceProvider } dependsOn: [ - sessionHosts - monitoring + sessionHosts + monitoring ] }] diff --git a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json index 1492c908f..7f30fbd4b 100644 --- a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json +++ b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json @@ -12,7 +12,7 @@ "value": "/subscriptions/a7bc841f-34c0-4214-9469-cd463b66de35/resourceGroups/rg-avd-x036-dev-use-pool-compute" }, "countIndex": { - "value": 1 + "value": 10 }, "vmLocalAdminPasswordSecretName": { "value": "vmLocalUserPassword" From 4bf1ed90c7da38378b1b1fa916141f6e5456d23b Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Sun, 12 Nov 2023 10:55:44 -0600 Subject: [PATCH 03/15] updates --- .../brownfield/addSessionHosts/deploy.bicep | 273 +++++++----------- ...add-session-hosts.parameters.min-test.json | 2 +- .../modules/avdSessionHosts/deploy.bicep | 2 +- workload/variables/osMarketPlaceImages.json | 74 +++++ 4 files changed, 177 insertions(+), 174 deletions(-) create mode 100644 workload/variables/osMarketPlaceImages.json diff --git a/workload/bicep/brownfield/addSessionHosts/deploy.bicep b/workload/bicep/brownfield/addSessionHosts/deploy.bicep index 7d8df5126..350e4cb71 100644 --- a/workload/bicep/brownfield/addSessionHosts/deploy.bicep +++ b/workload/bicep/brownfield/addSessionHosts/deploy.bicep @@ -4,40 +4,74 @@ targetScope = 'subscription' // Parameters // // ========== // -@sys.description('AVD disk encryption set resource ID to enable server side encyption. (Default: "")') -param diskEncryptionSetResourceId string = '' - -@sys.description('AVD subnet ID. (Default: )') -param subnetId string - -@sys.description('Location where to deploy compute services. (Default: )') -param location string +@sys.description('Log analytics workspace for diagnostic logs. (Default: "")') +param alaWorkspaceResourceId string = '' -@minLength(2) -@maxLength(4) -@sys.description('The name of the resource group to deploy. (Default: AVD1)') -param deploymentPrefix string = 'AVD1' +@sys.description('Details about the application.') +param applicationNameTag string = 'Contoso-App' -@sys.description('AVD resources custom naming. (Default: false)') -param customNaming bool = false +@sys.description('Sets the number of fault domains for the availability set. (Default: 2)') +param avsetFaultDomainCount int = 2 -// @sys.description('General session host batch identifier') -// param managedIdentityStorageResourceId int +@sys.description('Sets the number of update domains for the availability set. (Default: 5)') +param avsetUpdateDomainCount int = 5 -@maxLength(11) -@sys.description('AVD session host prefix custom name. (Default: vmapp1duse2)') -param sessionHostCustomNamePrefix string = 'vmapp1duse2' +@sys.description('Application Security Group (ASG) for the session hosts. (Default: "")') +param asgResourceId string = '' @maxLength(9) @sys.description('AVD availability set custom name. (Default: avail)') param avsetCustomNamePrefix string = 'avail' +@sys.description('Source custom image ID. (Default: "")') +param avdImageTemplateDefinitionId string = '' + @sys.description('Resource Group name for the session hosts. (Default: )') param computeRgResourceID string @sys.description('Quantity of session hosts to deploy. (Default: 1)') param count int = 1 +@sys.description('The session host number to begin with for the deployment. (Default: )') +param countIndex int + +@sys.description('AVD resources custom naming. (Default: false)') +param customNaming bool = false + +@sys.description('Required, Eronll session hosts on Intune. (Default: false)') +param createIntuneEnrollment bool = false + +@sys.description('Deploy Fslogix setup. (Default: false)') +param createAvdFslogixDeployment bool = false + +@sys.description('Apply tags on resources and resource groups. (Default: false)') +param createResourceTags bool = false + +@sys.description('Cost center of owner team. (Default: Contoso-CC)') +param costCenterTag string = 'Contoso-CC' + +@sys.description('AVD disk encryption set resource ID to enable server side encyption. (Default: "")') +param diskEncryptionSetResourceId string = '' + +@sys.description('Department that owns the deployment, (Dafult: Contoso-AVD)') +param departmentTag string = 'Contoso-AVD' + +@allowed([ + 'Non-business' + 'Public' + 'General' + 'Confidential' + 'Highly-confidential' +]) +@sys.description('Sensitivity of data hosted (Default: Non-business)') +param dataClassificationTag string = 'Non-business' + +@sys.description('Enables a zero trust configuration on the session host disks. (Default: false)') +param diskZeroTrust bool = false + +@sys.description('Deploy AVD monitoring resources and setings. (Default: false)') +param deployMonitoring bool = false + @allowed([ 'Dev' // Development 'Test' // Test @@ -46,8 +80,47 @@ param count int = 1 @sys.description('The name of the resource group to deploy. (Default: Dev)') param deploymentEnvironment string = 'Dev' -@sys.description('The session host number to begin with for the deployment. (Default: )') -param countIndex int +@minLength(2) +@maxLength(4) +@sys.description('The name of the resource group to deploy. (Default: AVD1)') +param deploymentPrefix string = 'AVD1' + +@sys.description('AVD session host domain join user principal name. (Default: NoUsername)') +param domainJoinUserName string = 'NoUsername' + +@sys.description('OS disk type for session host. (Default: Standard_LRS)') +param diskType string = 'Standard_LRS' + +@sys.description('Domain join user password keyvault secret name. (Default: domainJoinUserPassword)') +param domainJoinPasswordSecretName string = 'domainJoinUserPassword' + +@sys.description('Enables accelerated Networking on the session hosts. (Default: true)') +param enableAcceleratedNetworking bool = true + +@sys.description('FSLogix storage resource ID. (Default: )') +param fslogixStorageResourceId string = '' + +@sys.description('FSLogix file share name. (Default: )') +param fslogixFileShareName string = '' + +@sys.description('AVD Host Pool resource ID. (Default: )') +param hostPoolResourceID string + +@sys.description('FQDN of on-premises AD domain, used for FSLogix storage configuration and NTFS setup. (Default: "")') +param identityDomainName string = '' + +@sys.description('AVD subnet ID. (Default: )') +param subnetId string + +@sys.description('Location where to deploy compute services. (Default: )') +param location string + +// @sys.description('General session host batch identifier') +// param managedIdentityStorageResourceId int + +@maxLength(11) +@sys.description('AVD session host prefix custom name. (Default: vmapp1duse2)') +param sessionHostCustomNamePrefix string = 'vmapp1duse2' @sys.description('Creates an availability zone and adds the VMs to it. Cannot be used in combination with availability set nor scale set. (Default: true)') param useAvailabilityZones bool = true @@ -55,14 +128,12 @@ param useAvailabilityZones bool = true @sys.description('The service providing domain services for Azure Virtual Desktop. (Default: ADDS)') param identityServiceProvider string = 'ADDS' -@sys.description('Required, Eronll session hosts on Intune. (Default: false)') -param createIntuneEnrollment bool = false @sys.description('Session host VM size. (Default: Standard_D4ads_v5)') param vmSize string = 'Standard_D4ads_v5' -@sys.description('Enables accelerated Networking on the session hosts. (Default: true)') -param enableAcceleratedNetworking bool = true +@sys.description('Disk encryption set to use for zero trust setup. (Default: )') +param ztDiskEncryptionSetResourceId string = '' @allowed([ 'Standard' @@ -78,15 +149,9 @@ param secureBootEnabled bool = true @sys.description('Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. securityType should be set to TrustedLaunch or ConfidentialVM to enable UefiSettings. (Default: true)') param vTpmEnabled bool = true -@sys.description('OS disk type for session host. (Default: Standard_LRS)') -param diskType string = 'Standard_LRS' - @sys.description('Set to deploy image from Azure Compute Gallery. (Default: false)') param useSharedImage bool = false -@sys.description('Source custom image ID. (Default: "")') -param avdImageTemplateDefinitionId string = '' - @sys.description('Storage Managed Identity Resource ID.') param storageManagedIdentityResourceId string = '' @@ -99,39 +164,9 @@ param keyVaultResourceId string @sys.description('VM local admin keyvault secret name. (Default: )') param vmLocalAdminPasswordSecretName string -@sys.description('Domain join user password keyvault secret name. (Default: domainJoinUserPassword)') -param domainJoinPasswordSecretName string = 'domainJoinUserPassword' - -@sys.description('FQDN of on-premises AD domain, used for FSLogix storage configuration and NTFS setup. (Default: "")') -param identityDomainName string = '' - -@sys.description('AVD session host domain join user principal name. (Default: NoUsername)') -param domainJoinUserName string = 'NoUsername' - @sys.description('OU path to join AVd VMs. (Default: "")') param sessionHostOuPath string = '' -@sys.description('Application Security Group (ASG) for the session hosts. (Default: "")') -param asgResourceId string = '' - -@sys.description('AVD Host Pool resource ID. (Default: )') -param hostPoolResourceID string - -@sys.description('Deploy Fslogix setup. (Default: false)') -param createAvdFslogixDeployment bool = false - -@sys.description('FSLogix storage resource ID. (Default: )') -param fslogixStorageResourceId string = '' - -@sys.description('FSLogix file share name. (Default: )') -param fslogixFileShareName string = '' - -@sys.description('Log analytics workspace for diagnostic logs. (Default: "")') -param alaWorkspaceResourceId string = '' - -@sys.description('Deploy AVD monitoring resources and setings. (Default: false)') -param deployMonitoring bool = false - @allowed([ 'win10_21h2' 'win10_21h2_office' @@ -148,15 +183,6 @@ param osImage string = 'win11_22h2' @sys.description('Do not modify, used to set unique value for resource deployment.') param time string = utcNow() -@sys.description('Enables a zero trust configuration on the session host disks. (Default: false)') -param diskZeroTrust bool = false - -@sys.description('Disk encryption set to use for zero trust setup. (Default: )') -param ztDiskEncryptionSetResourceId string = '' - -@sys.description('Apply tags on resources and resource groups. (Default: false)') -param createResourceTags bool = false - @sys.description('The name of workload for tagging purposes. (Default: Contoso-Workload)') param workloadNameTag string = 'Contoso-Workload' @@ -169,19 +195,6 @@ param workloadNameTag string = 'Contoso-Workload' @sys.description('Reference to the size of the VM for your workloads (Default: Light)') param workloadTypeTag string = 'Light' -@allowed([ - 'Non-business' - 'Public' - 'General' - 'Confidential' - 'Highly-confidential' -]) -@sys.description('Sensitivity of data hosted (Default: Non-business)') -param dataClassificationTag string = 'Non-business' - -@sys.description('Department that owns the deployment, (Dafult: Contoso-AVD)') -param departmentTag string = 'Contoso-AVD' - @allowed([ 'Low' 'Medium' @@ -195,9 +208,6 @@ param workloadCriticalityTag string = 'Low' @sys.description('Tag value for custom criticality value. (Default: Contoso-Critical)') param workloadCriticalityCustomValueTag string = 'Contoso-Critical' -@sys.description('Details about the application.') -param applicationNameTag string = 'Contoso-App' - @sys.description('Service level agreement level of the worload. (Contoso-SLA)') param workloadSlaTag string = 'Contoso-SLA' @@ -207,15 +217,6 @@ param opsTeamTag string = 'workload-admins@Contoso.com' @sys.description('Organizational owner of the AVD deployment. (Default: workload-owner@Contoso.com)') param ownerTag string = 'workload-owner@Contoso.com' -@sys.description('Cost center of owner team. (Default: Contoso-CC)') -param costCenterTag string = 'Contoso-CC' - -@sys.description('Sets the number of fault domains for the availability set. (Default: 2)') -param avsetFaultDomainCount int = 2 - -@sys.description('Sets the number of update domains for the availability set. (Default: 5)') -param avsetUpdateDomainCount int = 5 - // =========== // // Variable declaration // // =========== // @@ -227,6 +228,7 @@ var varDeploymentEnvironmentLowercase = toLower(deploymentEnvironment) var varComputeStorageResourcesNamingStandard = '${varDeploymentPrefixLowercase}-${varDeploymentEnvironmentLowercase}-${varSessionHostLocationAcronym}' var varAvsetNamePrefix = customNaming ? '${avsetCustomNamePrefix}-${varComputeStorageResourcesNamingStandard}' : 'avail-${varComputeStorageResourcesNamingStandard}' var varLocations = loadJsonContent('../../../variables/locations.json') +var varMarketPlaceGalleryWindows = loadJsonContent('../../../variables/osMarketPlaceImages.json') var varTimeZoneSessionHosts = varLocations[varSessionHostLocationLowercase].timeZone var varSessionHostLocationLowercase = toLower(replace(location, ' ', '')) var varMaxSessionHostsPerTemplate = 10 @@ -281,81 +283,6 @@ var varCustomResourceTags = createResourceTags ? { var varNicDiagnosticMetricsToEnable = [ 'AllMetrics' ] -var varMarketPlaceGalleryWindows = { - win10_21h2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'windows-10' - sku: 'win10-21h2-avd' - version: 'latest' - } - win10_21h2_office: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win10-21h2-avd-m365' - version: 'latest' - } - win10_22h2_g2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'windows-10' - sku: 'win10-22h2-avd-g2' - version: 'latest' - } - win10_22h2_office_g2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win10-22h2-avd-m365-g2' - version: 'latest' - } - win11_21h2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'Windows-11' - sku: 'win11-21h2-avd' - version: 'latest' - } - win11_21h2_office: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win11-21h2-avd-m365' - version: 'latest' - } - win11_22h2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'Windows-11' - sku: 'win11-22h2-avd' - version: 'latest' - } - win11_22h2_office: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win11-22h2-avd-m365' - version: 'latest' - } - winServer_2022_Datacenter: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-g2' - version: 'latest' - } - winServer_2022_Datacenter_smalldisk_g2: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-smalldisk-g2' - version: 'latest' - } - winServer_2022_datacenter_core: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-core-g2' - version: 'latest' - } - winServer_2022_Datacenter_core_smalldisk_g2: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-core-smalldisk-g2' - version: 'latest' - } -} - // =========== // // Deployments // // =========== // @@ -445,9 +372,9 @@ module sessionHosts '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/d } ] // ADDS or AADDS domain join. - extensionDomainJoinPassword: (identityServiceProvider != 'AAD') ? keyVault.getSecret(domainJoinPasswordSecretName) : 'domainJoinUserPassword' + extensionDomainJoinPassword: (identityServiceProvider == 'ADDS' || identityServiceProvider == 'AADDS') ? keyVault.getSecret(domainJoinPasswordSecretName) : 'domainJoinUserPassword' extensionDomainJoinConfig: { - enabled: (identityServiceProvider == 'AAD') ? false : true + enabled: (identityServiceProvider == 'ADDS' || identityServiceProvider == 'AADDS') ? true : false settings: { name: identityDomainName ouPath: !empty(sessionHostOuPath) ? sessionHostOuPath : null @@ -469,6 +396,7 @@ module sessionHosts '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/d } dependsOn: [ keyVault + availabilitySet ] }] @@ -554,5 +482,6 @@ module sessionHostConfiguration '../../modules/avdSessionHosts/.bicep/configureS dependsOn: [ sessionHosts monitoring + hostPool ] }] diff --git a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json index 7f30fbd4b..3326d159c 100644 --- a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json +++ b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json @@ -12,7 +12,7 @@ "value": "/subscriptions/a7bc841f-34c0-4214-9469-cd463b66de35/resourceGroups/rg-avd-x036-dev-use-pool-compute" }, "countIndex": { - "value": 10 + "value": 12 }, "vmLocalAdminPasswordSecretName": { "value": "vmLocalUserPassword" diff --git a/workload/bicep/modules/avdSessionHosts/deploy.bicep b/workload/bicep/modules/avdSessionHosts/deploy.bicep index c63e190ff..77ee877e8 100644 --- a/workload/bicep/modules/avdSessionHosts/deploy.bicep +++ b/workload/bicep/modules/avdSessionHosts/deploy.bicep @@ -216,7 +216,7 @@ module sessionHosts '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/d // ADDS or AADDS domain join. extensionDomainJoinPassword: keyVault.getSecret('domainJoinUserPassword') extensionDomainJoinConfig: { - enabled: (identityServiceProvider == 'AAD') ? false : true + enabled: (identityServiceProvider == 'ADDS' || identityServiceProvider == 'AADDS') ? true : false settings: { name: identityDomainName ouPath: !empty(sessionHostOuPath) ? sessionHostOuPath : null diff --git a/workload/variables/osMarketPlaceImages.json b/workload/variables/osMarketPlaceImages.json new file mode 100644 index 000000000..14d7de7ce --- /dev/null +++ b/workload/variables/osMarketPlaceImages.json @@ -0,0 +1,74 @@ +{ + "win10_21h2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "windows-10", + "sku": "win10-21h2-avd", + "version": "latest" + }, + "win10_21h2_office": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win10-21h2-avd-m365", + "version": "latest" + }, + "win10_22h2_g2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "windows-10", + "sku": "win10-22h2-avd-g2", + "version": "latest" + }, + "win10_22h2_office_g2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win10-22h2-avd-m365-g2", + "version": "latest" + }, + "win11_21h2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "Windows-11", + "sku": "win11-21h2-avd", + "version": "latest" + }, + "win11_21h2_office": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win11-21h2-avd-m365", + "version": "latest" + }, + "win11_22h2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "Windows-11", + "sku": "win11-22h2-avd", + "version": "latest" + }, + "win11_22h2_office": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win11-22h2-avd-m365", + "version": "latest" + }, + "winServer_2022_Datacenter": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-g2", + "version": "latest" + }, + "winServer_2022_Datacenter_smalldisk_g2": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-smalldisk-g2", + "version": "latest" + }, + "winServer_2022_datacenter_core": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-core-g2", + "version": "latest" + }, + "winServer_2022_Datacenter_core_smalldisk_g2": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-core-smalldisk-g2", + "version": "latest" + } +} \ No newline at end of file From 14eabd4152e7435b032ef941153f8394688ec6cb Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Sun, 12 Nov 2023 11:22:01 -0600 Subject: [PATCH 04/15] updates --- .../brownfield/addSessionHosts/deploy.bicep | 10 +-- workload/bicep/deploy-baseline.bicep | 76 +------------------ .../scripts/Set-SessionHostConfiguration.ps1 | 6 +- 3 files changed, 10 insertions(+), 82 deletions(-) diff --git a/workload/bicep/brownfield/addSessionHosts/deploy.bicep b/workload/bicep/brownfield/addSessionHosts/deploy.bicep index 350e4cb71..7c5804738 100644 --- a/workload/bicep/brownfield/addSessionHosts/deploy.bicep +++ b/workload/bicep/brownfield/addSessionHosts/deploy.bicep @@ -244,9 +244,9 @@ var varComputeRgName = split(computeRgResourceID, '/')[4] var varHostpoolSubId = split(hostPoolResourceID, '/')[2] var varHostpoolRgName = split(hostPoolResourceID, '/')[4] var varHostPoolName = split(hostPoolResourceID, '/')[8] -var varKeyVaultSubId = (identityServiceProvider != 'AAD') ? split(keyVaultResourceId, '/')[2] : '' -var varKeyVaultRgName = (identityServiceProvider != 'AAD') ? split(keyVaultResourceId, '/')[4] : '' -var varKeyVaultName = (identityServiceProvider != 'AAD') ? split(keyVaultResourceId, '/')[8] : '' +var varKeyVaultSubId = split(keyVaultResourceId, '/')[2] +var varKeyVaultRgName = split(keyVaultResourceId, '/')[4] +var varKeyVaultName = split(keyVaultResourceId, '/')[8] var varManagedDisk = empty(diskEncryptionSetResourceId) ? { storageAccountType: diskType } : { @@ -258,7 +258,7 @@ var varManagedDisk = empty(diskEncryptionSetResourceId) ? { var varFslogixStorageAccountName = createAvdFslogixDeployment ? split(fslogixStorageResourceId, '/')[8] : '' var varFslogixStorageFqdn = createAvdFslogixDeployment ? '${varFslogixStorageAccountName}.file.${environment().suffixes.storage}' : '' var varFslogixSharePath = createAvdFslogixDeployment ? '\\\\${varFslogixStorageAccountName}.file.${environment().suffixes.storage}\\${fslogixFileShareName}' : '' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/aad-sh/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' var varAllAvailabilityZones = pickZones('Microsoft.Compute', 'virtualMachines', location, 3) @@ -294,7 +294,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostPools@2019-12-10-preview' } // call on the keyvault -resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = if (identityServiceProvider != 'AAD') { +resource keyVault 'Microsoft.KeyVault/vaults@2021-06-01-preview' existing = { name: varKeyVaultName scope: resourceGroup('${varKeyVaultSubId}', '${varKeyVaultRgName}') } diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 24dad9911..1e06bc44f 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -678,80 +678,8 @@ var varScalingPlanSchedules = [ } } ] -var varMarketPlaceGalleryWindows = { - win10_21h2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'windows-10' - sku: 'win10-21h2-avd' - version: 'latest' - } - win10_21h2_office: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win10-21h2-avd-m365' - version: 'latest' - } - win10_22h2_g2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'windows-10' - sku: 'win10-22h2-avd-g2' - version: 'latest' - } - win10_22h2_office_g2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win10-22h2-avd-m365-g2' - version: 'latest' - } - win11_21h2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'Windows-11' - sku: 'win11-21h2-avd' - version: 'latest' - } - win11_21h2_office: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win11-21h2-avd-m365' - version: 'latest' - } - win11_22h2: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'Windows-11' - sku: 'win11-22h2-avd' - version: 'latest' - } - win11_22h2_office: { - publisher: 'MicrosoftWindowsDesktop' - offer: 'office-365' - sku: 'win11-22h2-avd-m365' - version: 'latest' - } - winServer_2022_Datacenter: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-g2' - version: 'latest' - } - winServer_2022_Datacenter_smalldisk_g2: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-smalldisk-g2' - version: 'latest' - } - winServer_2022_datacenter_core: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-core-g2' - version: 'latest' - } - winServer_2022_Datacenter_core_smalldisk_g2: { - publisher: 'MicrosoftWindowsServer' - offer: 'WindowsServer' - sku: '2022-datacenter-core-smalldisk-g2' - version: 'latest' - } -} + +var varMarketPlaceGalleryWindows = loadJsonContent('../variables/osMarketPlaceImages.json') var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts/1.0.0/DSCStorageScripts.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' diff --git a/workload/scripts/Set-SessionHostConfiguration.ps1 b/workload/scripts/Set-SessionHostConfiguration.ps1 index c362805d5..f8b0a9ef2 100644 --- a/workload/scripts/Set-SessionHostConfiguration.ps1 +++ b/workload/scripts/Set-SessionHostConfiguration.ps1 @@ -1,5 +1,5 @@ Param( -[parameter(Mandatory)] +[parameter(Mandatory=$false)] [string] $IdentityDomainName, @@ -15,11 +15,11 @@ $IdentityServiceProvider, [string] $Fslogix, -[parameter(Mandatory)] +[parameter(Mandatory=$false)] [string] $FslogixFileShare, -[parameter(Mandatory)] +[parameter(Mandatory=$false)] [string] $fslogixStorageFqdn, From 702f2bfca3388d441dcc67bb90b7c450635e2b1f Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Sun, 12 Nov 2023 12:55:10 -0600 Subject: [PATCH 05/15] updates --- .../parameters/add-session-hosts.parameters.min-test.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json index 3326d159c..7f35655d7 100644 --- a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json +++ b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json @@ -12,7 +12,7 @@ "value": "/subscriptions/a7bc841f-34c0-4214-9469-cd463b66de35/resourceGroups/rg-avd-x036-dev-use-pool-compute" }, "countIndex": { - "value": 12 + "value": 13 }, "vmLocalAdminPasswordSecretName": { "value": "vmLocalUserPassword" From d1d65350aa44ec3b38f5c46ffcf8666b0e3b6116 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Sun, 12 Nov 2023 13:46:34 -0600 Subject: [PATCH 06/15] updates --- .../brownfield/addSessionHosts/deploy.bicep | 15 +- ...add-session-hosts.parameters.min-test.json | 2 +- .../brownfield/portalUiAddSessionHosts.json | 2404 +++++++++++++++++ .../scripts/Set-SessionHostConfiguration.ps1 | 6 +- 4 files changed, 2415 insertions(+), 12 deletions(-) create mode 100644 workload/portal-ui/brownfield/portalUiAddSessionHosts.json diff --git a/workload/bicep/brownfield/addSessionHosts/deploy.bicep b/workload/bicep/brownfield/addSessionHosts/deploy.bicep index 7c5804738..ee9f60054 100644 --- a/workload/bicep/brownfield/addSessionHosts/deploy.bicep +++ b/workload/bicep/brownfield/addSessionHosts/deploy.bicep @@ -98,7 +98,7 @@ param domainJoinPasswordSecretName string = 'domainJoinUserPassword' param enableAcceleratedNetworking bool = true @sys.description('FSLogix storage resource ID. (Default: )') -param fslogixStorageResourceId string = '' +param fslogixStorageAccountName string = '' @sys.description('FSLogix file share name. (Default: )') param fslogixFileShareName string = '' @@ -255,10 +255,9 @@ var varManagedDisk = empty(diskEncryptionSetResourceId) ? { } storageAccountType: diskType } -var varFslogixStorageAccountName = createAvdFslogixDeployment ? split(fslogixStorageResourceId, '/')[8] : '' -var varFslogixStorageFqdn = createAvdFslogixDeployment ? '${varFslogixStorageAccountName}.file.${environment().suffixes.storage}' : '' -var varFslogixSharePath = createAvdFslogixDeployment ? '\\\\${varFslogixStorageAccountName}.file.${environment().suffixes.storage}\\${fslogixFileShareName}' : '' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/aad-sh/workload/' +var varFslogixStorageFqdn = createAvdFslogixDeployment ? '${fslogixStorageAccountName}.file.${environment().suffixes.storage}' : '' +var varFslogixSharePath = createAvdFslogixDeployment ? '\\\\${fslogixStorageAccountName}.file.${environment().suffixes.storage}\\${fslogixFileShareName}' : '' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/add-sh/workload/' var varSessionHostConfigurationScriptUri = '${varBaseScriptUri}scripts/Set-SessionHostConfiguration.ps1' var varSessionHostConfigurationScript = './Set-SessionHostConfiguration.ps1' var varAllAvailabilityZones = pickZones('Microsoft.Compute', 'virtualMachines', location, 3) @@ -473,10 +472,10 @@ module sessionHostConfiguration '../../modules/avdSessionHosts/.bicep/configureS baseScriptUri: varSessionHostConfigurationScriptUri scriptName: varSessionHostConfigurationScript fslogix: createAvdFslogixDeployment - identityDomainName: identityDomainName + identityDomainName: createAvdFslogixDeployment ? identityDomainName : 'none' vmSize: vmSize - fslogixFileShare: varFslogixSharePath - fslogixStorageFqdn: varFslogixStorageFqdn + fslogixFileShare: createAvdFslogixDeployment ? varFslogixSharePath : 'none' + fslogixStorageFqdn: createAvdFslogixDeployment ? varFslogixStorageFqdn : 'none' identityServiceProvider: identityServiceProvider } dependsOn: [ diff --git a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json index 7f35655d7..e0ebe6048 100644 --- a/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json +++ b/workload/bicep/brownfield/addSessionHosts/parameters/add-session-hosts.parameters.min-test.json @@ -12,7 +12,7 @@ "value": "/subscriptions/a7bc841f-34c0-4214-9469-cd463b66de35/resourceGroups/rg-avd-x036-dev-use-pool-compute" }, "countIndex": { - "value": 13 + "value": 16 }, "vmLocalAdminPasswordSecretName": { "value": "vmLocalUserPassword" diff --git a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json new file mode 100644 index 000000000..d94058169 --- /dev/null +++ b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json @@ -0,0 +1,2404 @@ +{ + "$schema": "", + "view": { + "kind": "Form", + "properties": { + "isWizard": false, + "title": "Azure Virtual Desktop - Landing Zone Accelerator (LZA) - Baseline", + "steps": [ + { + "name": "basics", + "label": "Deployment Basics", + "elements": [ + { + "name": "infoPreReq", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "PREREQUISITES REQUIRED \n\nThere are prerequisites that must be setup in your Azure environment to successfully deploy this Azure Virtual Desktop Landing Zone Accelerator. Click here to review the prerequisites in the Getting Started guide.", + "uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started-baseline.md", + "style": "Warning" + } + }, + { + "name": "infoPreReqCheckbox", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "I have read and understand the Azure Virtual Desktop LZA deployment pre-requisites", + "defaultValue": false, + "toolTip": "I have read and understand the Azure Virtual Desktop LZA deployment pre-requisites.", + "constraints": { + "required": true + } + }, + { + "name": "deploymentInfo", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "style": "Info", + "text": "The subscription selected in the 'Project details' section below will be used to deploy all resources. \n\nThe region selected in 'Instance details' section below will be used to deploy the Azure Virtual Desktop management plane resources (workspace, host pool, and application group, etc.). These resource types are not available in all regions, but they are globally replicated.\n\nThe session hosts do not have to be deployed to the same region, therefore you will have the option to select that region on the 'Session Hosts' blade.", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/data-locations" + } + }, + { + "name": "resourceScope", + "type": "Microsoft.Common.ResourceScope", + "location": { + "resourceTypes": [ + "Microsoft.DesktopVirtualization/workspaces" + ] + } + }, + { + "name": "infoResourceGroupNaming", + "type": "Microsoft.Common.TextBlock", + "visible": true, + "options": { + "text": "Azure Virtual Desktop Landing Zones will create the resource group hierarchy under the subscriptions with the prefix provided in this step.", + "link": { + "label": "Learn more", + "uri": "https://docs.microsoft.com/azure/cloud-adoption-framework/ready/enterprise-scale/management-group-and-subscription-organization" + } + } + }, + { + "name": "deploymentSpecs", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Deployment Specs", + "elements": [ + { + "name": "deploymentPrefix", + "type": "Microsoft.Common.TextBox", + "label": "Prefix", + "toolTip": "Provide a prefix (max 4 characters) for the resource groups and resources created as part of Azure Virtual Desktop landing zones.", + "placeholder": "Example: app1", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,4}$", + "validationMessage": "The prefix must be 1-4 characters." + } + }, + { + "name": "deploymentEnvironment", + "type": "Microsoft.Common.DropDown", + "visible": true, + "label": "Environment", + "defaultValue": "Development", + "toolTip": "Select the type of environment (Development (d), Test (t), Production (p)) that will be deployed, this information will be use as part of the resources naming.", + "constraints": { + "allowedValues": [ + { + "label": "Development", + "value": "Dev" + }, + { + "label": "Test", + "value": "Test" + }, + { + "label": "Production", + "value": "Prod" + } + ] + } + } + ] + } + ] + }, + { + "name": "identity", + "label": "Identity", + "elements": [ + { + "name": "identityInfo", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "Azure Virtual Desktop LZA deployment expects identity service to be already available in the current Azure estate.", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/authentication#identities", + "style": "Info" + } + }, + { + "name": "identityDomainInformation", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Domain to join", + "elements": [ + { + "name": "identityServiceProvider", + "type": "Microsoft.Common.OptionsGroup", + "visible": true, + "label": "Identity service provider", + "defaultValue": "Active Directory (AD DS)", + "toolTip": "Identity service provider (ADDS or AADDS) that already exist and will be used for Azure Virtual Desktop.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Microsoft Entra ID", + "value": "AAD" + }, + { + "label": "Active Directory (AD DS)", + "value": "ADDS" + }, + { + "label": "Microsoft Entra Domain Services", + "value": "AADDS" + } + ] + } + }, + { + "name": "identityServiceProviderIntuneEnrollment", + "type": "Microsoft.Common.CheckBox", + "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", + "label": "Intune enrollment", + "defaultValue": false, + "toolTip": "If Intune is configured in your Microsoft Entra ID tenant, you can choose to have the VM automatically enrolled during the deployment by selecting this box." + }, + { + "name": "identityServiceProviderInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "options": { + "text": "Identity service provider must already exist, as they are a prerequisite for the Azure Virtual Desktop LZA deployment.", + "uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started.md", + "style": "Info" + } + } + ] + }, + { + "name": "identityAvdAccess", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Azure Virtual Desktop access assignment", + "elements": [ + { + "name": "groupsApi", + "type": "Microsoft.Solutions.GraphApiControl", + "request": { + "method": "GET", + "path": "/v1.0/groups?$top=999" + } + }, + { + "name": "identityAvdUserAccessGroupDropDown", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox)]", + "label": "Groups", + "defaultValue": "", + "filter": true, + "toolTip": "Select the desired group to give access to Azure Virtual Desktop resources and if applicable to FSLogix file share", + "multiselect": false, + "constraints": { + "allowedValues": "[map(steps('identity').identityAvdAccess.groupsApi.value, (item) => parse(concat('{\"label\":\"', item.displayName, '\",\"value\": {\"name\":\"', item.displayName, '\",\"id\":\"', item.id, '\"}}')))]" + } + }, + { + "name": "identityAvdUserAccessGroupCheckBox", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Provide group details", + "defaultValue": false, + "toolTip": "When the desired group is not listed in the drop down, selecting this box will allow for entering the group's ObjectID and name. this information will be used to setup AVD access and FSLogix's file share NTFS permissions." + }, + { + "name": "identityAvdUserAccessGroupTextBox1", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox]", + "label": "Name", + "toolTip": "Group name to be granted access to Azure Virtual Desktop published items and FSLogix NTFS permissions.", + "placeholder": "Example: AVD-users" + }, + { + "name": "identityAvdUserAccessGroupTextBox2", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox]", + "label": "Object ID", + "toolTip": "Group objectID to be granted access to Azure Virtual Desktop published items and FSLogix NTFS permissions.", + "placeholder": "Example: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" + } + ] + }, + { + "name": "identityDomainCredentials", + "type": "Microsoft.Common.Section", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Domain join credentials", + "elements": [ + { + "name": "identityDomainJoinUserName", + "type": "Microsoft.Common.TextBox", + "label": "User principal name", + "toolTip": "Provide username with permissions to join session host to the domain.", + "placeholder": "Example: avdadmin@contoso.com", + "defaultValue": "", + "constraints": { + "required": true + } + }, + { + "name": "identityDomainJoinUserPassword", + "type": "Microsoft.Common.PasswordBox", + "label": { + "password": "Password" + }, + "toolTip": "Provide password for domain join account.", + "constraints": { + "required": true + }, + "options": { + "hideConfirmation": true + } + } + ] + }, + { + "name": "identityLocalCredentials", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Session host local admin credentials", + "elements": [ + { + "name": "identityLocalUserName", + "type": "Microsoft.Common.TextBox", + "label": "Username", + "toolTip": "Provide username for session host local admin account. Administrator can't be used as username, it is reserved by the system.", + "placeholder": "Example: avdadmin", + "defaultValue": "", + "constraints": { + "regex": "^(?!.*[aA]dministrator).*$", + "validationMessage": "This username can't be used, it is a reserved word.", + "required": true + } + }, + { + "name": "identityLocalUserPassword", + "type": "Microsoft.Compute.CredentialsCombo", + "visible": true, + "label": { + "password": "Password", + "confirmPassword": "Confirm password" + }, + "toolTip": { + "password": "The password must be alphanumeric, contain at least 12 characters, have at least 1 letter,1 number and 1 special character." + }, + "constraints": { + "required": true + }, + "options": { + "hideConfirmation": false + }, + "osPlatform": "Windows" + } + ] + } + ] + }, + { + "name": "managementPlane", + "label": "Management plane", + "elements": [ + { + "name": "managementPlaneHostPoolSettings", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Host pool settings", + "elements": [ + { + "name": "hostPoolType", + "type": "Microsoft.Common.DropDown", + "visible": true, + "label": "Host pool type", + "defaultValue": "Pooled", + "multiLine": true, + "toolTip": "", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Pooled", + "description": "", + "value": "Pooled" + }, + { + "label": "Personal", + "description": "", + "value": "Personal" + } + ] + } + }, + { + "name": "hostPoolWarning", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "icon": "Warning", + "text": "Host pool type can not be changed after deployment.", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/environment-setup" + } + }, + { + "name": "loadBalancerType", + "type": "Microsoft.Common.DropDown", + "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled')]", + "label": "Load balancing algorithm", + "defaultValue": "BreadthFirst", + "multiLine": true, + "toolTip": "Breadth-first load balancing distributes new user sessions across all available session hosts in the host pool. Depth-first load balancing distributes new user sessions to an available session host with the highest number of connections but has not reached its maximum session limit threshold.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "BreadthFirst", + "description": "Each new user is placed on the next VM. (Performance Optimized)", + "value": "BreadthFirst" + }, + { + "label": "DepthFirst", + "description": "Each new user is placed on the same VM until max sessions limit. (Cost Optimized)", + "value": "DepthFirst" + } + ] + } + }, + { + "name": "maxSessions", + "type": "Microsoft.Common.TextBox", + "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled')]", + "label": "Max session limit", + "defaultValue": "8", + "toolTip": "The maximum number of users that have concurrent sessions on a session host. When setting a host pool to have depth first load balancing or planning to use Autoscaling, you must set an appropriate max session limit according to the configuration of your deployment and capacity of your VMs.", + "constraints": { + "required": false, + "regex": "", + "validationMessage": "" + } + }, + { + "name": "assignmentType", + "type": "Microsoft.Common.DropDown", + "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal')]", + "label": "Machine assignment", + "defaultValue": "Automatic (Recommended)", + "multiLine": true, + "toolTip": "Automatic assignment – The service will select an available host and assign it to an user. Direct assignment – Admin selects a specific host to assign to an user.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Automatic (Recommended)", + "description": "Users are assigned an available VM the first time they connect.", + "value": "Automatic" + }, + { + "label": "Direct", + "description": "An administrator assigns a VM for each individual user.", + "value": "Direct" + } + ] + } + } + ] + }, + { + "name": "managementPlaneAppGroupOptions", + "type": "Microsoft.Common.Section", + "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled')]", + "label": "", + "elements": [ + { + "name": "preferredAppGroupType", + "type": "Microsoft.Common.OptionsGroup", + "visible": true, + "label": "Preferred app group type", + "defaultValue": "Desktop", + "toolTip": "Select the preferred type of application group for the host pool, the option selected will be used to deploy the default application group of the host pool.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Desktop", + "value": "Desktop" + }, + { + "label": "Remote App (RAIL)", + "value": "RemoteApp" + } + ] + } + } + ] + }, + { + "name": "managementPlaneHostPoolScaling", + "type": "Microsoft.Common.Section", + "visible": true, + "label": "Session host scaling options", + "elements": [ + { + "name": "scalingPlan", + "type": "Microsoft.Common.CheckBox", + "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled')]", + "label": "Scaling plan", + "defaultValue": true, + "toolTip": "Will automatically manage session host power state based on usage and schedules (weekdays and weekend schedules will be created)." + }, + { + "name": "startVmOnConnect", + "type": "Microsoft.Common.CheckBox", + "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal')]", + "label": "Start VM on connect", + "defaultValue": true, + "toolTip": "If VM is powered off (deallocated), VM will be started automatically once user connects." + }, + { + "name": "avdEnterpriseApplication", + "type": "Microsoft.Solutions.GraphApiControl", + "request": { + "method": "GET", + "path": "/v1.0/serviceprincipals?$filter=appId eq '9cdead84-a844-4324-93f2-b2e6bb768d07'" + } + }, + { + "name": "startVmOnConnectRoleInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect]", + "options": { + "text": "Deployment will automatically grant role 'Desktop Virtualization Power On Contributor' to Azure virtual Desktop enterprise application (AppID: 9cdead84-a844-4324-93f2-b2e6bb768d07)", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/start-virtual-machine-connect?tabs=azure-portal", + "style": "Info" + } + }, + { + "name": "scalingPlanRoleInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan]", + "options": { + "text": "Deployment will automatically grant role 'Desktop Virtualization Power On Off Contributor' to Azure virtual Desktop enterprise application (AppID: 9cdead84-a844-4324-93f2-b2e6bb768d07)", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/autoscale-scaling-plan", + "style": "Info" + } + }, + { + "name": "scalingPlanInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan]", + "options": { + "text": "Session hosts can be excluded from the scaling plan by assigning the tag name exclude-'Scaling-PLan-Name'. When not using custom resource naming, the default exclusion tag name will be exclude-vdscaling-'DeploymentPrefix'-'Environment'-'DeploymentLocation'-001
- Example: exclude-vdscaling-app1-dev-use2-001", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/autoscale-scenarios#scenario-4-how-do-exclusion-tags-work", + "style": "Info" + } + } + ] + } + ] + }, + { + "name": "sessionHosts", + "label": "Session hosts", + "elements": [ + { + "name": "deploySessionHosts", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Deploy session hosts", + "defaultValue": true, + "toolTip": "Create session hosts compute and storage resources." + }, + { + "name": "sessionHostsRegionSection", + "type": "Microsoft.Common.Section", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "label": "Region Settings", + "tooltip": "The section allows you to specify the region where the compute, storage, and key vault resources are deployed.", + "elements": [ + { + "name": "computeApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('basics').resourceScope.subscription.id,'/providers/Microsoft.Compute/resourceTypes?api-version=2021-04-01')]" + } + }, + { + "name": "infoAvailZones", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "If you select 'Use availability zones' below, some regions may not be available for deployment of session hosts because not all regions support Availability Zones. \n\nThe 'Session hosts region' drop down will automatically update based on this selection. If the value changes to blank, select an alternate region or set 'Use availability zones' to 'No'.", + "uri": "https://learn.microsoft.com/azure/reliability/availability-zones-service-support#azure-regions-with-availability-zone-support", + "style": "Info" + } + }, + { + "name": "sessionHostsAvailabilitySettings", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Availability zones", + "defaultValue": true, + "toolTip": "Distribute compute resources across availability zones. If 'No' is selected then an availability set will be created to host the VMs." + }, + { + "name": "sessionHostsRegion", + "type": "Microsoft.Common.DropDown", + "label": "Session hosts region", + "defaultValue": "[steps('basics').resourceScope.location.displayName]", + "filter": true, + "toolTip": "Select the region where the session hosts and required resources are to be deployed.", + "constraints": { + "required": true, + "allowedValues": "[if(equals(steps('sessionHosts').sessionHostsRegionSection.sessionHostsAvailabilitySettings, false), map(first(map(filter(steps('sessionHosts').sessionHostsRegionSection.computeApi.value, (resourceTypes) => equals(resourceTypes.resourceType, 'virtualMachines')), (item) => item.locations)), (item) => parse(concat('{\"label\":\"', item, '\",\"value\":\"', toLower(replace(item, ' ', '')), '\"}'))), map(filter(first(map(filter(steps('sessionHosts').sessionHostsRegionSection.computeApi.value, (resourceTypes) => equals(resourceTypes.resourceType, 'virtualMachines')), (item) => item.zoneMappings)), (item) => equals(length(item.zones), 3)), (item) => parse(concat('{\"label\":\"', item.location, '\",\"value\":\"', toLower(replace(item.location, ' ', '')), '\"}'))))]" + } + } + ] + }, + { + "name": "sessionHostsComputeStorageSection", + "type": "Microsoft.Common.Section", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "label": "General settings", + "tooltip": "This settings apply to compute, storage, image management and key vault resources.", + "elements": [ + { + "name": "identityDomainOuPath", + "type": "Microsoft.Common.TextBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Custom OU path (Optional)", + "toolTip": "Provide OU where to locate session hosts, if not provided session hosts will be placed on the default (computers) OU.", + "placeholder": "Example: OU=session-hosts,OU=avd,DC=contoso,DC=com", + "constraints": {} + } + ] + }, + { + "name": "sessionHostsSettingsSection", + "type": "Microsoft.Common.Section", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "label": "Session hosts settings", + "elements": [ + { + "name": "sessionHostSize", + "type": "Microsoft.Compute.SizeSelector", + "label": "VM Size", + "toolTip": "", + "recommendedSizes": [ + "Standard_D4ads_v5" + ], + "constraints": { + "allowedSizes": [], + "excludedSizes": [], + "required": true + }, + "options": { + "hideDiskTypeFilter": true + }, + "osPlatform": "Windows", + "imageReference": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "Windows-11", + "sku": "21h2-avd" + } + }, + { + "name": "sessionHostSizeInfobox", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "options": { + "text": "Session host virtual machine sizing guidelines.", + "uri": "https://learn.microsoft.com/windows-server/remote/remote-desktop-services/virtual-machine-recs", + "style": "Info" + } + }, + { + "name": "sessionHostsCount", + "type": "Microsoft.Common.TextBox", + "label": "VM count", + "toolTip": "Provide the number of session hosts to deploy (1-100).", + "defaultValue": 1, + "constraints": { + "required": true, + "regex": "^([1-9]|[1-9][0-9]|[1][0][0])$", + "validationMessage": "The count must be between 1-100 session hosts." + } + }, + { + "name": "sessionHostDiskType", + "type": "Microsoft.Common.DropDown", + "label": "OS Disk type", + "filter": true, + "defaultValue": "Premium", + "toolTip": "Select session host disk type to host the OS.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Standard", + "value": "Standard_LRS" + }, + { + "label": "Premium", + "value": "Premium_LRS" + } + ] + } + }, + { + "name": "sessionHostDiskZeroTrust", + "type": "Microsoft.Common.CheckBox", + "label": "Zero trust disk configuration", + "defaultValue": false, + "toolTip": "Enables disk encryption and Zero trust settings on management VM and session hosts disks" + }, + { + "name": "ssessionHostDiskZeroTrustWarning", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust]", + "options": { + "text": "Zero trust disk encryption requires feature EncryptionAtHost of resource provider Microsoft.Compute to be registered in the subscription.", + "uri": "https://learn.microsoft.com/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell", + "style": "Warning" + } + }, + { + "name": "acceleratedNetworking", + "type": "Microsoft.Common.CheckBox", + "label": "Enable accelerated networking", + "defaultValue": true, + "toolTip": "Enables low latency and high throughput on the network interface." + }, + { + "name": "warningAcceleratedNetworkingSupport", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource]", + "options": { + "text": "The Compute Gallery Image definition selected must have the 'isAcceleratedNetworkSupported' feature property set to 'true' if you enable accelerated networking on the session hosts.", + "uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started-baseline.md", + "style": "Warning" + } + } + ] + }, + { + "name": "sessionHostsOsSection", + "type": "Microsoft.Common.Section", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "label": "OS selection", + "elements": [ + { + "name": "sessionHostsImageSource", + "type": "Microsoft.Common.DropDown", + "label": "OS image source", + "filter": true, + "defaultValue": "Marketplace", + "toolTip": "Select marketplace or build custom image to deploy the session hosts.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Marketplace", + "value": false + }, + { + "label": "Compute Gallery", + "value": true + } + ] + } + }, + { + "name": "sessionHostsOsImage", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource)]", + "label": "OS version", + "filter": true, + "defaultValue": "Windows 11 22H2 (Gen2)", + "toolTip": "Select the operating system version of the session hosts.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Windows 10 21H2", + "value": "win10_21h2" + }, + { + "label": "Windows 10 21H2 - Office 365", + "value": "win10_21h2_office" + }, + { + "label": "Windows 10 22H2 (Gen2)", + "value": "win10_22h2_g2" + }, + { + "label": "Windows 10 22H2 - Office 365 (Gen2)", + "value": "win10_22h2_office_g2" + }, + { + "label": "Windows 11", + "value": "win11_21h2" + }, + { + "label": "Windows 11 - Office 365", + "value": "win11_21h2_office" + }, + { + "label": "Windows 11 22H2 (Gen2)", + "value": "win11_22h2" + }, + { + "label": "Windows 11 22H2 - Office 365 (Gen2)", + "value": "win11_22h2_office" + } + ] + } + }, + { + "name": "sessionHostsComputeGalleryImage", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource]", + "label": "Image", + "resourceType": "Microsoft.Compute/galleries/images", + "constraints": { + "required": true + } + } + ] + }, + { + "name": "sessionHostsSecuritySection", + "type": "Microsoft.Common.Section", + "visible": "[and(equals(steps('sessionHosts').deploySessionHosts, true), or(contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'win11'), contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'g2'), not(empty(steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage))))]", + "label": "Security profile", + "elements": [ + { + "name": "sessionHostSecurityTypeWarning", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(empty(steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage))]", + "options": { + "text": "Setting the Security Type to anything other than 'Standard' requires that the Azure Compute Gallery Image Definition be configured with the Security Type feature set to the appropriate value. You can determine if the image definition supports the required feature by reviewing the 'Properties' tab on the 'Overview' node of the Gallery Image Definition in the portal. If the image definition does not contain these feature options, then the deployment will fail.", + "uri": "https://learn.microsoft.com/azure/templates/microsoft.compute/galleries/images?pivots=deployment-language-bicep", + "style": "Warning" + } + }, + { + "name": "securityType", + "type": "Microsoft.Common.DropDown", + "label": "Security type", + "filter": true, + "defaultValue": "Trusted Launch Virtual Machines", + "toolTip": "Choose a type of security that matches your needs: Standard includes basic protections at no additional cost. Trusted launch virtual machines provide additional security features on Gen2 virtual machines to protect against persistent and advanced attacks.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Standard", + "value": "Standard" + }, + { + "label": "Trusted Launch Virtual Machines", + "value": "TrustedLaunch" + }, + { + "label": "Confidential Virtual Machines", + "value": "ConfidentialVM" + } + ] + } + }, + { + "name": "secureBootEnabled", + "type": "Microsoft.Common.CheckBox", + "visible": "[or(equals(steps('sessionHosts').sessionHostsSecuritySection.securityType, 'TrustedLaunch'), equals(steps('sessionHosts').sessionHostsSecuritySection.securityType, 'ConfidentialVM'))]", + "label": "Enable secure boot", + "defaultValue": true, + "toolTip": "Secure boot helps protect your VMs against boot kits, rootkits, and kernel-level malware." + }, + { + "name": "vTpmEnabled", + "type": "Microsoft.Common.CheckBox", + "visible": "[or(equals(steps('sessionHosts').sessionHostsSecuritySection.securityType, 'TrustedLaunch'), equals(steps('sessionHosts').sessionHostsSecuritySection.securityType, 'ConfidentialVM'))]", + "label": "Enable vTPM", + "defaultValue": true, + "toolTip": "Virtual Trusted Platform Module (vTPM) is TPM2.0 compliant and validates your VM boot integrity apart from securely storing keys and secrets." + } + ] + } + ] + }, + { + "name": "storage", + "label": "Storage", + "elements": [ + { + "name": "StorageDeploymentLocationAndAvailability", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "Storage resources will be deployed on the same location on the Session Hosts section.", + "style": "Info" + } + }, + { + "name": "storageGeneralSettings", + "type": "Microsoft.Common.Section", + "label": "General settings:", + "visible": true, + "elements": [ + { + "name": "identityDomainName", + "type": "Microsoft.Common.TextBox", + "visible": "[or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment)]", + "label": "AD Domain name", + "toolTip": "The full qualified domain name of the on-premises domain where the hybrid identities originated from, this information is used for Azure files authentication setup.", + "placeholder": "Example: contoso.com", + "constraints": { + "required": true + } + }, + { + "name": "identityDomainOuPathStorageExisting", + "type": "Microsoft.Common.TextBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Custom OU path (Optional)", + "toolTip": "Provide OU where to locate storage account file share. If not provided, file share will be placed on the default (computers) OU.", + "placeholder": "Example: OU=storage,OU=avd,DC=contoso,DC=com", + "constraints": {} + }, + { + "name": "storageGeneralSettingsZoneRedundancy", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Zone redundant storage", + "defaultValue": false, + "toolTip": "Select to replicate storage across availability zones or only use local redundancy." + } + ] + }, + { + "name": "storageFslogix", + "type": "Microsoft.Common.Section", + "label": "FSLogix settings:", + "visible": true, + "elements": [ + { + "name": "fslogixDeployment", + "type": "Microsoft.Common.CheckBox", + "label": "FSLogix profile management", + "defaultValue": true, + "toolTip": "Deploys FSLogix containers and session host setup for user's profiles." + }, + { + "name": "fslogixStorageAccountSku", + "type": "Microsoft.Common.DropDown", + "visible": "[steps('storage').storageFslogix.fslogixDeployment]", + "label": "File share peformance", + "filter": true, + "defaultValue": "Premium", + "toolTip": "Storage account performance for FSLogix storage. Recommended tier is Premium.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Premium", + "description": "", + "value": "Premium" + }, + { + "label": "Standard", + "description": "", + "value": "Standard" + } + ] + } + }, + { + "name": "sessionHostsFslogixFileShareQuota", + "type": "Microsoft.Common.Slider", + "visible": "[steps('storage').storageFslogix.fslogixDeployment]", + "label": "File share size", + "subLabel": "x 100GB", + "toolTip": "Size of Azure File share quota, the maximum sizes are 5TB for standard SKU and 100TB for premium SKU", + "min": 1, + "max": 100, + "defaultValue": 1, + "showStepMarkers": true, + "constraints": { + "required": true + } + }, + { + "name": "StorageDeploymentDisabledAad", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", + "options": { + "text": "Granting admin consent to the storage account service principal (your-storage-account-name.file.core.windows.net) is a requirememt, the link in this box contains the steps to grant the consent.", + "uri": "https://learn.microsoft.com/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable?tabs=azure-portal#grant-admin-consent-to-the-new-service-principal", + "style": "Warning" + } + } + ] + }, + { + "name": "storageMsix", + "type": "Microsoft.Common.Section", + "label": "MSIX App Attach settings:", + "visible": true, + "elements": [ + { + "name": "msixDeployment", + "type": "Microsoft.Common.CheckBox", + "label": "Create MSIX App Attach storage", + "defaultValue": false, + "toolTip": "Deploys MSIX App Attach containers and permissions setup." + }, + { + "name": "msixStorageAccountSku", + "type": "Microsoft.Common.DropDown", + "visible": "[steps('storage').storageMsix.msixDeployment]", + "label": "File share performance", + "filter": true, + "defaultValue": "Premium", + "toolTip": "Storage account performance for MSIX App Attach storage. Recommended tier is Premium.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Premium", + "description": "", + "value": "Premium" + }, + { + "label": "Standard", + "description": "", + "value": "Standard" + } + ] + } + }, + { + "name": "sessionHostsMsixFileShareQuota", + "type": "Microsoft.Common.Slider", + "visible": "[steps('storage').storageMsix.msixDeployment]", + "label": "File share size", + "subLabel": "x 100GB", + "toolTip": "Size of Azure File share quota, the maximum sizes are 5TB for standard SKU and 100TB for premium SKU", + "min": 1, + "max": 100, + "defaultValue": 1, + "showStepMarkers": true, + "constraints": { + "required": true + } + } + ] + }, + { + "name": "StorageDeploymentDisabledAad", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", + "options": { + "text": "FSLogix storage for Microsoft Entra ID joined session hosts is currently only available for hybrid identities.", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/create-profile-container-azure-ad", + "style": "Warning" + } + } + ] + }, + { + "name": "network", + "label": "Networking", + "type": "Microsoft.Common.Section", + "visible": true, + "elements": [ + { + "name": "virtualNetworklInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "options": { + "text": "Azure Virtual Desktop LZA requires connectivity to identity services (ADDS, AADDS or AAD).", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/authentication", + "style": "info" + } + }, + { + "name": "createAvdVirtualNetwork", + "type": "Microsoft.Common.OptionsGroup", + "visible": true, + "label": "Virtual network", + "defaultValue": "New", + "toolTip": "", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "New", + "value": true + }, + { + "label": "Existing", + "value": false + } + ] + } + }, + { + "name": "virtualNetworkSize", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').createAvdVirtualNetwork]", + "label": "vNet address range", + "toolTip": "Virtual network CIDR for Azure Virtual Desktop virtual machines and PaaS private endpoints", + "placeholder": "Example: 10.10.0.0/23", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." + } + }, + { + "name": "virtualNetworkAvdSubnetSize", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').createAvdVirtualNetwork]", + "label": "Azure Virtual Desktop subnet address prefix", + "toolTip": "Virtual network subnet CIDR for Azure Virtual Desktop virtual machines", + "placeholder": "Example: 10.10.0.0/24", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." + } + }, + { + "name": "virtualNetworkDns", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('network').createAvdVirtualNetwork]", + "label": "Custom DNS servers", + "defaultValue": "", + "placeholder": "Example: 10.10.100.4,10.10.100.5", + "toolTip": "Enter multiple IPs separated by a comma, if not provided Azure provided DNS will be used. Azure default DNS server (168.63.129.16) will be added as a last resort.", + "constraints": { + "regex": "" + } + }, + { + "name": "existingVirtualNetworkInfoBox", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('network').createAvdVirtualNetwork)]", + "options": { + "text": "Existing network must has connectivity to identity and DNS services.", + "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", + "style": "info" + } + }, + { + "name": "avdVirtualNetworkSelectorId", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[not(steps('network').createAvdVirtualNetwork)]", + "label": "Azure Virtual Desktop virtual network", + "resourceType": "Microsoft.Network/virtualNetworks", + "constraints": { + "required": true + }, + "options": { + "filter": { + "subscription": "onBasics", + "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.name]" + } + } + }, + { + "name": "avdSubnetApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('network').avdVirtualNetworkSelectorId.id, '/subnets?api-version=2021-03-01')]" + } + }, + { + "name": "virtualNetworkAvdSubnetSelectorName", + "label": "Azure Virtual Desktop subnet", + "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('network').createAvdVirtualNetwork)]", + "defaultValue": "", + "toolTip": "Select the subnet.", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').avdSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", + "required": true + } + }, + { + "name": "deployPrivateEndpointKeyvaultStorage", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Private endpoints (Key vault and Storage account)", + "defaultValue": true, + "toolTip": "Enables Private Endpoints for Key Vault and Storage Resources. It is recommended to use Azure Private Endpoints to keep all traffic to PaaS services on the Azure backbone." + }, + { + "name": "virtualNetworkPrivateEndpointSubnetSize", + "type": "Microsoft.Common.TextBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", + "label": "Private endpoint subnet address prefix", + "toolTip": "Virtual network subnet CIDR for private endpoints", + "placeholder": "Example: 10.10.1.0/27", + "constraints": { + "required": true, + "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-7]))$", + "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 27." + } + }, + { + "name": "privateEndpointVirtualNetworkSelectorId", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", + "label": "Private endpoint virtual network", + "resourceType": "Microsoft.Network/virtualNetworks", + "constraints": { + "required": true + }, + "options": { + "filter": { + "subscription": "onBasics", + "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.displayName]" + } + } + }, + { + "name": "privateEndpointSubnetApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('network').privateEndpointVirtualNetworkSelectorId.id, '/subnets?api-version=2021-03-01')]" + } + }, + { + "name": "virtualNetworkPrivateEndpointSubnetSelectorName", + "label": "Private endpoint subnet", + "type": "Microsoft.Common.DropDown", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", + "defaultValue": "", + "toolTip": "Select the subnet.", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').privateEndpointSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", + "required": true + } + }, + { + "name": "existingVirtualNetworkInfoBoxPrivateEndpointWarning", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", + "options": { + "text": "Private endpoint network policy will need to be disabled on the existing subnet before deploying Azure Virtual Desktop LZA.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "virtualNetworkPrivateDnsZone", + "type": "Microsoft.Common.OptionsGroup", + "visible": "[steps('network').deployPrivateEndpointKeyvaultStorage]", + "label": "Azure private DNS zones", + "defaultValue": "Use existing", + "toolTip": "It is recommended to use Azure private DNS zones for private endpoint name spaces, private endpoints will be automatically created for PaaS services (Azure Files and Key Vault) if enabled, but the private DNS zones are required for name resolution of private edpoint DNS records.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Create new", + "value": true + }, + { + "label": "Use existing", + "value": false + } + ] + } + }, + { + "name": "privateDnsZoneSelectionWarning1", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false))]", + "options": { + "text": "When using private endpoints, creating a new Azure Virtual Desktop vNet, and providing custom DNS servers, existing Azure private DNS Zones MUST be linked to the vNet where the custom DNS servers are located, this is needed for the end-to-end setup of FSLogix and MSIX App Attach file shares to be successful. The DNS resolution requests will be sent to the custom DNS servers and its vNet is the one that needs to resolve private endpoint DNS records.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "privateDnsZoneSelectionWarning2", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, true))]", + "options": { + "text": "When using private endpoints and creating a new Azure Virtual Desktop vNet and new private DNS zones, custom DNS servers may NOT be used in the new vNet as this will cause FSLogix and/or MSIX App Attach file shares deployments to fail. This happens because the private DNS zones will be linked to the newly created vNet and only this vNet will be able to resolve the private endpoints DNS records.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "privateDnsZoneSelectionWarning3", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false))]", + "options": { + "text": "When using private endpoints and an existing Azure Virtual Desktop vNet with custom DNS servers configured, existing private DNS zones MUST be linked to the vNet containing the custom DNS servers for FSLogix and/or MSIX App Attach file shares deployments to be successful, given DNS name resolution requests will go to custom DNS servers and their vNet will need to resolve private endpoints DNS records.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "privateDnsZoneSelectionWarning4", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, true))]", + "options": { + "text": "When using private endpoints, an existing Azure Virtual Desktop vNet, and creating new private DNS zones, custom DNS servers may NOT be used (unless they are connected to the same vNet used for the Azure Virtual Desktop dpeloyment) in order for FSlogix/MSIX App Attach deployment to be successful, given that the private DNS zone will be linked to the existing vNet and this will be the only network able to resolve private endpoint DNS records.
***Note: selected options (existing vNet and create DNS zones) are only recommended when using Microsoft Entra ID as identity service provider.", + "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", + "style": "Warning" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneInfo1", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, steps('network').createAvdVirtualNetwork), or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "The following private DNS zones will be created and linked to the new Azure Virtual Desktop vNet:
Azure Files:
- Azure commercial: privatelink.file.core.windows.net
- Azure government: privatelink.file.core.usgovcloudapi.net
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneInfo2", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, steps('network').createAvdVirtualNetwork), not(steps('storage').storageFslogix.fslogixDeployment), not(steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "The following private DNS zones will be created and linked to the new Azure Virtual Desktop vNet:
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneInfo3", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, not(steps('network').createAvdVirtualNetwork)), or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "The following private DNS zones will be created and linked to the existing Azure Virtual Desktop vNet:
Azure Files:
- Azure commercial: privatelink.file.core.windows.net
- Azure government: privatelink.file.core.usgovcloudapi.net
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneInfo4", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, not(steps('network').createAvdVirtualNetwork)), not(steps('storage').storageFslogix.fslogixDeployment), not(steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "The following private DNS zones will be created and linked to the existing Azure Virtual Desktop vNet:
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "virtualNetworkPrivateDnsZoneSelection", + "type": "Microsoft.Common.Section", + "visible": "[and(not(steps('network').virtualNetworkPrivateDnsZone), steps('network').deployPrivateEndpointKeyvaultStorage)]", + "elements": [ + { + "name": "virtualNetworkPrivateDnsZoneFilesSelector", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", + "label": "Azure files", + "resourceType": "Microsoft.Network/privateDnsZones", + "constraints": { + "required": true + } + }, + { + "name": "virtualNetworkPrivateDnsZoneKeyvaultSelector", + "type": "Microsoft.Solutions.ResourceSelector", + "label": "Key vault", + "resourceType": "Microsoft.Network/privateDnsZones", + "constraints": { + "required": true + } + }, + { + "name": "infoAzureDNSzones1", + "type": "Microsoft.Common.InfoBox", + "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", + "options": { + "text": "Private DNS zone name spaces:
Azure Files
- Azure commercial: privatelink.file.core.windows.net
- Azure government: privatelink.file.core.usgovcloudapi.net
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + }, + { + "name": "infoAzureDNSzones2", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(not(steps('storage').storageFslogix.fslogixDeployment), not(steps('storage').storageMsix.msixDeployment))]", + "options": { + "text": "Private DNS zone name space:
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", + "style": "info" + } + } + ] + }, + { + "name": "hubVirtualNetworkPeering", + "type": "Microsoft.Common.Section", + "visible": "[steps('network').createAvdVirtualNetwork]", + "label": "Existing hub vNet peering information", + "elements": [ + { + "name": "virtualNetworkPeeringInfoBox1", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true),not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')))]", + "options": { + "text": "vNet peering will be created to existing vNet hub with access to identity and DNS services .", + "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", + "style": "info" + } + }, + { + "name": "hubVirtualNetworkPeeringInfoBox2", + "type": "Microsoft.Common.InfoBox", + "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", + "options": { + "text": "vNet peering to identity services is not required when Microsoft Entra ID as identity service provider .", + "uri": "https://learn.microsoft.com/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join", + "style": "info" + } + }, + { + "name": "hubVirtualNetworkSubs", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "subscriptions?api-version=2020-01-01" + } + }, + { + "name": "hubVirtualNetworkSub", + "type": "Microsoft.Common.DropDown", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Hub vNet Subscription", + "toolTip": "", + "multiselect": false, + "selectAll": false, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "required": true + } + }, + { + "name": "existingHubVirtualNetworks", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" + } + }, + { + "name": "existingHubVirtualNetwork", + "type": "Microsoft.Common.DropDown", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Hub vNet", + "toolTip": "", + "multiselect": false, + "selectAll": true, + "filter": true, + "filterPlaceholder": "Filter items ...", + "multiLine": true, + "constraints": { + "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", + "required": true + } + }, + { + "name": "hubVirtualNetworkGateway", + "type": "Microsoft.Common.CheckBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Gateway on hub", + "defaultValue": false, + "toolTip": "This information will be used to set remote gateway settings on vNet peering." + } + ] + } + ] + }, + { + "name": "monitoring", + "label": "Monitoring", + "type": "Microsoft.Common.Section", + "visible": true, + "elements": [ + { + "name": "deployMonitoring", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Deploy monitoring", + "defaultValue": false, + "toolTip": "Deploy monitoring settings and if selected deploy Azure log analytics workspace." + }, + { + "name": "deployMonitoringAlaWorkspace", + "type": "Microsoft.Common.OptionsGroup", + "visible": "[steps('monitoring').deployMonitoring]", + "label": "Log analytics workspace", + "defaultValue": "New", + "toolTip": "Deploy monitoring settings and if selected deploy Azure log analytics workspace.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "New", + "value": true + }, + { + "label": "Existing", + "value": false + } + ] + } + }, + { + "name": "deployMonitoringNewAlaWorkspaceRetention", + "type": "Microsoft.Common.TextBox", + "visible": "[and(steps('monitoring').deployMonitoring, steps('monitoring').deployMonitoringAlaWorkspace)]", + "label": "Retention policy (Days)", + "toolTip": "Number of days data will be retained in the workspace.", + "defaultValue": 90, + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "alaWorkspaceExistingWorkspacesSelection", + "type": "Microsoft.Solutions.ResourceSelector", + "visible": "[and(steps('monitoring').deployMonitoring, not(steps('monitoring').deployMonitoringAlaWorkspace))]", + "label": "Existing workspace", + "resourceType": "Microsoft.OperationalInsights/workspaces", + "constraints": { + "required": true + } + }, + { + "name": "deployMonitoringPolicies", + "type": "Microsoft.Common.CheckBox", + "visible": "[steps('monitoring').deployMonitoring]", + "label": "Deploy monitoring policies (subscription level)", + "defaultValue": false, + "toolTip": "Deploy monitoring policy and policy set definitions to set diagnostic settings on new deployed resources." + }, + { + "name": "deployMonitoringInfo1", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('monitoring').deployMonitoring]", + "options": { + "text": "Azure Virtual Desktop monitoring requires an existing Azure Log Analytics Workspace or the creation of a new one.", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/azure-monitor", + "style": "Info" + } + }, + { + "name": "deployMonitoringInfo2", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('monitoring').deployMonitoring]", + "options": { + "text": "Deployment will configured all required settings to use the Azure Virtual Desktop insights workbook.", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/azure-monitor?WT.mc_id=Portal-AppInsightsExtension", + "style": "Info" + } + } + ] + }, + { + "name": "resourceNaming", + "label": "Resource naming", + "type": "Microsoft.Common.Section", + "visible": true, + "elements": [ + { + "name": "resourceNamingInfo1", + "type": "Microsoft.Common.InfoBox", + "visible": true, + "options": { + "text": "Azure Virtual Desktop LZA default naming scheme is shown in this diagram.", + "uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/diagrams/avd-accelerator-resource-organization-naming.png", + "style": "Info" + } + }, + { + "name": "resourceNamingSelection", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Custom resource naming", + "defaultValue": false, + "toolTip": "When selected, the information provided will be used to name resources. When set to 'No' deployment will use the Azure Virtual Desktop LZA naming standard." + }, + { + "name": "resourceNamingWarning", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "options": { + "text": "When using custom naming for resources, please make sure to follow naming rules and restrictions for Azure resources.", + "uri": "https://docs.microsoft.com/azure/azure-resource-manager/management/resource-name-rules", + "style": "Warning" + } + }, + { + "name": "resourceNamingAvdManagementPlane", + "type": "Microsoft.Common.Section", + "label": "Azure Virtual Desktop Management plane naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "serviceObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "toolTip": "Azure Virtual Desktop management plane resources (Workspace, Host pool, Application groups, Key vault) resource group custom name.", + "placeholder": "Example: rg-avd-app1-dev-use2-service-objects", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "workSpaceCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Workspace", + "toolTip": "Workspace custom name.", + "placeholder": "Example: vdws-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "workSpaceCustomFriendlyName", + "type": "Microsoft.Common.TextBox", + "label": "Workspace (Friendly name)", + "toolTip": "Workspace custom friendly name.", + "placeholder": "Example: App1 - Dev - East US 2 - 001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "hostPoolCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Host pool", + "toolTip": "Host pool custom name.", + "placeholder": "Example: vdpool-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "hostPoolCustomFriendlyName", + "type": "Microsoft.Common.TextBox", + "label": "Host pool (Friendly name)", + "toolTip": "Host pool custom friendly name.", + "placeholder": "Example: App1 - Dev - East US 2 - 001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "scalingPlanCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Scaling Plan", + "toolTip": "Host pool scaling plan.", + "placeholder": "Example: vdscaling-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "applicationGroupCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Application group", + "toolTip": "Application group custom name.", + "placeholder": "Example: vdag-desktop-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "applicationGroupCustomFriendlyName", + "type": "Microsoft.Common.TextBox", + "label": "Application group (Friendly name)", + "toolTip": "Desktop application group custom name.", + "placeholder": "Example: Desktops - App1 - Dev - East US 2 - 001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "workloadKvCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Key vault prefix", + "toolTip": "Key vault prefix custom name.", + "placeholder": "Example: kv-sec", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,6}$", + "validationMessage": "Value must be 1-6 characters." + } + } + ] + }, + { + "name": "resourceNamingCompute", + "type": "Microsoft.Common.Section", + "label": "Compute naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "computeObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "toolTip": "Azure Virtual Desktop compute resources (VMs, NICs, Disks, Availability sets) resource group custom name.", + "placeholder": "Example: rg-avd-app1-dev-use2-pool-compute", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "applicationSecurityGroupCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Applications security group", + "toolTip": "Azure Virtual Desktop application security custom name.", + "placeholder": "Example: asg-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "sessionHostCustomNamePrefix", + "type": "Microsoft.Common.TextBox", + "label": "Session host prefix", + "visible": "[steps('sessionHosts').deploySessionHosts]", + "toolTip": "Azure Virtual Desktop session host prefix custom name.", + "placeholder": "Example: vmapp1deus2", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,11}$", + "validationMessage": "Value must be 1-11 characters." + } + }, + { + "name": "availabilitySetCustomNamePrefix", + "type": "Microsoft.Common.TextBox", + "label": "Availability set prefix", + "visible": "[not(steps('sessionHosts').sessionHostsRegionSection.sessionHostsAvailabilitySettings)]", + "toolTip": "Azure Virtual Desktop availability set custom name.", + "placeholder": "Example: avail", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,9}$", + "validationMessage": "Value must be 1-9 characters." + } + } + ] + }, + { + "name": "resourceNamingStorage", + "type": "Microsoft.Common.Section", + "label": "Storage naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "resourceNamingStorageInfo1", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('storage').storageFslogix.fslogixDeployment)]", + "options": { + "text": "Current deployment configuration is not creating storage resources for FSLogix.", + "style": "Info" + } + }, + { + "name": "resourceNamingStorageInfo2", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('storage').storageMsix.msixDeployment)]", + "options": { + "text": "Current deployment configuration is not creating storage resources for MSIX App Attach.", + "style": "Info" + } + }, + { + "name": "resourceNamingStorageInfo3", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('sessionHosts').deploySessionHosts)]", + "options": { + "text": "Current deployment configuration is not creating storage resources.", + "style": "Info" + } + }, + { + "name": "storageObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", + "toolTip": "Azure Virtual Desktop storage resources (Storage account, file shares, files private endpoints, temporary domain join VM) resource group custom name.", + "placeholder": "Example: rg-avd-app1-dev-use2-storage", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "storageAccountPrefixCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Storage account prefix", + "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", + "toolTip": "Azure Virtual Desktop storage account prefix custom name.", + "placeholder": "Example: st", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,2}$", + "validationMessage": "Value must be 1-2 characters." + } + }, + { + "name": "fslogixFileShareCustomName", + "type": "Microsoft.Common.TextBox", + "label": "FSLogix Profile container file share", + "visible": "[steps('storage').storageFslogix.fslogixDeployment]", + "toolTip": "Azure Virtual Desktop fslogix storage account profile container file share prefix custom name.", + "placeholder": "Example: fslogix-pc-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "msixFileShareCustomName", + "type": "Microsoft.Common.TextBox", + "label": "MSIX App Attach container file share", + "visible": "[steps('storage').storageMsix.msixDeployment]", + "toolTip": "Azure Virtual Desktop MSIX App Attach storage account container file share prefix custom name.", + "placeholder": "Example: msix-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + } + ] + }, + { + "name": "resourceNamingNetwork", + "type": "Microsoft.Common.Section", + "label": "Network naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "resourceNamingNetworkInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('network').createAvdVirtualNetwork)]", + "options": { + "text": "Current deployment configuration is not creating network resources.", + "style": "Info" + } + }, + { + "name": "networkObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop network resources (vNet, NSG, Route table) resource group custom name.", + "placeholder": "Example: rg-avd-app1-dev-use2-network", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "virtualNetworkCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Virtual network", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop virtual network custom name.", + "placeholder": "Example: vnet-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,64}$", + "validationMessage": "Value must be 1-64 characters." + } + }, + { + "name": "virtualNetworkAvdSubnetCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Azure Virtual Desktop Subnet", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop virtual network subnet custom name.", + "placeholder": "Example: snet-avd-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "avdNetworkSecurityGroupCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Azure Virtual Desktop Network security group", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop network security group custom name.", + "placeholder": "Example: nsg-avd-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "avdRouteTableCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Azure Virtual Desktop Route table", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop route table custom name.", + "placeholder": "Example: route-avd-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "virtualNetworkPrivateEndpointSubnetCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Private endpoint subnet", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Azure Virtual Desktop virtual network subnet custom name.", + "placeholder": "Example: snet-pe-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "privateEndpointNetworkSecurityGroupCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Private endpoint network security group", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Private endpoint network security group custom name.", + "placeholder": "Example: nsg-pe-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + }, + { + "name": "privateEndpointRouteTableCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Private endpoint route table", + "visible": "[steps('network').createAvdVirtualNetwork]", + "toolTip": "Private endpoint route table custom name.", + "placeholder": "Example: route-pe-app1-dev-use2-001", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,80}$", + "validationMessage": "Value must be 1-80 characters." + } + } + ] + }, + { + "name": "resourceNamingMonitoring", + "type": "Microsoft.Common.Section", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "label": "Monitoring naming:", + "elements": [ + { + "name": "resourceNamingMonitoringInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('monitoring').deployMonitoring)]", + "options": { + "text": "Current deployment configuration is not creating monitoring resources.", + "style": "Info" + } + }, + { + "name": "monitoringObjectsRgCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Resource group", + "visible": "[and(equals(steps('resourceNaming').resourceNamingSelection, true), equals(steps('monitoring').deployMonitoring, true))]", + "toolTip": "Azure Virtual Desktop monitoring resources (log analytics workspace) resource group custom name.", + "placeholder": "Example: rg-avd-dev-use2-monitoring", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "monitoringLogAnalyticsWorkspaceName", + "type": "Microsoft.Common.TextBox", + "label": "Log analytics workspace name", + "visible": "[and(equals(steps('resourceNaming').resourceNamingSelection, true), equals(steps('monitoring').deployMonitoring, true), equals(steps('monitoring').deployMonitoringAlaWorkspace, true))]", + "toolTip": "Azure Virtual Desktop monitoring log analytics workspace custom name.", + "placeholder": "Example: log-avd-dev-use2", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,90}$", + "validationMessage": "Value must be 1-90 characters." + } + } + ] + }, + { + "name": "resourceNamingZeroTrust", + "type": "Microsoft.Common.Section", + "label": "Zero Trust naming:", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "elements": [ + { + "name": "resourceNamingZeroTrustInfo", + "type": "Microsoft.Common.InfoBox", + "visible": "[not(steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", + "options": { + "text": "Current deployment configuration is not creating zero trust resources.", + "style": "Info" + } + }, + { + "name": "zeroTrustObjectsDiskEncryptionSetCustomName", + "type": "Microsoft.Common.TextBox", + "label": "Disk encryption set", + "visible": "[and(steps('resourceNaming').resourceNamingSelection, steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", + "toolTip": "Disk encryption set resource for double encryption of session host disks.", + "placeholder": "Example: des-zt", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,6}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "zeroTrustObjectsKeyVaultCustomPrefix", + "type": "Microsoft.Common.TextBox", + "label": "Key vault prefix", + "visible": "[and(steps('resourceNaming').resourceNamingSelection, steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", + "toolTip": "Key Vault that stores the encryption key for disk encryption.", + "placeholder": "Example: kv-key", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,6}$", + "validationMessage": "Value must be 1-90 characters." + } + }, + { + "name": "zeroTrustObjectsManagedIdentityCustomName", + "type": "Microsoft.Common.TextBox", + "label": "User assigned identity", + "visible": "[and(steps('resourceNaming').resourceNamingSelection, steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", + "toolTip": "User assigned identity that enables server-side encryption and disables network access.", + "placeholder": "Example: id-zt", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,5}$", + "validationMessage": "Value must be 1-90 characters." + } + } + ] + }, + { + "name": "resourceNamingInfo2", + "type": "Microsoft.Common.InfoBox", + "visible": "[steps('resourceNaming').resourceNamingSelection]", + "options": { + "text": "It is recommended to follow Microsoft Cloud Adoption Framework (CAF) naming convention.", + "uri": "https://docs.microsoft.com/azure/cloud-adoption-framework/ready/azure-best-practices/resource-naming", + "style": "Info" + } + } + ] + }, + { + "name": "resourceTagging", + "label": "Resource tagging", + "type": "Microsoft.Common.Section", + "visible": true, + "elements": [ + { + "name": "resourceTaggingSelection", + "type": "Microsoft.Common.CheckBox", + "visible": true, + "label": "Create resource tags", + "defaultValue": false, + "toolTip": "When selected, the information provided will be used to create tags on resources and resource groups." + }, + { + "name": "resourceTaggingParentCostInfo", + "type": "Microsoft.Common.InfoBox", + "options": { + "text": "By default, the following tags will be created:
- Parent resource cost management tag (cm-resource-parent): reports all resources cost to the host pool (ResourceID).
- Environment (Environment): environment selected during deployment (Dev/Test/prod).
- Service Workload (ServiceWorkload): defaults to Azure Virtual Desktop.
- Creation time (CreationTimeUTC): deployment time in UTC.
- Domain Name (DomainName): identity service domain name (applied only to compute and storage).
- Identity service provider (IdentityServiceProvider): identity provider selected (ADDS/AADDS/AAD).", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/tag-virtual-desktop-resources#use-the-cm-resource-parent-tag-to-automatically-group-costs-by-host-pool", + "style": "Info" + } + }, + { + "name": "resourceTags", + "type": "Microsoft.Common.Section", + "label": "Resources tags:", + "visible": "[steps('resourceTagging').resourceTaggingSelection]", + "elements": [ + { + "name": "tagsWorkloadName", + "type": "Microsoft.Common.TextBox", + "label": "Workload name:", + "toolTip": "This input will be the value of a tag named WorkloadName.", + "placeholder": "Example: Contoso-Workload", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsWorkloadType", + "type": "Microsoft.Common.DropDown", + "label": "Workload type:", + "filter": true, + "defaultValue": "Light", + "toolTip": "This input will be the value of a tag named WorkloadType, reference to the size of the VM for your workloads.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Light", + "description": "", + "value": "Light" + }, + { + "label": "Medium", + "description": "", + "value": "Medium" + }, + { + "label": "High", + "description": "", + "value": "High" + }, + { + "label": "Power", + "description": "", + "value": "POwer" + } + ] + } + }, + { + "name": "tagsDataClassificationTag", + "type": "Microsoft.Common.DropDown", + "label": "Data classification:", + "filter": true, + "defaultValue": "Non-business", + "toolTip": "This input will be the value of a tag named DataClassification, reference to the sensitivity of data hosted.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Non-business", + "description": "", + "value": "Non-business" + }, + { + "label": "Public", + "description": "", + "value": "Public" + }, + { + "label": "General", + "description": "", + "value": "General" + }, + { + "label": "Confidential", + "description": "", + "value": "Confidential" + }, + { + "label": "Highly-confidential", + "description": "", + "value": "Highly-confidential" + } + ] + } + }, + { + "name": "tagsDepartmentTag", + "type": "Microsoft.Common.TextBox", + "label": "Department:", + "toolTip": "This input will be the value of a tag named Department, reference the department that owns the deployment.", + "placeholder": "Example: Contoso-AVD", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsCriticalityTag", + "type": "Microsoft.Common.DropDown", + "label": "Workload criticality:", + "filter": true, + "defaultValue": "Low", + "toolTip": "This input will be the value of a tag named Criticality, reference to the criticality of the workload.", + "constraints": { + "required": true, + "allowedValues": [ + { + "label": "Low", + "description": "", + "value": "Low" + }, + { + "label": "Medium", + "description": "", + "value": "Medium" + }, + { + "label": "High", + "description": "", + "value": "High" + }, + { + "label": "Missin-critical", + "description": "", + "value": "Missin-critical" + }, + { + "label": "Custom", + "description": "", + "value": "Custom" + } + ] + } + }, + { + "name": "tagsCustomWorkloadCriticality", + "type": "Microsoft.Common.TextBox", + "label": "Custom workload criticality:", + "visible": "[equals(steps('resourceTagging').resourceTags.tagsCriticalityTag, 'Custom')]", + "toolTip": "This input will be the value of a tag named Criticality, reference to a custom criticality for the workload.", + "placeholder": "Example: Contoso-Criticality", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsApplicationNameTag", + "type": "Microsoft.Common.TextBox", + "label": "Application name:", + "toolTip": "This input will be the value of a tag named ApplicationName, reference details about the application.", + "placeholder": "Example: Contoso-App", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsWorkloadSlaTag", + "type": "Microsoft.Common.TextBox", + "label": "Workload SLA:", + "toolTip": "This input will be the value of a tag named ServiceClass, reference to the service level agreement level of the worload.", + "placeholder": "Example: Contoso-SLA", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + }, + { + "name": "tagsOpsTeamTag", + "type": "Microsoft.Common.TextBox", + "label": "Operations team:", + "toolTip": "This input will be the value of a tag named OpsTeam, reference to the team accountable for day-to-day operations.", + "placeholder": "Example: workload-admins@Contoso.com", + "constraints": { + "required": true + } + }, + { + "name": "tagsOwnerTag", + "type": "Microsoft.Common.TextBox", + "label": "Owner:", + "toolTip": "This input will be the value of a tag named Owner, reference to the organizational owner of the Azure Virtual Desktop deployment.", + "placeholder": "Example: workload-owner@Contoso.com", + "constraints": { + "required": true + } + }, + { + "name": "tagsCostCenterTag", + "type": "Microsoft.Common.TextBox", + "label": "Cost center:", + "toolTip": "This input will be the value of a tag named CostCenter, reference to the cost center of owner team.", + "placeholder": "Example: Contoso-CC", + "constraints": { + "required": true, + "regex": "^[a-z0-9A-Z-]{1,256}$", + "validationMessage": "Value must be 1-256 characters." + } + } + ] + } + ] + } + ] + }, + "outputs": { + "parameters": { + // "deploymentPrefix": "[steps('basics').deploymentSpecs.deploymentPrefix]", + // "deploymentEnvironment": "[steps('basics').deploymentSpecs.deploymentEnvironment]", + // "diskZeroTrust": "[steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust]", + // "avdManagementPlaneLocation": "[steps('basics').resourceScope.location.name]", + // "avdSessionHostLocation": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsRegionSection.sessionHostsRegion, steps('basics').resourceScope.location.name)]", + // "avdWorkloadSubsId": "[steps('basics').resourceScope.subscription.subscriptionId]", + // "avdHostPoolType": "[steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType]", + // "hostPoolPreferredAppGroupType": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneAppGroupOptions.preferredAppGroupType, 'Desktop')]", + // "avdHostPoolLoadBalancerType": "[steps('managementPlane').managementPlaneHostPoolSettings.loadBalancerType]", + // "hostPoolMaxSessions": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolSettings.maxSessions, 1)]", + // "avdPersonalAssignType": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolSettings.assignmentType, 'Automatic')]", + // "avdIdentityServiceProvider": "[steps('identity').identityDomainInformation.identityServiceProvider]", + // "createIntuneEnrollment": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), steps('identity').identityDomainInformation.identityServiceProviderIntuneEnrollment, false)]", + // "identityDomainName": "[if(or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment), steps('storage').storageGeneralSettings.identityDomainName, '')]", + // "avdOuPath": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('sessionHosts').sessionHostsComputeStorageSection.identityDomainOuPath)]", + // "avdDomainJoinUserName": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserName)]", + // "avdDomainJoinUserPassword": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserPassword)]", + // "avdVmLocalUserName": "[steps('identity').identityLocalCredentials.identityLocalUserName]", + // "avdVmLocalUserPassword": "[steps('identity').identityLocalCredentials.identityLocalUserPassword.password]", + // "createAvdVnet": "[steps('network').createAvdVirtualNetwork]", + // "avdVnetworkAddressPrefixes": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').virtualNetworkSize, '10.10.0.0/23')]", + // "vNetworkAvdSubnetAddressPrefix": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').virtualNetworkAvdSubnetSize, '10.10.0.0/24')]", + // "vNetworkPrivateEndpointSubnetAddressPrefix": "[if(and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true)), steps('network').virtualNetworkPrivateEndpointSubnetSize, '10.10.1.0/27')]", + // "customDnsIps": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').virtualNetworkDns, '')]", + // "existingHubVnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '')]", + // "vNetworkGatewayOnHub": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.hubVirtualNetworkGateway, false)]", + // "existingVnetAvdSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkAvdSubnetSelectorName, 'no')]", + // "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", + // "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", + // "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", + // "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", + // "avdEnterpriseAppObjectId": "[first(map(steps('managementPlane').managementPlaneHostPoolScaling.avdEnterpriseApplication.value, (item) => item.id))]", + // "availabilityZonesCompute": "[steps('sessionHosts').sessionHostsRegionSection.sessionHostsAvailabilitySettings]", + // "zoneRedundantStorage": "[steps('storage').storageGeneralSettings.storageGeneralSettingsZoneRedundancy]", + // "avdDeploySessionHostsCount": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsSettingsSection.sessionHostsCount, 1)]", + // "useSharedImage": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource, false)]", + // "avdOsImage": "[if(equals(steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource, false), steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'win11_21h2')]", + // "securityType": "[steps('sessionHosts').sessionHostsSecuritySection.securityType]", + // "secureBootEnabled": "[steps('sessionHosts').sessionHostsSecuritySection.secureBootEnabled]", + // "vTpmEnabled": "[steps('sessionHosts').sessionHostsSecuritySection.vTpmEnabled]", + // "avdImageTemplateDefinitionId": "[if(equals(steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource, true), steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage.id, 'no')]", + // "avdSessionHostDiskType": "[steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskType]", + // "enableAcceleratedNetworking": "[steps('sessionHosts').sessionHostsSettingsSection.acceleratedNetworking]", + // "avdSessionHostsSize": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsSettingsSection.sessionHostSize, 'Standard_D4ads_v5')]", + // "deployPrivateEndpointKeyvaultStorage": "[steps('network').deployPrivateEndpointKeyvaultStorage]", + // "createPrivateDnsZones": "[if(equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), steps('network').virtualNetworkPrivateDnsZone, false)]", + // "avdVnetPrivateDnsZoneFilesId": "[if(and(equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false)), steps('network').virtualNetworkPrivateDnsZoneSelection.virtualNetworkPrivateDnsZoneFilesSelector.id, '')]", + // "avdVnetPrivateDnsZoneKeyvaultId": "[if(and(equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false)), steps('network').virtualNetworkPrivateDnsZoneSelection.virtualNetworkPrivateDnsZoneKeyvaultSelector.id, '')]", + // "createAvdFslogixDeployment": "[steps('storage').storageFslogix.fslogixDeployment]", + // "fslogixStoragePerformance": "[if(equals(steps('storage').storageFslogix.fslogixDeployment, true), steps('storage').storageFslogix.fslogixStorageAccountSku, 'Premium')]", + // "fslogixFileShareQuotaSize": "[if(equals(steps('storage').storageFslogix.fslogixDeployment, true), steps('storage').storageFslogix.sessionHostsFslogixFileShareQuota, 1 )]", + // "createMsixDeployment": "[steps('storage').storageMsix.msixDeployment]", + // "msixStoragePerformance": "[if(equals(steps('storage').storageMsix.msixDeployment, true), steps('storage').storageMsix.msixStorageAccountSku, 'Premium')]", + // "msixFileShareQuotaSize": "[if(equals(steps('storage').storageMsix.msixDeployment, true), steps('storage').storageMsix.sessionHostsMsixFileShareQuota, 1 )]", + // "storageOuPath": "[steps('storage').storageGeneralSettings.identityDomainOuPathStorageExisting]", + // "avdUseCustomNaming": "[steps('resourceNaming').resourceNamingSelection]", + // "avdServiceObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.serviceObjectsRgCustomName, 'no')]", + // "avdNetworkObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.networkObjectsRgCustomName, 'no')]", + // "avdComputeObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingCompute.computeObjectsRgCustomName, 'no')]", + // "avdStorageObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingStorage.storageObjectsRgCustomName, 'no')]", + // "avdVnetworkCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.virtualNetworkCustomName, 'no')]", + // "avdVnetworkSubnetCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.virtualNetworkAvdSubnetCustomName, 'no')]", + // "avdNetworksecurityGroupCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.avdNetworkSecurityGroupCustomName, 'no')]", + // "avdRouteTableCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.avdRouteTableCustomName, 'no')]", + // "privateEndpointVnetworkSubnetCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.virtualNetworkPrivateEndpointSubnetCustomName, 'no')]", + // "privateEndpointNetworksecurityGroupCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.privateEndpointNetworkSecurityGroupCustomName, 'no')]", + // "privateEndpointRouteTableCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.privateEndpointRouteTableCustomName, 'no')]", + // "avdApplicationSecurityGroupCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingCompute.applicationSecurityGroupCustomName, 'no')]", + // "avdWorkSpaceCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.workSpaceCustomName, 'no')]", + // "avdWorkSpaceCustomFriendlyName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.workSpaceCustomFriendlyName, 'no')]", + // "avdHostPoolCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.hostPoolCustomName, 'no')]", + // "avdHostPoolCustomFriendlyName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.hostPoolCustomFriendlyName, 'no')]", + // "avdScalingPlanCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.scalingPlanCustomName, 'no')]", + // "avdApplicationGroupCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.applicationGroupCustomName, 'no')]", + // "avdApplicationGroupCustomFriendlyName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.applicationGroupCustomFriendlyName, 'no')]", + // "avdSessionHostCustomNamePrefix": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingCompute.sessionHostCustomNamePrefix, 'no')]", + // "avdAvailabilitySetCustomNamePrefix": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingCompute.availabilitySetCustomNamePrefix, 'no')]", + // "storageAccountPrefixCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingStorage.storageAccountPrefixCustomName, 'no')]", + // "fslogixFileShareCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingStorage.fslogixFileShareCustomName, 'no')]", + // "msixFileShareCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingStorage.msixFileShareCustomName, 'no')]", + // "avdWrklKvPrefixCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.workloadKvCustomName, 'no')]", + // "createResourceTags": "[steps('resourceTagging').resourceTaggingSelection]", + // "workloadNameTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsWorkloadName, 'no')]", + // "workloadTypeTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsWorkloadType, 'Light')]", + // "dataClassificationTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsDataClassificationTag, 'Non-business')]", + // "departmentTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsDepartmentTag, 'no')]", + // "workloadCriticalityTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsCriticalityTag, 'Low')]", + // "workloadCriticalityCustomValueTag": "[if(equals(steps('resourceTagging').resourceTags.tagsCriticalityTag, 'Custom'), steps('resourceTagging').resourceTags.tagsCustomWorkloadCriticality, 'Low')]", + // "applicationNameTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsApplicationNameTag, 'no')]", + // "workloadSlaTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsWorkloadSlaTag, 'no')]", + // "opsTeamTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsOpsTeamTag, 'no')]", + // "ownerTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsOwnerTag, 'no')]", + // "costCenterTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsCostCenterTag, 'no')]", + // "securityPrincipalId": "[if(steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox, steps('identity').identityAvdAccess.identityAvdUserAccessGroupTextBox2, steps('identity').identityAvdAccess.identityAvdUserAccessGroupDropDown.id)]", + // "securityPrincipalName": "[if(steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox, steps('identity').identityAvdAccess.identityAvdUserAccessGroupTextBox1, steps('identity').identityAvdAccess.identityAvdUserAccessGroupDropDown.name)]", + // "avdDeployMonitoring": "[steps('monitoring').deployMonitoring]", + // "deployAlaWorkspace": "[if(equals(steps('monitoring').deployMonitoring, true), steps('monitoring').deployMonitoringAlaWorkspace, false)]", + // "avdAlaWorkspaceDataRetention": "[if(equals(steps('monitoring').deployMonitoringAlaWorkspace, true), steps('monitoring').deployMonitoringNewAlaWorkspaceRetention, 0)]", + // "alaExistingWorkspaceResourceId": "[if(equals(steps('monitoring').deployMonitoringAlaWorkspace, false), steps('monitoring').alaWorkspaceExistingWorkspacesSelection.id, 'no')]", + // "deployCustomPolicyMonitoring": "[if(equals(steps('monitoring').deployMonitoring, true), steps('monitoring').deployMonitoringPolicies, false)]", + // "avdMonitoringRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingMonitoring.monitoringObjectsRgCustomName, 'no')]", + // "avdAlaWorkspaceCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingMonitoring.monitoringLogAnalyticsWorkspaceName, 'no')]", + // "ztDiskEncryptionSetCustomNamePrefix": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsDiskEncryptionSetCustomName]", + // "ztKvPrefixCustomName ": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsKeyVaultCustomPrefix]", + // "ztManagedIdentityCustomName": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsManagedIdentityCustomName]" + }, + "kind": "Subscription", + "location": "[steps('basics').resourceScope.location.name]", + "subscriptionId": "[steps('basics').resourceScope.subscription.id]" + } + } +} diff --git a/workload/scripts/Set-SessionHostConfiguration.ps1 b/workload/scripts/Set-SessionHostConfiguration.ps1 index f8b0a9ef2..6b4485e4a 100644 --- a/workload/scripts/Set-SessionHostConfiguration.ps1 +++ b/workload/scripts/Set-SessionHostConfiguration.ps1 @@ -1,5 +1,5 @@ Param( -[parameter(Mandatory=$false)] +[parameter(Mandatory)] [string] $IdentityDomainName, @@ -15,11 +15,11 @@ $IdentityServiceProvider, [string] $Fslogix, -[parameter(Mandatory=$false)] +[parameter(Mandatory=)] [string] $FslogixFileShare, -[parameter(Mandatory=$false)] +[parameter(Mandatory)] [string] $fslogixStorageFqdn, From 0c62113b9beff46c538d28d4f2f1483aa9dc9f0d Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Sun, 12 Nov 2023 19:48:25 -0600 Subject: [PATCH 07/15] updates --- .../brownfield/portalUiAddSessionHosts.json | 542 +++--------------- 1 file changed, 75 insertions(+), 467 deletions(-) diff --git a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json index d94058169..995d0dbbd 100644 --- a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json +++ b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json @@ -50,6 +50,28 @@ ] } }, + { + "name": "resourceGroupsApi", + "type": "Microsoft.Solutions.ArmApiControl", + "request": { + "method": "GET", + "path": "[concat(steps('basics').resourceScope.subscription.id, '/resourceGroups?api-version=2021-04-01')]" + } + }, + { + "name": "ComputeResourceGroup", + "type": "Microsoft.Common.DropDown", + "label": "Pool compute resource group", + "multiselect": false, + "defaultValue": "", + "toolTip": "Select the name of the existing resource group where the host pool compute resources will be deployed.", + "constraints": { + "allowedValues": "[map(steps('basics').resourceGroupsApi.value, (item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.name, '\"}')))]", + "required": true + }, + "infoMessages": [], + "visible": true + }, { "name": "infoResourceGroupNaming", "type": "Microsoft.Common.TextBlock", @@ -227,48 +249,48 @@ ] }, { - "name": "identityDomainCredentials", + "name": "identityCredentials", "type": "Microsoft.Common.Section", - "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", - "label": "Domain join credentials", + "visible": true, + "label": "Credentials", "elements": [ + { + "name": "secretsKeyvault", + "type": "Microsoft.Solutions.ResourceSelector", + "label": "Key vault", + "toolTip": "Select the AVD LZA deployed keyvault that contains the local user and domain join credentials.", + "resourceType": "Microsoft.KeyVault/vaults", + "constraints": { + "required": true + } + }, { "name": "identityDomainJoinUserName", "type": "Microsoft.Common.TextBox", - "label": "User principal name", - "toolTip": "Provide username with permissions to join session host to the domain.", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Domain join principal name", "placeholder": "Example: avdadmin@contoso.com", "defaultValue": "", + "toolTip": "Provide username with permissions to join session host to the domain.", "constraints": { "required": true } }, { "name": "identityDomainJoinUserPassword", - "type": "Microsoft.Common.PasswordBox", - "label": { - "password": "Password" - }, - "toolTip": "Provide password for domain join account.", + "type": "Microsoft.Common.TextBox", + "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "label": "Domain Join Password secret name", + "toolTip": "Provide keyvault secret name for domain join password.", + "defaultValue": "domainJoinUserPassword", "constraints": { "required": true - }, - "options": { - "hideConfirmation": true } - } - ] - }, - { - "name": "identityLocalCredentials", - "type": "Microsoft.Common.Section", - "visible": true, - "label": "Session host local admin credentials", - "elements": [ + }, { "name": "identityLocalUserName", "type": "Microsoft.Common.TextBox", - "label": "Username", + "label": "VM local admin username", "toolTip": "Provide username for session host local admin account. Administrator can't be used as username, it is reserved by the system.", "placeholder": "Example: avdadmin", "defaultValue": "", @@ -280,221 +302,12 @@ }, { "name": "identityLocalUserPassword", - "type": "Microsoft.Compute.CredentialsCombo", - "visible": true, - "label": { - "password": "Password", - "confirmPassword": "Confirm password" - }, - "toolTip": { - "password": "The password must be alphanumeric, contain at least 12 characters, have at least 1 letter,1 number and 1 special character." - }, - "constraints": { - "required": true - }, - "options": { - "hideConfirmation": false - }, - "osPlatform": "Windows" - } - ] - } - ] - }, - { - "name": "managementPlane", - "label": "Management plane", - "elements": [ - { - "name": "managementPlaneHostPoolSettings", - "type": "Microsoft.Common.Section", - "visible": true, - "label": "Host pool settings", - "elements": [ - { - "name": "hostPoolType", - "type": "Microsoft.Common.DropDown", - "visible": true, - "label": "Host pool type", - "defaultValue": "Pooled", - "multiLine": true, - "toolTip": "", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "Pooled", - "description": "", - "value": "Pooled" - }, - { - "label": "Personal", - "description": "", - "value": "Personal" - } - ] - } - }, - { - "name": "hostPoolWarning", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "icon": "Warning", - "text": "Host pool type can not be changed after deployment.", - "uri": "https://docs.microsoft.com/azure/virtual-desktop/environment-setup" - } - }, - { - "name": "loadBalancerType", - "type": "Microsoft.Common.DropDown", - "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled')]", - "label": "Load balancing algorithm", - "defaultValue": "BreadthFirst", - "multiLine": true, - "toolTip": "Breadth-first load balancing distributes new user sessions across all available session hosts in the host pool. Depth-first load balancing distributes new user sessions to an available session host with the highest number of connections but has not reached its maximum session limit threshold.", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "BreadthFirst", - "description": "Each new user is placed on the next VM. (Performance Optimized)", - "value": "BreadthFirst" - }, - { - "label": "DepthFirst", - "description": "Each new user is placed on the same VM until max sessions limit. (Cost Optimized)", - "value": "DepthFirst" - } - ] - } - }, - { - "name": "maxSessions", "type": "Microsoft.Common.TextBox", - "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled')]", - "label": "Max session limit", - "defaultValue": "8", - "toolTip": "The maximum number of users that have concurrent sessions on a session host. When setting a host pool to have depth first load balancing or planning to use Autoscaling, you must set an appropriate max session limit according to the configuration of your deployment and capacity of your VMs.", + "label": "VM local admin password secret name", + "toolTip": "Provide keyvault secret name for VM local admin password.", + "defaultValue": "vmLocalUserPassword", "constraints": { - "required": false, - "regex": "", - "validationMessage": "" - } - }, - { - "name": "assignmentType", - "type": "Microsoft.Common.DropDown", - "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal')]", - "label": "Machine assignment", - "defaultValue": "Automatic (Recommended)", - "multiLine": true, - "toolTip": "Automatic assignment – The service will select an available host and assign it to an user. Direct assignment – Admin selects a specific host to assign to an user.", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "Automatic (Recommended)", - "description": "Users are assigned an available VM the first time they connect.", - "value": "Automatic" - }, - { - "label": "Direct", - "description": "An administrator assigns a VM for each individual user.", - "value": "Direct" - } - ] - } - } - ] - }, - { - "name": "managementPlaneAppGroupOptions", - "type": "Microsoft.Common.Section", - "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled')]", - "label": "", - "elements": [ - { - "name": "preferredAppGroupType", - "type": "Microsoft.Common.OptionsGroup", - "visible": true, - "label": "Preferred app group type", - "defaultValue": "Desktop", - "toolTip": "Select the preferred type of application group for the host pool, the option selected will be used to deploy the default application group of the host pool.", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "Desktop", - "value": "Desktop" - }, - { - "label": "Remote App (RAIL)", - "value": "RemoteApp" - } - ] - } - } - ] - }, - { - "name": "managementPlaneHostPoolScaling", - "type": "Microsoft.Common.Section", - "visible": true, - "label": "Session host scaling options", - "elements": [ - { - "name": "scalingPlan", - "type": "Microsoft.Common.CheckBox", - "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled')]", - "label": "Scaling plan", - "defaultValue": true, - "toolTip": "Will automatically manage session host power state based on usage and schedules (weekdays and weekend schedules will be created)." - }, - { - "name": "startVmOnConnect", - "type": "Microsoft.Common.CheckBox", - "visible": "[equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal')]", - "label": "Start VM on connect", - "defaultValue": true, - "toolTip": "If VM is powered off (deallocated), VM will be started automatically once user connects." - }, - { - "name": "avdEnterpriseApplication", - "type": "Microsoft.Solutions.GraphApiControl", - "request": { - "method": "GET", - "path": "/v1.0/serviceprincipals?$filter=appId eq '9cdead84-a844-4324-93f2-b2e6bb768d07'" - } - }, - { - "name": "startVmOnConnectRoleInfo", - "type": "Microsoft.Common.InfoBox", - "visible": "[steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect]", - "options": { - "text": "Deployment will automatically grant role 'Desktop Virtualization Power On Contributor' to Azure virtual Desktop enterprise application (AppID: 9cdead84-a844-4324-93f2-b2e6bb768d07)", - "uri": "https://learn.microsoft.com/azure/virtual-desktop/start-virtual-machine-connect?tabs=azure-portal", - "style": "Info" - } - }, - { - "name": "scalingPlanRoleInfo", - "type": "Microsoft.Common.InfoBox", - "visible": "[steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan]", - "options": { - "text": "Deployment will automatically grant role 'Desktop Virtualization Power On Off Contributor' to Azure virtual Desktop enterprise application (AppID: 9cdead84-a844-4324-93f2-b2e6bb768d07)", - "uri": "https://learn.microsoft.com/azure/virtual-desktop/autoscale-scaling-plan", - "style": "Info" - } - }, - { - "name": "scalingPlanInfo", - "type": "Microsoft.Common.InfoBox", - "visible": "[steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan]", - "options": { - "text": "Session hosts can be excluded from the scaling plan by assigning the tag name exclude-'Scaling-PLan-Name'. When not using custom resource naming, the default exclusion tag name will be exclude-vdscaling-'DeploymentPrefix'-'Environment'-'DeploymentLocation'-001
- Example: exclude-vdscaling-app1-dev-use2-001", - "uri": "https://docs.microsoft.com/azure/virtual-desktop/autoscale-scenarios#scenario-4-how-do-exclusion-tags-work", - "style": "Info" + "required": true } } ] @@ -505,14 +318,6 @@ "name": "sessionHosts", "label": "Session hosts", "elements": [ - { - "name": "deploySessionHosts", - "type": "Microsoft.Common.CheckBox", - "visible": true, - "label": "Deploy session hosts", - "defaultValue": true, - "toolTip": "Create session hosts compute and storage resources." - }, { "name": "sessionHostsRegionSection", "type": "Microsoft.Common.Section", @@ -846,157 +651,65 @@ } }, { - "name": "storageGeneralSettings", + "name": "storageGeneralInfromation", "type": "Microsoft.Common.Section", - "label": "General settings:", + "label": "General information:", "visible": true, "elements": [ { "name": "identityDomainName", "type": "Microsoft.Common.TextBox", - "visible": "[or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment)]", + "visible": "[steps('storage').storageFslogix.fslogixDeployment]", "label": "AD Domain name", "toolTip": "The full qualified domain name of the on-premises domain where the hybrid identities originated from, this information is used for Azure files authentication setup.", "placeholder": "Example: contoso.com", "constraints": { "required": true } - }, - { - "name": "identityDomainOuPathStorageExisting", - "type": "Microsoft.Common.TextBox", - "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", - "label": "Custom OU path (Optional)", - "toolTip": "Provide OU where to locate storage account file share. If not provided, file share will be placed on the default (computers) OU.", - "placeholder": "Example: OU=storage,OU=avd,DC=contoso,DC=com", - "constraints": {} - }, - { - "name": "storageGeneralSettingsZoneRedundancy", - "type": "Microsoft.Common.CheckBox", - "visible": true, - "label": "Zone redundant storage", - "defaultValue": false, - "toolTip": "Select to replicate storage across availability zones or only use local redundancy." } ] }, { "name": "storageFslogix", "type": "Microsoft.Common.Section", - "label": "FSLogix settings:", - "visible": true, + "label": "FSLogix configuration:", "elements": [ { "name": "fslogixDeployment", "type": "Microsoft.Common.CheckBox", - "label": "FSLogix profile management", + "label": "Configure FSLogix settings", "defaultValue": true, - "toolTip": "Deploys FSLogix containers and session host setup for user's profiles." + "toolTip": "Configure session host to use FSLogix." }, { - "name": "fslogixStorageAccountSku", - "type": "Microsoft.Common.DropDown", - "visible": "[steps('storage').storageFslogix.fslogixDeployment]", - "label": "File share peformance", - "filter": true, - "defaultValue": "Premium", - "toolTip": "Storage account performance for FSLogix storage. Recommended tier is Premium.", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "Premium", - "description": "", - "value": "Premium" - }, - { - "label": "Standard", - "description": "", - "value": "Standard" - } - ] - } - }, - { - "name": "sessionHostsFslogixFileShareQuota", - "type": "Microsoft.Common.Slider", - "visible": "[steps('storage').storageFslogix.fslogixDeployment]", - "label": "File share size", - "subLabel": "x 100GB", - "toolTip": "Size of Azure File share quota, the maximum sizes are 5TB for standard SKU and 100TB for premium SKU", - "min": 1, - "max": 100, - "defaultValue": 1, - "showStepMarkers": true, - "constraints": { + "name": "fslogixStorageAccountSelector", + "type": "Microsoft.Solutions.ResourceSelector", + "label": "FSLogix storage account", + "toolTip": "Select the FSLogix storage account.", + "resourceType": "Microsoft.Storage/storageAccounts", + "constraints": { + + + + + + + "required": true } }, { - "name": "StorageDeploymentDisabledAad", - "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", - "options": { - "text": "Granting admin consent to the storage account service principal (your-storage-account-name.file.core.windows.net) is a requirememt, the link in this box contains the steps to grant the consent.", - "uri": "https://learn.microsoft.com/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable?tabs=azure-portal#grant-admin-consent-to-the-new-service-principal", - "style": "Warning" - } - } - ] - }, - { - "name": "storageMsix", - "type": "Microsoft.Common.Section", - "label": "MSIX App Attach settings:", - "visible": true, - "elements": [ - { - "name": "msixDeployment", - "type": "Microsoft.Common.CheckBox", - "label": "Create MSIX App Attach storage", - "defaultValue": false, - "toolTip": "Deploys MSIX App Attach containers and permissions setup." - }, - { - "name": "msixStorageAccountSku", - "type": "Microsoft.Common.DropDown", - "visible": "[steps('storage').storageMsix.msixDeployment]", - "label": "File share performance", - "filter": true, - "defaultValue": "Premium", - "toolTip": "Storage account performance for MSIX App Attach storage. Recommended tier is Premium.", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "Premium", - "description": "", - "value": "Premium" - }, - { - "label": "Standard", - "description": "", - "value": "Standard" - } - ] - } - }, - { - "name": "sessionHostsMsixFileShareQuota", - "type": "Microsoft.Common.Slider", - "visible": "[steps('storage').storageMsix.msixDeployment]", - "label": "File share size", - "subLabel": "x 100GB", - "toolTip": "Size of Azure File share quota, the maximum sizes are 5TB for standard SKU and 100TB for premium SKU", - "min": 1, - "max": 100, - "defaultValue": 1, - "showStepMarkers": true, + "name": "fslogixStorageAccount", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('storage').storageFslogix.fslogixDeployment]", + "label": "AD Domain name", + "toolTip": "The full qualified domain name of the on-premises domain where the hybrid identities originated from, this information is used for Azure files authentication setup.", + "placeholder": "Example: contoso.com", "constraints": { "required": true } } + ] }, { @@ -2290,111 +2003,6 @@ }, "outputs": { "parameters": { - // "deploymentPrefix": "[steps('basics').deploymentSpecs.deploymentPrefix]", - // "deploymentEnvironment": "[steps('basics').deploymentSpecs.deploymentEnvironment]", - // "diskZeroTrust": "[steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust]", - // "avdManagementPlaneLocation": "[steps('basics').resourceScope.location.name]", - // "avdSessionHostLocation": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsRegionSection.sessionHostsRegion, steps('basics').resourceScope.location.name)]", - // "avdWorkloadSubsId": "[steps('basics').resourceScope.subscription.subscriptionId]", - // "avdHostPoolType": "[steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType]", - // "hostPoolPreferredAppGroupType": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneAppGroupOptions.preferredAppGroupType, 'Desktop')]", - // "avdHostPoolLoadBalancerType": "[steps('managementPlane').managementPlaneHostPoolSettings.loadBalancerType]", - // "hostPoolMaxSessions": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolSettings.maxSessions, 1)]", - // "avdPersonalAssignType": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolSettings.assignmentType, 'Automatic')]", - // "avdIdentityServiceProvider": "[steps('identity').identityDomainInformation.identityServiceProvider]", - // "createIntuneEnrollment": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), steps('identity').identityDomainInformation.identityServiceProviderIntuneEnrollment, false)]", - // "identityDomainName": "[if(or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment), steps('storage').storageGeneralSettings.identityDomainName, '')]", - // "avdOuPath": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('sessionHosts').sessionHostsComputeStorageSection.identityDomainOuPath)]", - // "avdDomainJoinUserName": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserName)]", - // "avdDomainJoinUserPassword": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserPassword)]", - // "avdVmLocalUserName": "[steps('identity').identityLocalCredentials.identityLocalUserName]", - // "avdVmLocalUserPassword": "[steps('identity').identityLocalCredentials.identityLocalUserPassword.password]", - // "createAvdVnet": "[steps('network').createAvdVirtualNetwork]", - // "avdVnetworkAddressPrefixes": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').virtualNetworkSize, '10.10.0.0/23')]", - // "vNetworkAvdSubnetAddressPrefix": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').virtualNetworkAvdSubnetSize, '10.10.0.0/24')]", - // "vNetworkPrivateEndpointSubnetAddressPrefix": "[if(and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true)), steps('network').virtualNetworkPrivateEndpointSubnetSize, '10.10.1.0/27')]", - // "customDnsIps": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').virtualNetworkDns, '')]", - // "existingHubVnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.existingHubVirtualNetwork, '')]", - // "vNetworkGatewayOnHub": "[if(equals(steps('network').createAvdVirtualNetwork, true), steps('network').hubVirtualNetworkPeering.hubVirtualNetworkGateway, false)]", - // "existingVnetAvdSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkAvdSubnetSelectorName, 'no')]", - // "existingVnetPrivateEndpointSubnetResourceId": "[if(equals(steps('network').createAvdVirtualNetwork, false), steps('network').virtualNetworkPrivateEndpointSubnetSelectorName, 'no')]", - // "avdDeploySessionHosts": "[steps('sessionHosts').deploySessionHosts]", - // "avdStartVmOnConnect": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolScaling.startVmOnConnect, false)]", - // "avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]", - // "avdEnterpriseAppObjectId": "[first(map(steps('managementPlane').managementPlaneHostPoolScaling.avdEnterpriseApplication.value, (item) => item.id))]", - // "availabilityZonesCompute": "[steps('sessionHosts').sessionHostsRegionSection.sessionHostsAvailabilitySettings]", - // "zoneRedundantStorage": "[steps('storage').storageGeneralSettings.storageGeneralSettingsZoneRedundancy]", - // "avdDeploySessionHostsCount": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsSettingsSection.sessionHostsCount, 1)]", - // "useSharedImage": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource, false)]", - // "avdOsImage": "[if(equals(steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource, false), steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'win11_21h2')]", - // "securityType": "[steps('sessionHosts').sessionHostsSecuritySection.securityType]", - // "secureBootEnabled": "[steps('sessionHosts').sessionHostsSecuritySection.secureBootEnabled]", - // "vTpmEnabled": "[steps('sessionHosts').sessionHostsSecuritySection.vTpmEnabled]", - // "avdImageTemplateDefinitionId": "[if(equals(steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource, true), steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage.id, 'no')]", - // "avdSessionHostDiskType": "[steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskType]", - // "enableAcceleratedNetworking": "[steps('sessionHosts').sessionHostsSettingsSection.acceleratedNetworking]", - // "avdSessionHostsSize": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsSettingsSection.sessionHostSize, 'Standard_D4ads_v5')]", - // "deployPrivateEndpointKeyvaultStorage": "[steps('network').deployPrivateEndpointKeyvaultStorage]", - // "createPrivateDnsZones": "[if(equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), steps('network').virtualNetworkPrivateDnsZone, false)]", - // "avdVnetPrivateDnsZoneFilesId": "[if(and(equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false)), steps('network').virtualNetworkPrivateDnsZoneSelection.virtualNetworkPrivateDnsZoneFilesSelector.id, '')]", - // "avdVnetPrivateDnsZoneKeyvaultId": "[if(and(equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false)), steps('network').virtualNetworkPrivateDnsZoneSelection.virtualNetworkPrivateDnsZoneKeyvaultSelector.id, '')]", - // "createAvdFslogixDeployment": "[steps('storage').storageFslogix.fslogixDeployment]", - // "fslogixStoragePerformance": "[if(equals(steps('storage').storageFslogix.fslogixDeployment, true), steps('storage').storageFslogix.fslogixStorageAccountSku, 'Premium')]", - // "fslogixFileShareQuotaSize": "[if(equals(steps('storage').storageFslogix.fslogixDeployment, true), steps('storage').storageFslogix.sessionHostsFslogixFileShareQuota, 1 )]", - // "createMsixDeployment": "[steps('storage').storageMsix.msixDeployment]", - // "msixStoragePerformance": "[if(equals(steps('storage').storageMsix.msixDeployment, true), steps('storage').storageMsix.msixStorageAccountSku, 'Premium')]", - // "msixFileShareQuotaSize": "[if(equals(steps('storage').storageMsix.msixDeployment, true), steps('storage').storageMsix.sessionHostsMsixFileShareQuota, 1 )]", - // "storageOuPath": "[steps('storage').storageGeneralSettings.identityDomainOuPathStorageExisting]", - // "avdUseCustomNaming": "[steps('resourceNaming').resourceNamingSelection]", - // "avdServiceObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.serviceObjectsRgCustomName, 'no')]", - // "avdNetworkObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.networkObjectsRgCustomName, 'no')]", - // "avdComputeObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingCompute.computeObjectsRgCustomName, 'no')]", - // "avdStorageObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingStorage.storageObjectsRgCustomName, 'no')]", - // "avdVnetworkCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.virtualNetworkCustomName, 'no')]", - // "avdVnetworkSubnetCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.virtualNetworkAvdSubnetCustomName, 'no')]", - // "avdNetworksecurityGroupCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.avdNetworkSecurityGroupCustomName, 'no')]", - // "avdRouteTableCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.avdRouteTableCustomName, 'no')]", - // "privateEndpointVnetworkSubnetCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.virtualNetworkPrivateEndpointSubnetCustomName, 'no')]", - // "privateEndpointNetworksecurityGroupCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.privateEndpointNetworkSecurityGroupCustomName, 'no')]", - // "privateEndpointRouteTableCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.privateEndpointRouteTableCustomName, 'no')]", - // "avdApplicationSecurityGroupCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingCompute.applicationSecurityGroupCustomName, 'no')]", - // "avdWorkSpaceCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.workSpaceCustomName, 'no')]", - // "avdWorkSpaceCustomFriendlyName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.workSpaceCustomFriendlyName, 'no')]", - // "avdHostPoolCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.hostPoolCustomName, 'no')]", - // "avdHostPoolCustomFriendlyName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.hostPoolCustomFriendlyName, 'no')]", - // "avdScalingPlanCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.scalingPlanCustomName, 'no')]", - // "avdApplicationGroupCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.applicationGroupCustomName, 'no')]", - // "avdApplicationGroupCustomFriendlyName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.applicationGroupCustomFriendlyName, 'no')]", - // "avdSessionHostCustomNamePrefix": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingCompute.sessionHostCustomNamePrefix, 'no')]", - // "avdAvailabilitySetCustomNamePrefix": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingCompute.availabilitySetCustomNamePrefix, 'no')]", - // "storageAccountPrefixCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingStorage.storageAccountPrefixCustomName, 'no')]", - // "fslogixFileShareCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingStorage.fslogixFileShareCustomName, 'no')]", - // "msixFileShareCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingStorage.msixFileShareCustomName, 'no')]", - // "avdWrklKvPrefixCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.workloadKvCustomName, 'no')]", - // "createResourceTags": "[steps('resourceTagging').resourceTaggingSelection]", - // "workloadNameTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsWorkloadName, 'no')]", - // "workloadTypeTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsWorkloadType, 'Light')]", - // "dataClassificationTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsDataClassificationTag, 'Non-business')]", - // "departmentTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsDepartmentTag, 'no')]", - // "workloadCriticalityTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsCriticalityTag, 'Low')]", - // "workloadCriticalityCustomValueTag": "[if(equals(steps('resourceTagging').resourceTags.tagsCriticalityTag, 'Custom'), steps('resourceTagging').resourceTags.tagsCustomWorkloadCriticality, 'Low')]", - // "applicationNameTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsApplicationNameTag, 'no')]", - // "workloadSlaTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsWorkloadSlaTag, 'no')]", - // "opsTeamTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsOpsTeamTag, 'no')]", - // "ownerTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsOwnerTag, 'no')]", - // "costCenterTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsCostCenterTag, 'no')]", - // "securityPrincipalId": "[if(steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox, steps('identity').identityAvdAccess.identityAvdUserAccessGroupTextBox2, steps('identity').identityAvdAccess.identityAvdUserAccessGroupDropDown.id)]", - // "securityPrincipalName": "[if(steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox, steps('identity').identityAvdAccess.identityAvdUserAccessGroupTextBox1, steps('identity').identityAvdAccess.identityAvdUserAccessGroupDropDown.name)]", - // "avdDeployMonitoring": "[steps('monitoring').deployMonitoring]", - // "deployAlaWorkspace": "[if(equals(steps('monitoring').deployMonitoring, true), steps('monitoring').deployMonitoringAlaWorkspace, false)]", - // "avdAlaWorkspaceDataRetention": "[if(equals(steps('monitoring').deployMonitoringAlaWorkspace, true), steps('monitoring').deployMonitoringNewAlaWorkspaceRetention, 0)]", - // "alaExistingWorkspaceResourceId": "[if(equals(steps('monitoring').deployMonitoringAlaWorkspace, false), steps('monitoring').alaWorkspaceExistingWorkspacesSelection.id, 'no')]", - // "deployCustomPolicyMonitoring": "[if(equals(steps('monitoring').deployMonitoring, true), steps('monitoring').deployMonitoringPolicies, false)]", - // "avdMonitoringRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingMonitoring.monitoringObjectsRgCustomName, 'no')]", - // "avdAlaWorkspaceCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingMonitoring.monitoringLogAnalyticsWorkspaceName, 'no')]", - // "ztDiskEncryptionSetCustomNamePrefix": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsDiskEncryptionSetCustomName]", - // "ztKvPrefixCustomName ": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsKeyVaultCustomPrefix]", - // "ztManagedIdentityCustomName": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsManagedIdentityCustomName]" }, "kind": "Subscription", "location": "[steps('basics').resourceScope.location.name]", From 72041097dfdc3389da74db9312e9906a2de69eca Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 06:52:42 -0600 Subject: [PATCH 08/15] updates --- workload/arm/deploy-baseline.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 2770349dd..028ce2818 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "9343455469510936561" + "templateHash": "8962216308650916273" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -1242,14 +1242,14 @@ "varFslogixFileShareName": "[if(parameters('avdUseCustomNaming'), parameters('fslogixFileShareCustomName'), format('fslogix-pc-{0}-{1}-{2}-001', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentLowercase'), variables('varSessionHostLocationAcronym')))]", "varMsixFileShareName": "[if(parameters('avdUseCustomNaming'), parameters('msixFileShareCustomName'), format('msix-pc-{0}-{1}-{2}-001', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentLowercase'), variables('varSessionHostLocationAcronym')))]", "varFslogixStorageName": "[if(parameters('avdUseCustomNaming'), format('{0}fsl{1}{2}{3}', parameters('storageAccountPrefixCustomName'), variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')), format('stfsl{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')))]", - "varFslogixStorageFqdn": "[format('{0}.file.{1}', variables('varFslogixStorageName'), environment().suffixes.storage)]", + "varFslogixStorageFqdn": "[if(parameters('createAvdFslogixDeployment'), format('{0}.file.{1}', variables('varFslogixStorageName'), environment().suffixes.storage), '')]", "varMsixStorageFqdn": "[format('{0}.file.{1}', variables('varMsixStorageName'), environment().suffixes.storage)]", "varMsixStorageName": "[if(parameters('avdUseCustomNaming'), format('{0}msx{1}{2}{3}', parameters('storageAccountPrefixCustomName'), variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')), format('stmsx{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')))]", "varManagementVmName": "[format('vmmgmt{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varSessionHostLocationAcronym'))]", "varAlaWorkspaceName": "[if(parameters('avdUseCustomNaming'), parameters('avdAlaWorkspaceCustomName'), format('log-avd-{0}-{1}', variables('varDeploymentEnvironmentLowercase'), variables('varManagementPlaneLocationAcronym')))]", "varZtKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('ztKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringTwoChar')), format('kv-key-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringTwoChar')))]", "varZtKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varZtKvName'))]", - "varFslogixSharePath": "[format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName'))]", + "varFslogixSharePath": "[if(parameters('createAvdFslogixDeployment'), format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName')), '')]", "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/", "varSessionHostConfigurationScriptUri": "[format('{0}scripts/Set-SessionHostConfiguration.ps1', variables('varBaseScriptUri'))]", "varSessionHostConfigurationScript": "./Set-SessionHostConfiguration.ps1", @@ -41045,7 +41045,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "10741628395495815450" + "templateHash": "6078602552923195855" } }, "parameters": { @@ -41406,7 +41406,7 @@ }, "extensionDomainJoinConfig": { "value": { - "enabled": "[if(equals(parameters('identityServiceProvider'), 'AAD'), false(), true())]", + "enabled": "[if(or(equals(parameters('identityServiceProvider'), 'AADDS'), equals(parameters('identityServiceProvider'), 'ADDS')), true(), false())]", "settings": { "name": "[parameters('identityDomainName')]", "ouPath": "[if(not(empty(parameters('sessionHostOuPath'))), parameters('sessionHostOuPath'), null())]", @@ -46157,7 +46157,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "16467384531279284955" + "templateHash": "4753285980306081600" } }, "parameters": { @@ -46229,7 +46229,7 @@ } }, "variables": { - "varScriptArguments": "[format('-IdentityDomainName {0} -AmdVmSize {1} -IdentityServiceProvider {2} -Fslogix {3} -FslogixFileShare {4} -FslogixStorageFqdn {5} -HostPoolRegistrationToken {6} -NvidiaVmSize {7} -verbose', parameters('identityDomainName'), variables('varAmdVmSize'), parameters('identityServiceProvider'), parameters('fslogix'), parameters('fslogixFileShare'), parameters('fslogixStorageFqdn'), parameters('hostPoolToken'), variables('varNvidiaVmSize'))]", + "varScriptArguments": "[if(parameters('fslogix'), format('-IdentityDomainName {0} -AmdVmSize {1} -IdentityServiceProvider {2} -Fslogix {3} -FslogixFileShare {4} -FslogixStorageFqdn {5} -HostPoolRegistrationToken {6} -NvidiaVmSize {7} -verbose', parameters('identityDomainName'), variables('varAmdVmSize'), parameters('identityServiceProvider'), parameters('fslogix'), parameters('fslogixFileShare'), parameters('fslogixStorageFqdn'), parameters('hostPoolToken'), variables('varNvidiaVmSize')), format('-AmdVmSize {0} -IdentityServiceProvider {1} -Fslogix {2} -HostPoolRegistrationToken {3} -NvidiaVmSize {4} -verbose', variables('varAmdVmSize'), parameters('identityServiceProvider'), parameters('fslogix'), parameters('hostPoolToken'), variables('varNvidiaVmSize')))]", "varAmdVmSizes": [ "Standard_NV4as_v4", "Standard_NV8as_v4", From 4d68c589f11c78530e408d80f38518f203fc2a90 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 07:02:18 -0600 Subject: [PATCH 09/15] updates --- workload/bicep/brownfield/addSessionHosts/deploy.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/workload/bicep/brownfield/addSessionHosts/deploy.bicep b/workload/bicep/brownfield/addSessionHosts/deploy.bicep index ee9f60054..0c30eb7a3 100644 --- a/workload/bicep/brownfield/addSessionHosts/deploy.bicep +++ b/workload/bicep/brownfield/addSessionHosts/deploy.bicep @@ -472,10 +472,10 @@ module sessionHostConfiguration '../../modules/avdSessionHosts/.bicep/configureS baseScriptUri: varSessionHostConfigurationScriptUri scriptName: varSessionHostConfigurationScript fslogix: createAvdFslogixDeployment - identityDomainName: createAvdFslogixDeployment ? identityDomainName : 'none' + identityDomainName: identityDomainName vmSize: vmSize - fslogixFileShare: createAvdFslogixDeployment ? varFslogixSharePath : 'none' - fslogixStorageFqdn: createAvdFslogixDeployment ? varFslogixStorageFqdn : 'none' + fslogixFileShare: varFslogixSharePath + fslogixStorageFqdn: varFslogixStorageFqdn identityServiceProvider: identityServiceProvider } dependsOn: [ From bf12f6a9b94b203b784c4a782cad95153b81e4fd Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 12:24:01 -0600 Subject: [PATCH 10/15] updates --- .../brownfield/addSessionHosts/deploy.bicep | 15 +- .../modules/avdSessionHosts/deploy.bicep | 3 - .../brownfield/portalUiAddSessionHosts.json | 492 +++--------------- 3 files changed, 59 insertions(+), 451 deletions(-) diff --git a/workload/bicep/brownfield/addSessionHosts/deploy.bicep b/workload/bicep/brownfield/addSessionHosts/deploy.bicep index 0c30eb7a3..81c4380fb 100644 --- a/workload/bicep/brownfield/addSessionHosts/deploy.bicep +++ b/workload/bicep/brownfield/addSessionHosts/deploy.bicep @@ -115,9 +115,6 @@ param subnetId string @sys.description('Location where to deploy compute services. (Default: )') param location string -// @sys.description('General session host batch identifier') -// param managedIdentityStorageResourceId int - @maxLength(11) @sys.description('AVD session host prefix custom name. (Default: vmapp1duse2)') param sessionHostCustomNamePrefix string = 'vmapp1duse2' @@ -132,9 +129,6 @@ param identityServiceProvider string = 'ADDS' @sys.description('Session host VM size. (Default: Standard_D4ads_v5)') param vmSize string = 'Standard_D4ads_v5' -@sys.description('Disk encryption set to use for zero trust setup. (Default: )') -param ztDiskEncryptionSetResourceId string = '' - @allowed([ 'Standard' 'TrustedLaunch' @@ -152,9 +146,6 @@ param vTpmEnabled bool = true @sys.description('Set to deploy image from Azure Compute Gallery. (Default: false)') param useSharedImage bool = false -@sys.description('Storage Managed Identity Resource ID.') -param storageManagedIdentityResourceId string = '' - @sys.description('Local administrator username. (Default: "")') param vmLocalUserName string = 'avdVmLocalUserName' @@ -231,10 +222,6 @@ var varLocations = loadJsonContent('../../../variables/locations.json') var varMarketPlaceGalleryWindows = loadJsonContent('../../../variables/osMarketPlaceImages.json') var varTimeZoneSessionHosts = varLocations[varSessionHostLocationLowercase].timeZone var varSessionHostLocationLowercase = toLower(replace(location, ' ', '')) -var varMaxSessionHostsPerTemplate = 10 -var varMaxSessionHostsDivisionValue = count / varMaxSessionHostsPerTemplate -var varMaxSessionHostsDivisionRemainderValue = count % varMaxSessionHostsPerTemplate -var varSessionHostBatchCount = varMaxSessionHostsDivisionRemainderValue > 0 ? varMaxSessionHostsDivisionValue + 1 : varMaxSessionHostsDivisionValue var varMaxAvsetMembersCount = 199 var varDivisionAvsetValue = count / varMaxAvsetMembersCount var varDivisionAvsetRemainderValue = count % varMaxAvsetMembersCount @@ -468,7 +455,7 @@ module sessionHostConfiguration '../../modules/avdSessionHosts/.bicep/configureS params: { location: location name: '${varSessionHostNamePrefix}${padLeft((i + countIndex), 4, '0')}' - hostPoolToken: hostPool.properties.registrationInfo.token //hostPool.properties.registrationInfo.token + hostPoolToken: hostPool.properties.registrationInfo.token baseScriptUri: varSessionHostConfigurationScriptUri scriptName: varSessionHostConfigurationScript fslogix: createAvdFslogixDeployment diff --git a/workload/bicep/modules/avdSessionHosts/deploy.bicep b/workload/bicep/modules/avdSessionHosts/deploy.bicep index 77ee877e8..ca4693f4c 100644 --- a/workload/bicep/modules/avdSessionHosts/deploy.bicep +++ b/workload/bicep/modules/avdSessionHosts/deploy.bicep @@ -82,9 +82,6 @@ param useSharedImage bool @sys.description('Source custom image ID.') param avdImageTemplateDefinitionId string -@sys.description('Storage Managed Identity Resource ID.') -param storageManagedIdentityResourceId string - @sys.description('Local administrator username.') param vmLocalUserName string diff --git a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json index 995d0dbbd..aa2af4157 100644 --- a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json +++ b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json @@ -642,84 +642,79 @@ "label": "Storage", "elements": [ { - "name": "StorageDeploymentLocationAndAvailability", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "text": "Storage resources will be deployed on the same location on the Session Hosts section.", - "style": "Info" - } + "name": "fslogixConfiguration", + "type": "Microsoft.Common.CheckBox", + "label": "Configure FSLogix", + "defaultValue": true, + "toolTip": "Configure session host to use FSLogix." }, { - "name": "storageGeneralInfromation", + "name": "storageFslogix", "type": "Microsoft.Common.Section", - "label": "General information:", - "visible": true, + "label": "Settings:", + "visible": "[steps('storage').fslogixConfiguration]", "elements": [ { "name": "identityDomainName", "type": "Microsoft.Common.TextBox", - "visible": "[steps('storage').storageFslogix.fslogixDeployment]", "label": "AD Domain name", + "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", "toolTip": "The full qualified domain name of the on-premises domain where the hybrid identities originated from, this information is used for Azure files authentication setup.", "placeholder": "Example: contoso.com", "constraints": { "required": true } - } - ] - }, - { - "name": "storageFslogix", - "type": "Microsoft.Common.Section", - "label": "FSLogix configuration:", - "elements": [ - { - "name": "fslogixDeployment", - "type": "Microsoft.Common.CheckBox", - "label": "Configure FSLogix settings", - "defaultValue": true, - "toolTip": "Configure session host to use FSLogix." }, { "name": "fslogixStorageAccountSelector", "type": "Microsoft.Solutions.ResourceSelector", - "label": "FSLogix storage account", - "toolTip": "Select the FSLogix storage account.", + "label": "Storage account", + "toolTip": "The name of the Storage account created and configured to host FSLogix user profile containers.", "resourceType": "Microsoft.Storage/storageAccounts", "constraints": { - - - - - - - "required": true } }, { - "name": "fslogixStorageAccount", + "name": "fslogixStorageAccountFileShare", "type": "Microsoft.Common.TextBox", - "visible": "[steps('storage').storageFslogix.fslogixDeployment]", - "label": "AD Domain name", - "toolTip": "The full qualified domain name of the on-premises domain where the hybrid identities originated from, this information is used for Azure files authentication setup.", - "placeholder": "Example: contoso.com", + "label": "File share name", + "toolTip": "The name of the file share created and configured to host FSLogix user profile containers.", + "placeholder": "Example: fslogix-pc-avd1-dev-use2-001", "constraints": { "required": true } } - ] }, { - "name": "StorageDeploymentDisabledAad", + "name": "StorageConfigurationRequirements1", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(steps('storage').fslogixConfiguration, not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')))]", + "options": { + "text": "FSLogix configuration requires the storage account and file share to be already configured for authentication with ADDS or Microsoft Entra Domain Services.", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/fslogix-profile-container-configure-azure-files-active-directory?tabs=adds", + "style": "Info" + } + }, + { + "name": "StorageConfigurationRequirements2", + "type": "Microsoft.Common.InfoBox", + "visible": "[and(steps('storage').fslogixConfiguration, equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", + "options": { + "text": "FSLogix configuration requires the storage account and file share to be already configured for authentication with Microsoft Entra ID.", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/create-profile-container-azure-ad", + "style": "Info" + } + }, + { + "name": "StorageConfigurationAad", "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", + "visible": "[and(steps('storage').fslogixConfiguration, equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", "options": { "text": "FSLogix storage for Microsoft Entra ID joined session hosts is currently only available for hybrid identities.", "uri": "https://learn.microsoft.com/azure/virtual-desktop/create-profile-container-azure-ad", - "style": "Warning" + "style": "Info" } } ] @@ -731,419 +726,49 @@ "visible": true, "elements": [ { - "name": "virtualNetworklInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", - "options": { - "text": "Azure Virtual Desktop LZA requires connectivity to identity services (ADDS, AADDS or AAD).", - "uri": "https://docs.microsoft.com/azure/virtual-desktop/authentication", - "style": "info" - } - }, - { - "name": "createAvdVirtualNetwork", - "type": "Microsoft.Common.OptionsGroup", - "visible": true, - "label": "Virtual network", - "defaultValue": "New", - "toolTip": "", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "New", - "value": true - }, - { - "label": "Existing", - "value": false - } - ] - } - }, - { - "name": "virtualNetworkSize", - "type": "Microsoft.Common.TextBox", - "visible": "[steps('network').createAvdVirtualNetwork]", - "label": "vNet address range", - "toolTip": "Virtual network CIDR for Azure Virtual Desktop virtual machines and PaaS private endpoints", - "placeholder": "Example: 10.10.0.0/23", - "constraints": { - "required": true, - "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", - "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." - } - }, - { - "name": "virtualNetworkAvdSubnetSize", - "type": "Microsoft.Common.TextBox", - "visible": "[steps('network').createAvdVirtualNetwork]", - "label": "Azure Virtual Desktop subnet address prefix", - "toolTip": "Virtual network subnet CIDR for Azure Virtual Desktop virtual machines", - "placeholder": "Example: 10.10.0.0/24", - "constraints": { - "required": true, - "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-4]))$", - "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 24." - } - }, - { - "name": "virtualNetworkDns", - "type": "Microsoft.Common.TextBox", - "visible": "[steps('network').createAvdVirtualNetwork]", - "label": "Custom DNS servers", - "defaultValue": "", - "placeholder": "Example: 10.10.100.4,10.10.100.5", - "toolTip": "Enter multiple IPs separated by a comma, if not provided Azure provided DNS will be used. Azure default DNS server (168.63.129.16) will be added as a last resort.", - "constraints": { - "regex": "" - } - }, - { - "name": "existingVirtualNetworkInfoBox", - "type": "Microsoft.Common.InfoBox", - "visible": "[not(steps('network').createAvdVirtualNetwork)]", - "options": { - "text": "Existing network must has connectivity to identity and DNS services.", - "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", - "style": "info" - } - }, - { - "name": "avdVirtualNetworkSelectorId", - "type": "Microsoft.Solutions.ResourceSelector", - "visible": "[not(steps('network').createAvdVirtualNetwork)]", - "label": "Azure Virtual Desktop virtual network", - "resourceType": "Microsoft.Network/virtualNetworks", - "constraints": { - "required": true - }, - "options": { - "filter": { - "subscription": "onBasics", - "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.name]" - } - } - }, - { - "name": "avdSubnetApi", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "[concat(steps('network').avdVirtualNetworkSelectorId.id, '/subnets?api-version=2021-03-01')]" - } - }, - { - "name": "virtualNetworkAvdSubnetSelectorName", - "label": "Azure Virtual Desktop subnet", - "type": "Microsoft.Common.DropDown", - "visible": "[not(steps('network').createAvdVirtualNetwork)]", - "defaultValue": "", - "toolTip": "Select the subnet.", - "multiselect": false, - "selectAll": false, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "constraints": { - "allowedValues": "[map(steps('network').avdSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", - "required": true - } - }, - { - "name": "deployPrivateEndpointKeyvaultStorage", - "type": "Microsoft.Common.CheckBox", - "visible": true, - "label": "Private endpoints (Key vault and Storage account)", - "defaultValue": true, - "toolTip": "Enables Private Endpoints for Key Vault and Storage Resources. It is recommended to use Azure Private Endpoints to keep all traffic to PaaS services on the Azure backbone." - }, - { - "name": "virtualNetworkPrivateEndpointSubnetSize", - "type": "Microsoft.Common.TextBox", - "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", - "label": "Private endpoint subnet address prefix", - "toolTip": "Virtual network subnet CIDR for private endpoints", - "placeholder": "Example: 10.10.1.0/27", - "constraints": { - "required": true, - "regex": "^(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)\\.(25[0-5]|2[0-4]\\d|1\\d\\d|[1-9]?\\d)(?:\/(1[0-9]|2[0-7]))$", - "validationMessage": "Invalid CIDR range. The address prefix must be in the range 10 to 27." - } - }, - { - "name": "privateEndpointVirtualNetworkSelectorId", - "type": "Microsoft.Solutions.ResourceSelector", - "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", - "label": "Private endpoint virtual network", - "resourceType": "Microsoft.Network/virtualNetworks", - "constraints": { - "required": true - }, - "options": { - "filter": { - "subscription": "onBasics", - "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.displayName]" - } - } - }, - { - "name": "privateEndpointSubnetApi", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "[concat(steps('network').privateEndpointVirtualNetworkSelectorId.id, '/subnets?api-version=2021-03-01')]" - } - }, - { - "name": "virtualNetworkPrivateEndpointSubnetSelectorName", - "label": "Private endpoint subnet", - "type": "Microsoft.Common.DropDown", - "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", - "defaultValue": "", - "toolTip": "Select the subnet.", - "multiselect": false, - "selectAll": false, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "constraints": { - "allowedValues": "[map(steps('network').privateEndpointSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", - "required": true - } - }, - { - "name": "existingVirtualNetworkInfoBoxPrivateEndpointWarning", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true))]", - "options": { - "text": "Private endpoint network policy will need to be disabled on the existing subnet before deploying Azure Virtual Desktop LZA.", - "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", - "style": "Warning" - } - }, - { - "name": "virtualNetworkPrivateDnsZone", - "type": "Microsoft.Common.OptionsGroup", - "visible": "[steps('network').deployPrivateEndpointKeyvaultStorage]", - "label": "Azure private DNS zones", - "defaultValue": "Use existing", - "toolTip": "It is recommended to use Azure private DNS zones for private endpoint name spaces, private endpoints will be automatically created for PaaS services (Azure Files and Key Vault) if enabled, but the private DNS zones are required for name resolution of private edpoint DNS records.", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "Create new", - "value": true - }, - { - "label": "Use existing", - "value": false - } - ] - } - }, - { - "name": "privateDnsZoneSelectionWarning1", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false))]", - "options": { - "text": "When using private endpoints, creating a new Azure Virtual Desktop vNet, and providing custom DNS servers, existing Azure private DNS Zones MUST be linked to the vNet where the custom DNS servers are located, this is needed for the end-to-end setup of FSLogix and MSIX App Attach file shares to be successful. The DNS resolution requests will be sent to the custom DNS servers and its vNet is the one that needs to resolve private endpoint DNS records.", - "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", - "style": "Warning" - } - }, - { - "name": "privateDnsZoneSelectionWarning2", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, true))]", - "options": { - "text": "When using private endpoints and creating a new Azure Virtual Desktop vNet and new private DNS zones, custom DNS servers may NOT be used in the new vNet as this will cause FSLogix and/or MSIX App Attach file shares deployments to fail. This happens because the private DNS zones will be linked to the newly created vNet and only this vNet will be able to resolve the private endpoints DNS records.", - "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", - "style": "Warning" - } - }, - { - "name": "privateDnsZoneSelectionWarning3", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, false))]", - "options": { - "text": "When using private endpoints and an existing Azure Virtual Desktop vNet with custom DNS servers configured, existing private DNS zones MUST be linked to the vNet containing the custom DNS servers for FSLogix and/or MSIX App Attach file shares deployments to be successful, given DNS name resolution requests will go to custom DNS servers and their vNet will need to resolve private endpoints DNS records.", - "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", - "style": "Warning" - } - }, - { - "name": "privateDnsZoneSelectionWarning4", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(equals(steps('network').createAvdVirtualNetwork, false), equals(steps('network').deployPrivateEndpointKeyvaultStorage, true), equals(steps('network').virtualNetworkPrivateDnsZone, true))]", - "options": { - "text": "When using private endpoints, an existing Azure Virtual Desktop vNet, and creating new private DNS zones, custom DNS servers may NOT be used (unless they are connected to the same vNet used for the Azure Virtual Desktop dpeloyment) in order for FSlogix/MSIX App Attach deployment to be successful, given that the private DNS zone will be linked to the existing vNet and this will be the only network able to resolve private endpoint DNS records.
***Note: selected options (existing vNet and create DNS zones) are only recommended when using Microsoft Entra ID as identity service provider.", - "uri": "https://docs.microsoft.com/azure/private-link/disable-private-endpoint-network-policy", - "style": "Warning" - } - }, - { - "name": "virtualNetworkPrivateDnsZoneInfo1", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, steps('network').createAvdVirtualNetwork), or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment))]", - "options": { - "text": "The following private DNS zones will be created and linked to the new Azure Virtual Desktop vNet:
Azure Files:
- Azure commercial: privatelink.file.core.windows.net
- Azure government: privatelink.file.core.usgovcloudapi.net
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", - "style": "info" - } - }, - { - "name": "virtualNetworkPrivateDnsZoneInfo2", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, steps('network').createAvdVirtualNetwork), not(steps('storage').storageFslogix.fslogixDeployment), not(steps('storage').storageMsix.msixDeployment))]", - "options": { - "text": "The following private DNS zones will be created and linked to the new Azure Virtual Desktop vNet:
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", - "style": "info" - } - }, - { - "name": "virtualNetworkPrivateDnsZoneInfo3", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, not(steps('network').createAvdVirtualNetwork)), or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment))]", - "options": { - "text": "The following private DNS zones will be created and linked to the existing Azure Virtual Desktop vNet:
Azure Files:
- Azure commercial: privatelink.file.core.windows.net
- Azure government: privatelink.file.core.usgovcloudapi.net
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", - "style": "info" - } - }, - { - "name": "virtualNetworkPrivateDnsZoneInfo4", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(and(steps('network').virtualNetworkPrivateDnsZone, not(steps('network').createAvdVirtualNetwork)), not(steps('storage').storageFslogix.fslogixDeployment), not(steps('storage').storageMsix.msixDeployment))]", - "options": { - "text": "The following private DNS zones will be created and linked to the existing Azure Virtual Desktop vNet:
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", - "style": "info" - } - }, - { - "name": "virtualNetworkPrivateDnsZoneSelection", + "name": "networkSettings", "type": "Microsoft.Common.Section", - "visible": "[and(not(steps('network').virtualNetworkPrivateDnsZone), steps('network').deployPrivateEndpointKeyvaultStorage)]", + "label": "Settings:", + "visible": true, "elements": [ { - "name": "virtualNetworkPrivateDnsZoneFilesSelector", + "name": "avdVirtualNetworkSelectorId", "type": "Microsoft.Solutions.ResourceSelector", - "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", - "label": "Azure files", - "resourceType": "Microsoft.Network/privateDnsZones", - "constraints": { - "required": true - } - }, - { - "name": "virtualNetworkPrivateDnsZoneKeyvaultSelector", - "type": "Microsoft.Solutions.ResourceSelector", - "label": "Key vault", - "resourceType": "Microsoft.Network/privateDnsZones", + "label": "Virtual network", + "resourceType": "Microsoft.Network/virtualNetworks", "constraints": { "required": true - } - }, - { - "name": "infoAzureDNSzones1", - "type": "Microsoft.Common.InfoBox", - "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", - "options": { - "text": "Private DNS zone name spaces:
Azure Files
- Azure commercial: privatelink.file.core.windows.net
- Azure government: privatelink.file.core.usgovcloudapi.net
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", - "style": "info" - } - }, - { - "name": "infoAzureDNSzones2", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(not(steps('storage').storageFslogix.fslogixDeployment), not(steps('storage').storageMsix.msixDeployment))]", - "options": { - "text": "Private DNS zone name space:
Key vault:
- Azure commercial: privatelink.vaultcore.azure.net
- Azure government: privatelink.vaultcore.usgovcloudapi.net", - "style": "info" - } - } - ] - }, - { - "name": "hubVirtualNetworkPeering", - "type": "Microsoft.Common.Section", - "visible": "[steps('network').createAvdVirtualNetwork]", - "label": "Existing hub vNet peering information", - "elements": [ - { - "name": "virtualNetworkPeeringInfoBox1", - "type": "Microsoft.Common.InfoBox", - "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true),not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')))]", - "options": { - "text": "vNet peering will be created to existing vNet hub with access to identity and DNS services .", - "uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context", - "style": "info" - } - }, - { - "name": "hubVirtualNetworkPeeringInfoBox2", - "type": "Microsoft.Common.InfoBox", - "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]", + }, "options": { - "text": "vNet peering to identity services is not required when Microsoft Entra ID as identity service provider .", - "uri": "https://learn.microsoft.com/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join", - "style": "info" + "filter": { + "subscription": "onBasics", + "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.name]" + } } }, { - "name": "hubVirtualNetworkSubs", + "name": "avdSubnetApi", "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "GET", - "path": "subscriptions?api-version=2020-01-01" + "path": "[concat(steps('network').avdVirtualNetworkSelectorId.id, '/subnets?api-version=2021-03-01')]" } }, { - "name": "hubVirtualNetworkSub", + "name": "virtualNetworkAvdSubnetSelectorName", + "label": "Subnet", "type": "Microsoft.Common.DropDown", - "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", - "label": "Hub vNet Subscription", - "toolTip": "", + "defaultValue": "", + "toolTip": "Select the subnet.", "multiselect": false, "selectAll": false, "filter": true, "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSubs.value, (sub) => parse(concat('{\"label\":\"', sub.displayName, '\",\"description\":\"', sub.subscriptionId, '\",\"value\":\"', toLower(sub.subscriptionId), '\"}')) )]", + "allowedValues": "[map(steps('network').avdSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", "required": true } - }, - { - "name": "existingHubVirtualNetworks", - "type": "Microsoft.Solutions.ArmApiControl", - "request": { - "method": "GET", - "path": "[concat('subscriptions/', steps('network').hubVirtualNetworkPeering.hubVirtualNetworkSub, '/providers/Microsoft.Network/virtualNetworks?api-version=2021-08-01')]" - } - }, - { - "name": "existingHubVirtualNetwork", - "type": "Microsoft.Common.DropDown", - "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", - "label": "Hub vNet", - "toolTip": "", - "multiselect": false, - "selectAll": true, - "filter": true, - "filterPlaceholder": "Filter items ...", - "multiLine": true, - "constraints": { - "allowedValues": "[map(steps('network').hubVirtualNetworkPeering.existingHubVirtualNetworks.value, (vnet) => parse(concat('{\"label\":\"', vnet.name, '\",\"description\":\"', vnet.location, '\",\"value\":\"', toLower(vnet.id), '\"}')) )]", - "required": true - } - }, - { - "name": "hubVirtualNetworkGateway", - "type": "Microsoft.Common.CheckBox", - "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]", - "label": "Gateway on hub", - "defaultValue": false, - "toolTip": "This information will be used to set remote gateway settings on vNet peering." } ] } @@ -2002,11 +1627,10 @@ ] }, "outputs": { - "parameters": { - }, + "parameters": {}, "kind": "Subscription", "location": "[steps('basics').resourceScope.location.name]", "subscriptionId": "[steps('basics').resourceScope.subscription.id]" } } -} +} \ No newline at end of file From 800f780245bb74b4da4f05242dcfe7513b92ac2d Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 14:02:47 -0600 Subject: [PATCH 11/15] updates --- .../brownfield/portalUiAddSessionHosts.json | 577 ++---------------- 1 file changed, 53 insertions(+), 524 deletions(-) diff --git a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json index aa2af4157..53226a96a 100644 --- a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json +++ b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json @@ -732,7 +732,7 @@ "visible": true, "elements": [ { - "name": "avdVirtualNetworkSelectorId", + "name": "virtualNetworkSelectorId", "type": "Microsoft.Solutions.ResourceSelector", "label": "Virtual network", "resourceType": "Microsoft.Network/virtualNetworks", @@ -747,28 +747,41 @@ } }, { - "name": "avdSubnetApi", + "name": "subnetApi", "type": "Microsoft.Solutions.ArmApiControl", "request": { "method": "GET", - "path": "[concat(steps('network').avdVirtualNetworkSelectorId.id, '/subnets?api-version=2021-03-01')]" + "path": "[concat(steps('network').networkSettings.virtualNetworkSelectorId.id, '/subnets?api-version=2021-03-01')]" } }, { - "name": "virtualNetworkAvdSubnetSelectorName", + "name": "virtualNetworkSubnetSelectorName", "label": "Subnet", "type": "Microsoft.Common.DropDown", + "visible": "[not(steps('network').createAvdVirtualNetwork)]", "defaultValue": "", - "toolTip": "Select the subnet.", + "toolTip": "Azure Virtual Desktop subnet.", "multiselect": false, "selectAll": false, "filter": true, "filterPlaceholder": "Filter items ...", "multiLine": true, "constraints": { - "allowedValues": "[map(steps('network').avdSubnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", + "allowedValues": "[map(steps('network').networkSettings.subnetApi.value,(item) => parse(concat('{\"label\":\"', item.name, '\",\"value\":\"', item.id, '\",\"description\":\"', 'Resource Group: ', last(take(split(item.id, '/'), 5)), '\"}')))]", "required": true } + }, + { + "name": "applicationSecurityGroupSelectorId", + "type": "Microsoft.Solutions.ResourceSelector", + "label": "Application Security Group", + "resourceType": "Microsoft.Network/applicationSecurityGroups", + "options": { + "filter": { + "subscription": "onBasics", + "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.name]" + } + } } ] } @@ -781,84 +794,47 @@ "visible": true, "elements": [ { - "name": "deployMonitoring", + "name": "configureMonitoring", "type": "Microsoft.Common.CheckBox", "visible": true, - "label": "Deploy monitoring", + "label": "Configure monitoring", "defaultValue": false, "toolTip": "Deploy monitoring settings and if selected deploy Azure log analytics workspace." }, { - "name": "deployMonitoringAlaWorkspace", - "type": "Microsoft.Common.OptionsGroup", - "visible": "[steps('monitoring').deployMonitoring]", - "label": "Log analytics workspace", - "defaultValue": "New", - "toolTip": "Deploy monitoring settings and if selected deploy Azure log analytics workspace.", - "constraints": { - "required": true, - "allowedValues": [ - { - "label": "New", - "value": true - }, - { - "label": "Existing", - "value": false + "name": "motoringSettings", + "type": "Microsoft.Common.Section", + "label": "Settings:", + "visible": "[steps('monitoring').configureMonitoring]", + "elements": [ + { + "name": "monitoringWorkspaceSelection", + "type": "Microsoft.Solutions.ResourceSelector", + "label": "Log analytics workspace", + "resourceType": "Microsoft.OperationalInsights/workspaces", + "constraints": { + "required": true } - ] - } - }, - { - "name": "deployMonitoringNewAlaWorkspaceRetention", - "type": "Microsoft.Common.TextBox", - "visible": "[and(steps('monitoring').deployMonitoring, steps('monitoring').deployMonitoringAlaWorkspace)]", - "label": "Retention policy (Days)", - "toolTip": "Number of days data will be retained in the workspace.", - "defaultValue": 90, - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,90}$", - "validationMessage": "Value must be 1-90 characters." - } - }, - { - "name": "alaWorkspaceExistingWorkspacesSelection", - "type": "Microsoft.Solutions.ResourceSelector", - "visible": "[and(steps('monitoring').deployMonitoring, not(steps('monitoring').deployMonitoringAlaWorkspace))]", - "label": "Existing workspace", - "resourceType": "Microsoft.OperationalInsights/workspaces", - "constraints": { - "required": true - } - }, - { - "name": "deployMonitoringPolicies", - "type": "Microsoft.Common.CheckBox", - "visible": "[steps('monitoring').deployMonitoring]", - "label": "Deploy monitoring policies (subscription level)", - "defaultValue": false, - "toolTip": "Deploy monitoring policy and policy set definitions to set diagnostic settings on new deployed resources." - }, - { - "name": "deployMonitoringInfo1", - "type": "Microsoft.Common.InfoBox", - "visible": "[steps('monitoring').deployMonitoring]", - "options": { - "text": "Azure Virtual Desktop monitoring requires an existing Azure Log Analytics Workspace or the creation of a new one.", - "uri": "https://docs.microsoft.com/azure/virtual-desktop/azure-monitor", - "style": "Info" - } - }, - { - "name": "deployMonitoringInfo2", - "type": "Microsoft.Common.InfoBox", - "visible": "[steps('monitoring').deployMonitoring]", - "options": { - "text": "Deployment will configured all required settings to use the Azure Virtual Desktop insights workbook.", - "uri": "https://learn.microsoft.com/azure/virtual-desktop/azure-monitor?WT.mc_id=Portal-AppInsightsExtension", - "style": "Info" - } + }, + { + "name": "deployMonitoringInfo1", + "type": "Microsoft.Common.InfoBox", + "options": { + "text": "Azure Virtual Desktop monitoring requires an existing Azure Log Analytics Workspace or the creation of a new one.", + "uri": "https://docs.microsoft.com/azure/virtual-desktop/azure-monitor", + "style": "Info" + } + }, + { + "name": "deployMonitoringInfo2", + "type": "Microsoft.Common.InfoBox", + "options": { + "text": "Deployment will configured all required settings to use the Azure Virtual Desktop insights workbook.", + "uri": "https://learn.microsoft.com/azure/virtual-desktop/azure-monitor?WT.mc_id=Portal-AppInsightsExtension", + "style": "Info" + } + } + ] } ] }, @@ -896,152 +872,12 @@ "style": "Warning" } }, - { - "name": "resourceNamingAvdManagementPlane", - "type": "Microsoft.Common.Section", - "label": "Azure Virtual Desktop Management plane naming:", - "visible": "[steps('resourceNaming').resourceNamingSelection]", - "elements": [ - { - "name": "serviceObjectsRgCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Resource group", - "toolTip": "Azure Virtual Desktop management plane resources (Workspace, Host pool, Application groups, Key vault) resource group custom name.", - "placeholder": "Example: rg-avd-app1-dev-use2-service-objects", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,90}$", - "validationMessage": "Value must be 1-90 characters." - } - }, - { - "name": "workSpaceCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Workspace", - "toolTip": "Workspace custom name.", - "placeholder": "Example: vdws-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - }, - { - "name": "workSpaceCustomFriendlyName", - "type": "Microsoft.Common.TextBox", - "label": "Workspace (Friendly name)", - "toolTip": "Workspace custom friendly name.", - "placeholder": "Example: App1 - Dev - East US 2 - 001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - }, - { - "name": "hostPoolCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Host pool", - "toolTip": "Host pool custom name.", - "placeholder": "Example: vdpool-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - }, - { - "name": "hostPoolCustomFriendlyName", - "type": "Microsoft.Common.TextBox", - "label": "Host pool (Friendly name)", - "toolTip": "Host pool custom friendly name.", - "placeholder": "Example: App1 - Dev - East US 2 - 001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - }, - { - "name": "scalingPlanCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Scaling Plan", - "toolTip": "Host pool scaling plan.", - "placeholder": "Example: vdscaling-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - }, - { - "name": "applicationGroupCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Application group", - "toolTip": "Application group custom name.", - "placeholder": "Example: vdag-desktop-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - }, - { - "name": "applicationGroupCustomFriendlyName", - "type": "Microsoft.Common.TextBox", - "label": "Application group (Friendly name)", - "toolTip": "Desktop application group custom name.", - "placeholder": "Example: Desktops - App1 - Dev - East US 2 - 001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - }, - { - "name": "workloadKvCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Key vault prefix", - "toolTip": "Key vault prefix custom name.", - "placeholder": "Example: kv-sec", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,6}$", - "validationMessage": "Value must be 1-6 characters." - } - } - ] - }, { "name": "resourceNamingCompute", "type": "Microsoft.Common.Section", "label": "Compute naming:", "visible": "[steps('resourceNaming').resourceNamingSelection]", "elements": [ - { - "name": "computeObjectsRgCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Resource group", - "toolTip": "Azure Virtual Desktop compute resources (VMs, NICs, Disks, Availability sets) resource group custom name.", - "placeholder": "Example: rg-avd-app1-dev-use2-pool-compute", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,90}$", - "validationMessage": "Value must be 1-90 characters." - } - }, - { - "name": "applicationSecurityGroupCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Applications security group", - "toolTip": "Azure Virtual Desktop application security custom name.", - "placeholder": "Example: asg-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,80}$", - "validationMessage": "Value must be 1-80 characters." - } - }, { "name": "sessionHostCustomNamePrefix", "type": "Microsoft.Common.TextBox", @@ -1070,313 +906,6 @@ } ] }, - { - "name": "resourceNamingStorage", - "type": "Microsoft.Common.Section", - "label": "Storage naming:", - "visible": "[steps('resourceNaming').resourceNamingSelection]", - "elements": [ - { - "name": "resourceNamingStorageInfo1", - "type": "Microsoft.Common.InfoBox", - "visible": "[not(steps('storage').storageFslogix.fslogixDeployment)]", - "options": { - "text": "Current deployment configuration is not creating storage resources for FSLogix.", - "style": "Info" - } - }, - { - "name": "resourceNamingStorageInfo2", - "type": "Microsoft.Common.InfoBox", - "visible": "[not(steps('storage').storageMsix.msixDeployment)]", - "options": { - "text": "Current deployment configuration is not creating storage resources for MSIX App Attach.", - "style": "Info" - } - }, - { - "name": "resourceNamingStorageInfo3", - "type": "Microsoft.Common.InfoBox", - "visible": "[not(steps('sessionHosts').deploySessionHosts)]", - "options": { - "text": "Current deployment configuration is not creating storage resources.", - "style": "Info" - } - }, - { - "name": "storageObjectsRgCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Resource group", - "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", - "toolTip": "Azure Virtual Desktop storage resources (Storage account, file shares, files private endpoints, temporary domain join VM) resource group custom name.", - "placeholder": "Example: rg-avd-app1-dev-use2-storage", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,90}$", - "validationMessage": "Value must be 1-90 characters." - } - }, - { - "name": "storageAccountPrefixCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Storage account prefix", - "visible": "[or(equals(steps('storage').storageFslogix.fslogixDeployment, true), equals(steps('storage').storageMsix.msixDeployment, true))]", - "toolTip": "Azure Virtual Desktop storage account prefix custom name.", - "placeholder": "Example: st", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,2}$", - "validationMessage": "Value must be 1-2 characters." - } - }, - { - "name": "fslogixFileShareCustomName", - "type": "Microsoft.Common.TextBox", - "label": "FSLogix Profile container file share", - "visible": "[steps('storage').storageFslogix.fslogixDeployment]", - "toolTip": "Azure Virtual Desktop fslogix storage account profile container file share prefix custom name.", - "placeholder": "Example: fslogix-pc-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - }, - { - "name": "msixFileShareCustomName", - "type": "Microsoft.Common.TextBox", - "label": "MSIX App Attach container file share", - "visible": "[steps('storage').storageMsix.msixDeployment]", - "toolTip": "Azure Virtual Desktop MSIX App Attach storage account container file share prefix custom name.", - "placeholder": "Example: msix-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - } - ] - }, - { - "name": "resourceNamingNetwork", - "type": "Microsoft.Common.Section", - "label": "Network naming:", - "visible": "[steps('resourceNaming').resourceNamingSelection]", - "elements": [ - { - "name": "resourceNamingNetworkInfo", - "type": "Microsoft.Common.InfoBox", - "visible": "[not(steps('network').createAvdVirtualNetwork)]", - "options": { - "text": "Current deployment configuration is not creating network resources.", - "style": "Info" - } - }, - { - "name": "networkObjectsRgCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Resource group", - "visible": "[steps('network').createAvdVirtualNetwork]", - "toolTip": "Azure Virtual Desktop network resources (vNet, NSG, Route table) resource group custom name.", - "placeholder": "Example: rg-avd-app1-dev-use2-network", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,90}$", - "validationMessage": "Value must be 1-90 characters." - } - }, - { - "name": "virtualNetworkCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Virtual network", - "visible": "[steps('network').createAvdVirtualNetwork]", - "toolTip": "Azure Virtual Desktop virtual network custom name.", - "placeholder": "Example: vnet-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,64}$", - "validationMessage": "Value must be 1-64 characters." - } - }, - { - "name": "virtualNetworkAvdSubnetCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Azure Virtual Desktop Subnet", - "visible": "[steps('network').createAvdVirtualNetwork]", - "toolTip": "Azure Virtual Desktop virtual network subnet custom name.", - "placeholder": "Example: snet-avd-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,80}$", - "validationMessage": "Value must be 1-80 characters." - } - }, - { - "name": "avdNetworkSecurityGroupCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Azure Virtual Desktop Network security group", - "visible": "[steps('network').createAvdVirtualNetwork]", - "toolTip": "Azure Virtual Desktop network security group custom name.", - "placeholder": "Example: nsg-avd-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,80}$", - "validationMessage": "Value must be 1-80 characters." - } - }, - { - "name": "avdRouteTableCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Azure Virtual Desktop Route table", - "visible": "[steps('network').createAvdVirtualNetwork]", - "toolTip": "Azure Virtual Desktop route table custom name.", - "placeholder": "Example: route-avd-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,80}$", - "validationMessage": "Value must be 1-80 characters." - } - }, - { - "name": "virtualNetworkPrivateEndpointSubnetCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Private endpoint subnet", - "visible": "[steps('network').createAvdVirtualNetwork]", - "toolTip": "Azure Virtual Desktop virtual network subnet custom name.", - "placeholder": "Example: snet-pe-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,80}$", - "validationMessage": "Value must be 1-80 characters." - } - }, - { - "name": "privateEndpointNetworkSecurityGroupCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Private endpoint network security group", - "visible": "[steps('network').createAvdVirtualNetwork]", - "toolTip": "Private endpoint network security group custom name.", - "placeholder": "Example: nsg-pe-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,80}$", - "validationMessage": "Value must be 1-80 characters." - } - }, - { - "name": "privateEndpointRouteTableCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Private endpoint route table", - "visible": "[steps('network').createAvdVirtualNetwork]", - "toolTip": "Private endpoint route table custom name.", - "placeholder": "Example: route-pe-app1-dev-use2-001", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,80}$", - "validationMessage": "Value must be 1-80 characters." - } - } - ] - }, - { - "name": "resourceNamingMonitoring", - "type": "Microsoft.Common.Section", - "visible": "[steps('resourceNaming').resourceNamingSelection]", - "label": "Monitoring naming:", - "elements": [ - { - "name": "resourceNamingMonitoringInfo", - "type": "Microsoft.Common.InfoBox", - "visible": "[not(steps('monitoring').deployMonitoring)]", - "options": { - "text": "Current deployment configuration is not creating monitoring resources.", - "style": "Info" - } - }, - { - "name": "monitoringObjectsRgCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Resource group", - "visible": "[and(equals(steps('resourceNaming').resourceNamingSelection, true), equals(steps('monitoring').deployMonitoring, true))]", - "toolTip": "Azure Virtual Desktop monitoring resources (log analytics workspace) resource group custom name.", - "placeholder": "Example: rg-avd-dev-use2-monitoring", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,90}$", - "validationMessage": "Value must be 1-90 characters." - } - }, - { - "name": "monitoringLogAnalyticsWorkspaceName", - "type": "Microsoft.Common.TextBox", - "label": "Log analytics workspace name", - "visible": "[and(equals(steps('resourceNaming').resourceNamingSelection, true), equals(steps('monitoring').deployMonitoring, true), equals(steps('monitoring').deployMonitoringAlaWorkspace, true))]", - "toolTip": "Azure Virtual Desktop monitoring log analytics workspace custom name.", - "placeholder": "Example: log-avd-dev-use2", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,90}$", - "validationMessage": "Value must be 1-90 characters." - } - } - ] - }, - { - "name": "resourceNamingZeroTrust", - "type": "Microsoft.Common.Section", - "label": "Zero Trust naming:", - "visible": "[steps('resourceNaming').resourceNamingSelection]", - "elements": [ - { - "name": "resourceNamingZeroTrustInfo", - "type": "Microsoft.Common.InfoBox", - "visible": "[not(steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", - "options": { - "text": "Current deployment configuration is not creating zero trust resources.", - "style": "Info" - } - }, - { - "name": "zeroTrustObjectsDiskEncryptionSetCustomName", - "type": "Microsoft.Common.TextBox", - "label": "Disk encryption set", - "visible": "[and(steps('resourceNaming').resourceNamingSelection, steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", - "toolTip": "Disk encryption set resource for double encryption of session host disks.", - "placeholder": "Example: des-zt", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,6}$", - "validationMessage": "Value must be 1-90 characters." - } - }, - { - "name": "zeroTrustObjectsKeyVaultCustomPrefix", - "type": "Microsoft.Common.TextBox", - "label": "Key vault prefix", - "visible": "[and(steps('resourceNaming').resourceNamingSelection, steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", - "toolTip": "Key Vault that stores the encryption key for disk encryption.", - "placeholder": "Example: kv-key", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,6}$", - "validationMessage": "Value must be 1-90 characters." - } - }, - { - "name": "zeroTrustObjectsManagedIdentityCustomName", - "type": "Microsoft.Common.TextBox", - "label": "User assigned identity", - "visible": "[and(steps('resourceNaming').resourceNamingSelection, steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskZeroTrust)]", - "toolTip": "User assigned identity that enables server-side encryption and disables network access.", - "placeholder": "Example: id-zt", - "constraints": { - "required": true, - "regex": "^[a-z0-9A-Z-]{1,5}$", - "validationMessage": "Value must be 1-90 characters." - } - } - ] - }, { "name": "resourceNamingInfo2", "type": "Microsoft.Common.InfoBox", From b0f5e3b68b33c73768817e670335d246a6744735 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 13 Nov 2023 14:56:47 -0600 Subject: [PATCH 12/15] updates --- .../brownfield/portalUiAddSessionHosts.json | 33 +------------------ 1 file changed, 1 insertion(+), 32 deletions(-) diff --git a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json index 53226a96a..6cf117495 100644 --- a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json +++ b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json @@ -10,43 +10,12 @@ "name": "basics", "label": "Deployment Basics", "elements": [ - { - "name": "infoPreReq", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "text": "PREREQUISITES REQUIRED \n\nThere are prerequisites that must be setup in your Azure environment to successfully deploy this Azure Virtual Desktop Landing Zone Accelerator. Click here to review the prerequisites in the Getting Started guide.", - "uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started-baseline.md", - "style": "Warning" - } - }, - { - "name": "infoPreReqCheckbox", - "type": "Microsoft.Common.CheckBox", - "visible": true, - "label": "I have read and understand the Azure Virtual Desktop LZA deployment pre-requisites", - "defaultValue": false, - "toolTip": "I have read and understand the Azure Virtual Desktop LZA deployment pre-requisites.", - "constraints": { - "required": true - } - }, - { - "name": "deploymentInfo", - "type": "Microsoft.Common.InfoBox", - "visible": true, - "options": { - "style": "Info", - "text": "The subscription selected in the 'Project details' section below will be used to deploy all resources. \n\nThe region selected in 'Instance details' section below will be used to deploy the Azure Virtual Desktop management plane resources (workspace, host pool, and application group, etc.). These resource types are not available in all regions, but they are globally replicated.\n\nThe session hosts do not have to be deployed to the same region, therefore you will have the option to select that region on the 'Session Hosts' blade.", - "uri": "https://docs.microsoft.com/azure/virtual-desktop/data-locations" - } - }, { "name": "resourceScope", "type": "Microsoft.Common.ResourceScope", "location": { "resourceTypes": [ - "Microsoft.DesktopVirtualization/workspaces" + "Microsoft.Compute/virtualMachines" ] } }, From 9fbab8afc8f22f5b5a68166501cdd2cf2b9d1a1b Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Thu, 16 Nov 2023 06:10:59 -0600 Subject: [PATCH 13/15] updates --- .../deployNewSessionHostsToHostPools.json | 6221 +++++++++++++++++ 1 file changed, 6221 insertions(+) create mode 100644 workload/arm/brownfield/deployNewSessionHostsToHostPools.json diff --git a/workload/arm/brownfield/deployNewSessionHostsToHostPools.json b/workload/arm/brownfield/deployNewSessionHostsToHostPools.json new file mode 100644 index 000000000..45778263f --- /dev/null +++ b/workload/arm/brownfield/deployNewSessionHostsToHostPools.json @@ -0,0 +1,6221 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "10415575556481941453" + } + }, + "parameters": { + "alaWorkspaceResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Log analytics workspace for diagnostic logs. (Default: \"\")" + } + }, + "applicationNameTag": { + "type": "string", + "defaultValue": "Contoso-App", + "metadata": { + "description": "Details about the application." + } + }, + "avsetFaultDomainCount": { + "type": "int", + "defaultValue": 2, + "metadata": { + "description": "Sets the number of fault domains for the availability set. (Default: 2)" + } + }, + "avsetUpdateDomainCount": { + "type": "int", + "defaultValue": 5, + "metadata": { + "description": "Sets the number of update domains for the availability set. (Default: 5)" + } + }, + "asgResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Application Security Group (ASG) for the session hosts. (Default: \"\")" + } + }, + "avsetCustomNamePrefix": { + "type": "string", + "defaultValue": "avail", + "maxLength": 9, + "metadata": { + "description": "AVD availability set custom name. (Default: avail)" + } + }, + "avdImageTemplateDefinitionId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Source custom image ID. (Default: \"\")" + } + }, + "computeRgResourceID": { + "type": "string", + "metadata": { + "description": "Resource Group name for the session hosts. (Default: )" + } + }, + "count": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "Quantity of session hosts to deploy. (Default: 1)" + } + }, + "countIndex": { + "type": "int", + "metadata": { + "description": "The session host number to begin with for the deployment. (Default: )" + } + }, + "customNaming": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "AVD resources custom naming. (Default: false)" + } + }, + "createIntuneEnrollment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Required, Eronll session hosts on Intune. (Default: false)" + } + }, + "createAvdFslogixDeployment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Deploy Fslogix setup. (Default: false)" + } + }, + "createResourceTags": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Apply tags on resources and resource groups. (Default: false)" + } + }, + "costCenterTag": { + "type": "string", + "defaultValue": "Contoso-CC", + "metadata": { + "description": "Cost center of owner team. (Default: Contoso-CC)" + } + }, + "diskEncryptionSetResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "AVD disk encryption set resource ID to enable server side encyption. (Default: \"\")" + } + }, + "departmentTag": { + "type": "string", + "defaultValue": "Contoso-AVD", + "metadata": { + "description": "Department that owns the deployment, (Dafult: Contoso-AVD)" + } + }, + "dataClassificationTag": { + "type": "string", + "defaultValue": "Non-business", + "allowedValues": [ + "Non-business", + "Public", + "General", + "Confidential", + "Highly-confidential" + ], + "metadata": { + "description": "Sensitivity of data hosted (Default: Non-business)" + } + }, + "diskZeroTrust": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Enables a zero trust configuration on the session host disks. (Default: false)" + } + }, + "deployMonitoring": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Deploy AVD monitoring resources and setings. (Default: false)" + } + }, + "deploymentEnvironment": { + "type": "string", + "defaultValue": "Dev", + "allowedValues": [ + "Dev", + "Test", + "Prod" + ], + "metadata": { + "description": "The name of the resource group to deploy. (Default: Dev)" + } + }, + "deploymentPrefix": { + "type": "string", + "defaultValue": "AVD1", + "minLength": 2, + "maxLength": 4, + "metadata": { + "description": "The name of the resource group to deploy. (Default: AVD1)" + } + }, + "domainJoinUserName": { + "type": "string", + "defaultValue": "NoUsername", + "metadata": { + "description": "AVD session host domain join user principal name. (Default: NoUsername)" + } + }, + "diskType": { + "type": "string", + "defaultValue": "Standard_LRS", + "metadata": { + "description": "OS disk type for session host. (Default: Standard_LRS)" + } + }, + "domainJoinPasswordSecretName": { + "type": "string", + "defaultValue": "domainJoinUserPassword", + "metadata": { + "description": "Domain join user password keyvault secret name. (Default: domainJoinUserPassword)" + } + }, + "enableAcceleratedNetworking": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Enables accelerated Networking on the session hosts. (Default: true)" + } + }, + "fslogixStorageAccountName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "FSLogix storage resource ID. (Default: )" + } + }, + "fslogixFileShareName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "FSLogix file share name. (Default: )" + } + }, + "hostPoolResourceID": { + "type": "string", + "metadata": { + "description": "AVD Host Pool resource ID. (Default: )" + } + }, + "identityDomainName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "FQDN of on-premises AD domain, used for FSLogix storage configuration and NTFS setup. (Default: \"\")" + } + }, + "subnetId": { + "type": "string", + "metadata": { + "description": "AVD subnet ID. (Default: )" + } + }, + "location": { + "type": "string", + "metadata": { + "description": "Location where to deploy compute services. (Default: )" + } + }, + "sessionHostCustomNamePrefix": { + "type": "string", + "defaultValue": "vmapp1duse2", + "maxLength": 11, + "metadata": { + "description": "AVD session host prefix custom name. (Default: vmapp1duse2)" + } + }, + "useAvailabilityZones": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Creates an availability zone and adds the VMs to it. Cannot be used in combination with availability set nor scale set. (Default: true)" + } + }, + "identityServiceProvider": { + "type": "string", + "defaultValue": "ADDS", + "metadata": { + "description": "The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" + } + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_D4ads_v5", + "metadata": { + "description": "Session host VM size. (Default: Standard_D4ads_v5)" + } + }, + "securityType": { + "type": "string", + "defaultValue": "TrustedLaunch", + "allowedValues": [ + "Standard", + "TrustedLaunch", + "ConfidentialVM" + ], + "metadata": { + "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" + } + }, + "secureBootEnabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. securityType should be set to TrustedLaunch or ConfidentialVM to enable UefiSettings. (Default: true)" + } + }, + "vTpmEnabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. securityType should be set to TrustedLaunch or ConfidentialVM to enable UefiSettings. (Default: true)" + } + }, + "useSharedImage": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Set to deploy image from Azure Compute Gallery. (Default: false)" + } + }, + "vmLocalUserName": { + "type": "string", + "defaultValue": "avdVmLocalUserName", + "metadata": { + "description": "Local administrator username. (Default: \"\")" + } + }, + "keyVaultResourceId": { + "type": "string", + "metadata": { + "description": "Resource ID of keyvault that contains credentials. (Default: )" + } + }, + "vmLocalAdminPasswordSecretName": { + "type": "string", + "metadata": { + "description": "VM local admin keyvault secret name. (Default: )" + } + }, + "sessionHostOuPath": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "OU path to join AVd VMs. (Default: \"\")" + } + }, + "osImage": { + "type": "string", + "defaultValue": "win11_22h2", + "allowedValues": [ + "win10_21h2", + "win10_21h2_office", + "win10_22h2_g2", + "win10_22h2_office_g2", + "win11_21h2", + "win11_21h2_office", + "win11_22h2", + "win11_22h2_office" + ], + "metadata": { + "description": "AVD OS image SKU. (Default: win11-21h2)" + } + }, + "time": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "Do not modify, used to set unique value for resource deployment." + } + }, + "workloadNameTag": { + "type": "string", + "defaultValue": "Contoso-Workload", + "metadata": { + "description": "The name of workload for tagging purposes. (Default: Contoso-Workload)" + } + }, + "workloadTypeTag": { + "type": "string", + "defaultValue": "Light", + "allowedValues": [ + "Light", + "Medium", + "High", + "Power" + ], + "metadata": { + "description": "Reference to the size of the VM for your workloads (Default: Light)" + } + }, + "workloadCriticalityTag": { + "type": "string", + "defaultValue": "Low", + "allowedValues": [ + "Low", + "Medium", + "High", + "Mission-critical", + "Custom" + ], + "metadata": { + "description": "Criticality of the workload. (Default: Low)" + } + }, + "workloadCriticalityCustomValueTag": { + "type": "string", + "defaultValue": "Contoso-Critical", + "metadata": { + "description": "Tag value for custom criticality value. (Default: Contoso-Critical)" + } + }, + "workloadSlaTag": { + "type": "string", + "defaultValue": "Contoso-SLA", + "metadata": { + "description": "Service level agreement level of the worload. (Contoso-SLA)" + } + }, + "opsTeamTag": { + "type": "string", + "defaultValue": "workload-admins@Contoso.com", + "metadata": { + "description": "Team accountable for day-to-day operations. (workload-admins@Contoso.com)" + } + }, + "ownerTag": { + "type": "string", + "defaultValue": "workload-owner@Contoso.com", + "metadata": { + "description": "Organizational owner of the AVD deployment. (Default: workload-owner@Contoso.com)" + } + } + }, + "variables": { + "$fxv#0": { + "australiacentral": { + "acronym": "auc", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiacentral2": { + "acronym": "auc2", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiaeast": { + "acronym": "aue", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiasoutheast": { + "acronym": "ause", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "brazilsouth": { + "acronym": "brs", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "brazilsoutheast": { + "acronym": "brse", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "canadacentral": { + "acronym": "cac", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "canadaeast": { + "acronym": "cae", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "centralindia": { + "acronym": "inc", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "centralus": { + "acronym": "usc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "chinaeast": { + "acronym": "cne", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinaeast2": { + "acronym": "cne2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth": { + "acronym": "cnn", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth2": { + "acronym": "cnn2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "eastasia": { + "acronym": "ase", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "eastus": { + "acronym": "use", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "eastus2": { + "acronym": "use2", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "francecentral": { + "acronym": "frc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "francesouth": { + "acronym": "frs", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanynorth": { + "acronym": "den", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanywestcentral": { + "acronym": "dewc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "japaneast": { + "acronym": "jpe", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "japanwest": { + "acronym": "jpw", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "jioindiacentral": { + "acronym": "injc", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "jioindiawest": { + "acronym": "injw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "koreacentral": { + "acronym": "krc", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "koreasouth": { + "acronym": "krs", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "northcentralus": { + "acronym": "usnc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "northeurope": { + "acronym": "eun", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "norwayeast": { + "acronym": "noe", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "norwaywest": { + "acronym": "now", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "southafricanorth": { + "acronym": "zan", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southafricawest": { + "acronym": "zaw", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southcentralus": { + "acronym": "ussc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "southeastasia": { + "acronym": "asse", + "timeDifference": "+8:00", + "timeZone": "Singapore Standard Time" + }, + "southindia": { + "acronym": "ins", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "swedencentral": { + "acronym": "sec", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandnorth": { + "acronym": "chn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandwest": { + "acronym": "chw", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "uaecentral": { + "acronym": "aec", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uaenorth": { + "acronym": "aen", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uksouth": { + "acronym": "uks", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "ukwest": { + "acronym": "ukw", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "usdodcentral": { + "acronym": "dodc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usdodeast": { + "acronym": "dode", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "usgovarizona": { + "acronym": "az", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "usgovtexas": { + "acronym": "tx", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usgovvirginia": { + "acronym": "va", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "westcentralus": { + "acronym": "uswc", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "westeurope": { + "acronym": "euw", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "westindia": { + "acronym": "inw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "westus": { + "acronym": "usw", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus2": { + "acronym": "usw2", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus3": { + "acronym": "usw3", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + } + }, + "$fxv#1": { + "win10_21h2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "windows-10", + "sku": "win10-21h2-avd", + "version": "latest" + }, + "win10_21h2_office": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win10-21h2-avd-m365", + "version": "latest" + }, + "win10_22h2_g2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "windows-10", + "sku": "win10-22h2-avd-g2", + "version": "latest" + }, + "win10_22h2_office_g2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win10-22h2-avd-m365-g2", + "version": "latest" + }, + "win11_21h2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "Windows-11", + "sku": "win11-21h2-avd", + "version": "latest" + }, + "win11_21h2_office": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win11-21h2-avd-m365", + "version": "latest" + }, + "win11_22h2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "Windows-11", + "sku": "win11-22h2-avd", + "version": "latest" + }, + "win11_22h2_office": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win11-22h2-avd-m365", + "version": "latest" + }, + "winServer_2022_Datacenter": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-g2", + "version": "latest" + }, + "winServer_2022_Datacenter_smalldisk_g2": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-smalldisk-g2", + "version": "latest" + }, + "winServer_2022_datacenter_core": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-core-g2", + "version": "latest" + }, + "winServer_2022_Datacenter_core_smalldisk_g2": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-core-smalldisk-g2", + "version": "latest" + } + }, + "varDeploymentPrefixLowercase": "[toLower(parameters('deploymentPrefix'))]", + "varSessionHostLocationAcronym": "[variables('varLocations')[variables('varSessionHostLocationLowercase')].acronym]", + "varDeploymentEnvironmentComputeStorage": "[if(equals(parameters('deploymentEnvironment'), 'Dev'), 'd', if(equals(parameters('deploymentEnvironment'), 'Test'), 't', if(equals(parameters('deploymentEnvironment'), 'Prod'), 'p', '')))]", + "varSessionHostNamePrefix": "[if(parameters('customNaming'), parameters('sessionHostCustomNamePrefix'), format('vm{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varSessionHostLocationAcronym')))]", + "varDeploymentEnvironmentLowercase": "[toLower(parameters('deploymentEnvironment'))]", + "varComputeStorageResourcesNamingStandard": "[format('{0}-{1}-{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentLowercase'), variables('varSessionHostLocationAcronym'))]", + "varAvsetNamePrefix": "[if(parameters('customNaming'), format('{0}-{1}', parameters('avsetCustomNamePrefix'), variables('varComputeStorageResourcesNamingStandard')), format('avail-{0}', variables('varComputeStorageResourcesNamingStandard')))]", + "varLocations": "[variables('$fxv#0')]", + "varMarketPlaceGalleryWindows": "[variables('$fxv#1')]", + "varTimeZoneSessionHosts": "[variables('varLocations')[variables('varSessionHostLocationLowercase')].timeZone]", + "varSessionHostLocationLowercase": "[toLower(replace(parameters('location'), ' ', ''))]", + "varMaxAvsetMembersCount": 199, + "varDivisionAvsetValue": "[div(parameters('count'), variables('varMaxAvsetMembersCount'))]", + "varDivisionAvsetRemainderValue": "[mod(parameters('count'), variables('varMaxAvsetMembersCount'))]", + "varAvsetCount": "[if(greater(variables('varDivisionAvsetRemainderValue'), 0), add(variables('varDivisionAvsetValue'), 1), variables('varDivisionAvsetValue'))]", + "varComputeSubId": "[split(parameters('computeRgResourceID'), '/')[2]]", + "varComputeRgName": "[split(parameters('computeRgResourceID'), '/')[4]]", + "varHostpoolSubId": "[split(parameters('hostPoolResourceID'), '/')[2]]", + "varHostpoolRgName": "[split(parameters('hostPoolResourceID'), '/')[4]]", + "varHostPoolName": "[split(parameters('hostPoolResourceID'), '/')[8]]", + "varKeyVaultSubId": "[split(parameters('keyVaultResourceId'), '/')[2]]", + "varKeyVaultRgName": "[split(parameters('keyVaultResourceId'), '/')[4]]", + "varKeyVaultName": "[split(parameters('keyVaultResourceId'), '/')[8]]", + "varManagedDisk": "[if(empty(parameters('diskEncryptionSetResourceId')), createObject('storageAccountType', parameters('diskType')), createObject('diskEncryptionSet', createObject('id', parameters('diskEncryptionSetResourceId')), 'storageAccountType', parameters('diskType')))]", + "varFslogixStorageFqdn": "[if(parameters('createAvdFslogixDeployment'), format('{0}.file.{1}', parameters('fslogixStorageAccountName'), environment().suffixes.storage), '')]", + "varFslogixSharePath": "[if(parameters('createAvdFslogixDeployment'), format('\\\\{0}.file.{1}\\{2}', parameters('fslogixStorageAccountName'), environment().suffixes.storage, parameters('fslogixFileShareName')), '')]", + "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/add-sh/workload/", + "varSessionHostConfigurationScriptUri": "[format('{0}scripts/Set-SessionHostConfiguration.ps1', variables('varBaseScriptUri'))]", + "varSessionHostConfigurationScript": "./Set-SessionHostConfiguration.ps1", + "varAllAvailabilityZones": "[pickZones('Microsoft.Compute', 'virtualMachines', parameters('location'), 3)]", + "varAvdDefaultTags": { + "cm-resource-parent": "[parameters('hostPoolResourceID')]", + "Environment": "[parameters('deploymentEnvironment')]", + "ServiceWorkload": "AVD", + "CreationTimeUTC": "[parameters('time')]" + }, + "varCustomResourceTags": "[if(parameters('createResourceTags'), createObject('WorkloadName', parameters('workloadNameTag'), 'WorkloadType', parameters('workloadTypeTag'), 'DataClassification', parameters('dataClassificationTag'), 'Department', parameters('departmentTag'), 'Criticality', if(equals(parameters('workloadCriticalityTag'), 'Custom'), parameters('workloadCriticalityCustomValueTag'), parameters('workloadCriticalityTag')), 'ApplicationName', parameters('applicationNameTag'), 'ServiceClass', parameters('workloadSlaTag'), 'OpsTeam', parameters('opsTeamTag'), 'Owner', parameters('ownerTag'), 'CostCenter', parameters('costCenterTag')), createObject())]", + "varNicDiagnosticMetricsToEnable": [ + "AllMetrics" + ] + }, + "resources": [ + { + "condition": "[not(parameters('useAvailabilityZones'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('AVD-Availability-Set-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "namePrefix": { + "value": "[variables('varAvsetNamePrefix')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "count": { + "value": "[variables('varAvsetCount')]" + }, + "faultDomainCount": { + "value": "[parameters('avsetFaultDomainCount')]" + }, + "updateDomainCount": { + "value": "[parameters('avsetUpdateDomainCount')]" + }, + "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "1483242996907610497" + } + }, + "parameters": { + "location": { + "type": "string", + "metadata": { + "description": "Location where to deploy compute services." + } + }, + "namePrefix": { + "type": "string", + "metadata": { + "description": "Availablity Set name." + } + }, + "count": { + "type": "int", + "metadata": { + "description": "Availablity Set count." + } + }, + "faultDomainCount": { + "type": "int", + "metadata": { + "description": "Sets the number of fault domains for the availability set." + } + }, + "updateDomainCount": { + "type": "int", + "metadata": { + "description": "Sets the number of update domains for the availability set." + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + } + }, + "resources": [ + { + "copy": { + "name": "availabilitySet", + "count": "[length(range(1, parameters('count')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-{1}', parameters('namePrefix'), padLeft(range(1, parameters('count'))[copyIndex()], 3, '0'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[format('{0}-{1}', parameters('namePrefix'), padLeft(range(1, parameters('count'))[copyIndex()], 3, '0'))]" + }, + "location": { + "value": "[parameters('location')]" + }, + "availabilitySetFaultDomain": { + "value": "[parameters('faultDomainCount')]" + }, + "availabilitySetUpdateDomain": { + "value": "[parameters('updateDomainCount')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "9592547259644072861" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the availability set that is being created." + } + }, + "availabilitySetFaultDomain": { + "type": "int", + "defaultValue": 2, + "metadata": { + "description": "Optional. The number of fault domains to use." + } + }, + "availabilitySetUpdateDomain": { + "type": "int", + "defaultValue": 5, + "metadata": { + "description": "Optional. The number of update domains to use." + } + }, + "availabilitySetSku": { + "type": "string", + "defaultValue": "Aligned", + "metadata": { + "description": "Optional. SKU of the availability set.\r\n- Use \\'Aligned\\' for virtual machines with managed disks.\r\n- Use \\'Classic\\' for virtual machines with unmanaged disks.\r\n" + } + }, + "proximityPlacementGroupId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of a proximity placement group." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Resource location." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the availability set resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/availabilitySets", + "apiVersion": "2022-11-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "platformFaultDomainCount": "[parameters('availabilitySetFaultDomain')]", + "platformUpdateDomainCount": "[parameters('availabilitySetUpdateDomain')]", + "proximityPlacementGroup": "[if(not(empty(parameters('proximityPlacementGroupId'))), createObject('id', parameters('proximityPlacementGroupId')), null())]" + }, + "sku": { + "name": "[parameters('availabilitySetSku')]" + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Compute/availabilitySets/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + ] + }, + { + "copy": { + "name": "availabilitySet_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-AvSet-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "5076096840451227372" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Compute Gallery Sharing Admin": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1ef6a3be-d0ac-425d-8c01-acb62866290b')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Data Operator for Managed Disks": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')]", + "Desktop Virtualization Power On Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')]", + "Desktop Virtualization Power On Off Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "Disk Backup Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')]", + "Disk Pool Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')]", + "Disk Restore Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')]", + "Disk Snapshot Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Reservation Purchaser": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f7b75c60-3036-4b75-91c3-6b41c27c1689')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Compute/availabilitySets/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Compute/availabilitySets', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the availability set." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the availability set." + }, + "value": "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the availability set was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/availabilitySets', parameters('name')), '2022-11-01', 'full').location]" + } + } + } + } + } + ] + } + } + }, + { + "copy": { + "name": "sessionHosts", + "count": "[length(range(1, parameters('count')))]", + "mode": "serial", + "batchSize": 3 + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('SH-{0}-{1}', sub(range(1, parameters('count'))[copyIndex()], 1), parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[format('{0}{1}', variables('varSessionHostNamePrefix'), padLeft(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), 4, '0'))]" + }, + "location": { + "value": "[parameters('location')]" + }, + "timeZone": { + "value": "[variables('varTimeZoneSessionHosts')]" + }, + "systemAssignedIdentity": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('value', true()), createObject('value', false()))]", + "availabilityZone": "[if(parameters('useAvailabilityZones'), createObject('value', take(skip(variables('varAllAvailabilityZones'), mod(range(1, parameters('count'))[copyIndex()], length(variables('varAllAvailabilityZones')))), 1)), createObject('value', createArray()))]", + "encryptionAtHost": { + "value": "[parameters('diskZeroTrust')]" + }, + "availabilitySetResourceId": "[if(parameters('useAvailabilityZones'), createObject('value', ''), createObject('value', format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Compute/availabilitySets/{2}-{3}', variables('varComputeSubId'), variables('varComputeRgName'), variables('varAvsetNamePrefix'), padLeft(add(1, div(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), variables('varMaxAvsetMembersCount'))), 3, '0'))))]", + "osType": { + "value": "Windows" + }, + "licenseType": { + "value": "Windows_Client" + }, + "vmSize": { + "value": "[parameters('vmSize')]" + }, + "securityType": { + "value": "[parameters('securityType')]" + }, + "secureBootEnabled": { + "value": "[parameters('secureBootEnabled')]" + }, + "vTpmEnabled": { + "value": "[parameters('vTpmEnabled')]" + }, + "imageReference": "[if(parameters('useSharedImage'), createObject('value', json(format('{{''id'': ''{0}''}}', parameters('avdImageTemplateDefinitionId')))), createObject('value', variables('varMarketPlaceGalleryWindows')[parameters('osImage')]))]", + "osDisk": { + "value": { + "createOption": "fromImage", + "deleteOption": "Delete", + "diskSizeGB": 128, + "managedDisk": "[variables('varManagedDisk')]" + } + }, + "adminUsername": { + "value": "[parameters('vmLocalUserName')]" + }, + "adminPassword": { + "reference": { + "keyVault": { + "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varKeyVaultSubId')), format('{0}', variables('varKeyVaultRgName'))), 'Microsoft.KeyVault/vaults', variables('varKeyVaultName'))]" + }, + "secretName": "[parameters('vmLocalAdminPasswordSecretName')]" + } + }, + "nicConfigurations": { + "value": [ + { + "nicSuffix": "nic-01-", + "deleteOption": "Delete", + "enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]", + "ipConfigurations": "[if(not(empty(parameters('asgResourceId'))), createArray(createObject('name', 'ipconfig01', 'subnetResourceId', parameters('subnetId'), 'applicationSecurityGroups', createArray(createObject('id', parameters('asgResourceId'))))), createArray(createObject('name', 'ipconfig01', 'subnetResourceId', parameters('subnetId'))))]" + } + ] + }, + "extensionDomainJoinPassword": "[if(or(equals(parameters('identityServiceProvider'), 'ADDS'), equals(parameters('identityServiceProvider'), 'AADDS')), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varKeyVaultSubId')), format('{0}', variables('varKeyVaultRgName'))), 'Microsoft.KeyVault/vaults', variables('varKeyVaultName'))), 'secretName', parameters('domainJoinPasswordSecretName'))), createObject('value', 'domainJoinUserPassword'))]", + "extensionDomainJoinConfig": { + "value": { + "enabled": "[if(or(equals(parameters('identityServiceProvider'), 'ADDS'), equals(parameters('identityServiceProvider'), 'AADDS')), true(), false())]", + "settings": { + "name": "[parameters('identityDomainName')]", + "ouPath": "[if(not(empty(parameters('sessionHostOuPath'))), parameters('sessionHostOuPath'), null())]", + "user": "[parameters('domainJoinUserName')]", + "restart": "true", + "options": "3" + } + } + }, + "extensionAadJoinConfig": { + "value": { + "enabled": "[if(equals(parameters('identityServiceProvider'), 'AAD'), true(), false())]", + "settings": "[if(parameters('createIntuneEnrollment'), createObject('mdmId', '0000000a-0000-0000-c000-000000000000'), createObject())]" + } + }, + "nicdiagnosticMetricsToEnable": "[if(parameters('deployMonitoring'), createObject('value', variables('varNicDiagnosticMetricsToEnable')), createObject('value', createArray()))]", + "diagnosticWorkspaceId": "[if(parameters('deployMonitoring'), createObject('value', parameters('alaWorkspaceResourceId')), createObject('value', ''))]", + "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "3205620537307637582" + } + }, + "parameters": { + "name": { + "type": "string", + "defaultValue": "[take(toLower(uniqueString(resourceGroup().name)), 10)]", + "metadata": { + "description": "Optional. The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name." + } + }, + "vmComputerNamesTransformation": { + "type": "string", + "defaultValue": "none", + "allowedValues": [ + "none", + "uppercase", + "lowercase" + ], + "metadata": { + "description": "Optional. Specifies whether the computer names should be transformed. The transformation is performed on all computer names. Available transformations are 'none' (Default), 'uppercase' and 'lowercase'." + } + }, + "vmSize": { + "type": "string", + "metadata": { + "description": "Required. Specifies the size for the VMs." + } + }, + "encryptionAtHost": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs." + } + }, + "securityType": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings." + } + }, + "secureBootEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings." + } + }, + "vTpmEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings." + } + }, + "imageReference": { + "type": "object", + "metadata": { + "description": "Required. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image." + } + }, + "plan": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use." + } + }, + "osDisk": { + "type": "object", + "metadata": { + "description": "Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs." + } + }, + "dataDisks": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs." + } + }, + "ultraSSDEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled." + } + }, + "adminUsername": { + "type": "securestring", + "metadata": { + "description": "Required. Administrator username." + } + }, + "adminPassword": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. When specifying a Windows Virtual Machine, this value should be passed." + } + }, + "customData": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format." + } + }, + "certificatesToBeInstalled": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Specifies set of certificates that should be installed onto the virtual machine." + } + }, + "priority": { + "type": "string", + "defaultValue": "Regular", + "allowedValues": [ + "Regular", + "Low", + "Spot" + ], + "metadata": { + "description": "Optional. Specifies the priority for the virtual machine." + } + }, + "enableEvictionPolicy": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy." + } + }, + "maxPriceForLowPriorityVm": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars." + } + }, + "dedicatedHostId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Specifies resource ID about the dedicated host that the virtual machine resides in." + } + }, + "licenseType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "Windows_Client", + "Windows_Server", + "" + ], + "metadata": { + "description": "Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system." + } + }, + "publicKeys": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The list of SSH public keys used to authenticate with linux based VMs." + } + }, + "systemAssignedIdentity": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = \"True\"." + } + }, + "userAssignedIdentities": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The ID(s) to assign to the resource." + } + }, + "bootDiagnostics": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled." + } + }, + "bootDiagnosticStorageAccountName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided." + } + }, + "bootDiagnosticStorageAccountUri": { + "type": "string", + "defaultValue": "[format('.blob.{0}/', environment().suffixes.storage)]", + "metadata": { + "description": "Optional. Storage account boot diagnostic base URI." + } + }, + "proximityPlacementGroupResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of a proximity placement group." + } + }, + "availabilitySetResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set." + } + }, + "availabilityZone": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set." + } + }, + "nicConfigurations": { + "type": "array", + "metadata": { + "description": "Required. Configures NICs and PIPs." + } + }, + "pipDiagnosticSettingsName": { + "type": "string", + "defaultValue": "[format('{0}-diagnosticSettings', parameters('name'))]", + "metadata": { + "description": "Optional. The name of the PIP diagnostic setting, if deployed." + } + }, + "pipdiagnosticLogCategoriesToEnable": { + "type": "array", + "defaultValue": [ + "allLogs" + ], + "allowedValues": [ + "allLogs", + "DDoSProtectionNotifications", + "DDoSMitigationFlowLogs", + "DDoSMitigationReports" + ], + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource." + } + }, + "pipdiagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "nicDiagnosticSettingsName": { + "type": "string", + "defaultValue": "[format('{0}-diagnosticSettings', parameters('name'))]", + "metadata": { + "description": "Optional. The name of the NIC diagnostic setting, if deployed." + } + }, + "nicdiagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "backupVaultName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Recovery service vault name to add VMs to backup." + } + }, + "backupVaultResourceGroup": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "Optional. Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default." + } + }, + "backupPolicyName": { + "type": "string", + "defaultValue": "DefaultPolicy", + "metadata": { + "description": "Optional. Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault." + } + }, + "allowExtensionOperations": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine." + } + }, + "extensionDomainJoinPassword": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if name is specified. Password of the user specified in user parameter." + } + }, + "extensionDomainJoinConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Domain Join] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionAadJoinConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [AAD Join] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionAntiMalwareConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Anti Malware] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionMonitoringAgentConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "monitoringWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true." + } + }, + "extensionDependencyAgentConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Dependency Agent] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionNetworkWatcherAgentConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionAzureDiskEncryptionConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the [\"enabled\": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys." + } + }, + "extensionDSCConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionCustomScriptConfig": { + "type": "object", + "defaultValue": { + "enabled": false, + "fileData": [] + }, + "metadata": { + "description": "Optional. The configuration for the [Custom Script] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionCustomScriptProtectedSetting": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "baseTime": { + "type": "string", + "defaultValue": "[utcNow('u')]", + "metadata": { + "description": "Generated. Do not provide a value! This date value is used to generate a registration token." + } + }, + "sasTokenValidityLength": { + "type": "string", + "defaultValue": "PT8H", + "metadata": { + "description": "Optional. SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours." + } + }, + "osType": { + "type": "string", + "allowedValues": [ + "Windows", + "Linux" + ], + "metadata": { + "description": "Required. The chosen OS type." + } + }, + "disablePasswordAuthentication": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies whether password authentication should be disabled." + } + }, + "provisionVMAgent": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later." + } + }, + "enableAutomaticUpdates": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning." + } + }, + "patchMode": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "AutomaticByPlatform", + "AutomaticByOS", + "Manual", + "ImageDefault", + "" + ], + "metadata": { + "description": "Optional. VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'." + } + }, + "patchAssessmentMode": { + "type": "string", + "defaultValue": "ImageDefault", + "allowedValues": [ + "AutomaticByPlatform", + "ImageDefault" + ], + "metadata": { + "description": "Optional. VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours." + } + }, + "timeZone": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`." + } + }, + "additionalUnattendContent": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object." + } + }, + "winRM": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object." + } + }, + "configurationProfile": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction", + "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest", + "" + ], + "metadata": { + "description": "Required. The configuration profile of automanage." + } + } + }, + "variables": { + "copy": [ + { + "name": "publicKeysFormatted", + "count": "[length(parameters('publicKeys'))]", + "input": { + "path": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].path]", + "keyData": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].keyData]" + } + } + ], + "vmComputerNameTransformed": "[if(equals(parameters('vmComputerNamesTransformation'), 'uppercase'), toUpper(parameters('name')), if(equals(parameters('vmComputerNamesTransformation'), 'lowercase'), toLower(parameters('name')), parameters('name')))]", + "linuxConfiguration": { + "disablePasswordAuthentication": "[parameters('disablePasswordAuthentication')]", + "ssh": { + "publicKeys": "[variables('publicKeysFormatted')]" + }, + "provisionVMAgent": "[parameters('provisionVMAgent')]", + "patchSettings": "[if(and(parameters('provisionVMAgent'), or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('ImageDefault')))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]" + }, + "windowsConfiguration": { + "provisionVMAgent": "[parameters('provisionVMAgent')]", + "enableAutomaticUpdates": "[parameters('enableAutomaticUpdates')]", + "patchSettings": "[if(and(parameters('provisionVMAgent'), or(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('AutomaticByOS'))), equals(toLower(parameters('patchMode')), toLower('Manual')))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]", + "timeZone": "[if(empty(parameters('timeZone')), null(), parameters('timeZone'))]", + "additionalUnattendContent": "[if(empty(parameters('additionalUnattendContent')), null(), parameters('additionalUnattendContent'))]", + "winRM": "[if(not(empty(parameters('winRM'))), createObject('listeners', parameters('winRM')), null())]" + }, + "accountSasProperties": { + "signedServices": "b", + "signedPermission": "r", + "signedExpiry": "[dateTimeAdd(parameters('baseTime'), parameters('sasTokenValidityLength'))]", + "signedResourceTypes": "o", + "signedProtocol": "https" + }, + "identityType": "[if(if(parameters('extensionAadJoinConfig').enabled, true(), parameters('systemAssignedIdentity')), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", + "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", + "enableReferencedModulesTelemetry": false + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2022-11-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "identity": "[variables('identity')]", + "tags": "[parameters('tags')]", + "zones": "[if(not(equals(parameters('availabilityZone'), 0)), array(parameters('availabilityZone')), null())]", + "plan": "[if(not(empty(parameters('plan'))), parameters('plan'), null())]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "securityProfile": { + "encryptionAtHost": "[if(parameters('encryptionAtHost'), parameters('encryptionAtHost'), null())]", + "securityType": "[parameters('securityType')]", + "uefiSettings": "[if(equals(parameters('securityType'), 'TrustedLaunch'), createObject('secureBootEnabled', parameters('secureBootEnabled'), 'vTpmEnabled', parameters('vTpmEnabled')), null())]" + }, + "storageProfile": { + "copy": [ + { + "name": "dataDisks", + "count": "[length(parameters('dataDisks'))]", + "input": { + "lun": "[copyIndex('dataDisks')]", + "name": "[format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0'))]", + "diskSizeGB": "[parameters('dataDisks')[copyIndex('dataDisks')].diskSizeGB]", + "createOption": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'createOption'), parameters('dataDisks')[copyIndex('dataDisks')].createOption, 'Empty')]", + "deleteOption": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'deleteOption'), parameters('dataDisks')[copyIndex('dataDisks')].deleteOption, 'Delete')]", + "caching": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'caching'), parameters('dataDisks')[copyIndex('dataDisks')].caching, 'ReadOnly')]", + "managedDisk": { + "storageAccountType": "[parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.storageAccountType]", + "diskEncryptionSet": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSet'), createObject('id', parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.diskEncryptionSet.id), null())]" + } + } + } + ], + "imageReference": "[parameters('imageReference')]", + "osDisk": { + "name": "[format('osdisk-01-{0}', parameters('name'))]", + "createOption": "[if(contains(parameters('osDisk'), 'createOption'), parameters('osDisk').createOption, 'FromImage')]", + "deleteOption": "[if(contains(parameters('osDisk'), 'deleteOption'), parameters('osDisk').deleteOption, 'Delete')]", + "diskSizeGB": "[parameters('osDisk').diskSizeGB]", + "caching": "[if(contains(parameters('osDisk'), 'caching'), parameters('osDisk').caching, 'ReadOnly')]", + "managedDisk": { + "storageAccountType": "[parameters('osDisk').managedDisk.storageAccountType]", + "diskEncryptionSet": "[if(contains(parameters('osDisk').managedDisk, 'diskEncryptionSet'), createObject('id', parameters('osDisk').managedDisk.diskEncryptionSet.id), null())]" + } + } + }, + "additionalCapabilities": { + "ultraSSDEnabled": "[parameters('ultraSSDEnabled')]" + }, + "osProfile": { + "computerName": "[variables('vmComputerNameTransformed')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "customData": "[if(not(empty(parameters('customData'))), base64(parameters('customData')), null())]", + "windowsConfiguration": "[if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null())]", + "linuxConfiguration": "[if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null())]", + "secrets": "[parameters('certificatesToBeInstalled')]", + "allowExtensionOperations": "[parameters('allowExtensionOperations')]" + }, + "networkProfile": { + "copy": [ + { + "name": "networkInterfaces", + "count": "[length(parameters('nicConfigurations'))]", + "input": { + "properties": { + "deleteOption": "[if(contains(parameters('nicConfigurations')[copyIndex('networkInterfaces')], 'deleteOption'), parameters('nicConfigurations')[copyIndex('networkInterfaces')].deleteOption, 'Delete')]", + "primary": "[if(equals(copyIndex('networkInterfaces'), 0), true(), false())]" + }, + "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}{1}', parameters('nicConfigurations')[copyIndex('networkInterfaces')].nicSuffix, parameters('name')))]" + } + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), true(), parameters('bootDiagnostics'))]", + "storageUri": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), format('https://{0}{1}', parameters('bootDiagnosticStorageAccountName'), parameters('bootDiagnosticStorageAccountUri')), null())]" + } + }, + "availabilitySet": "[if(not(empty(parameters('availabilitySetResourceId'))), createObject('id', parameters('availabilitySetResourceId')), null())]", + "proximityPlacementGroup": "[if(not(empty(parameters('proximityPlacementGroupResourceId'))), createObject('id', parameters('proximityPlacementGroupResourceId')), null())]", + "priority": "[parameters('priority')]", + "evictionPolicy": "[if(parameters('enableEvictionPolicy'), 'Deallocate', null())]", + "billingProfile": "[if(and(not(empty(parameters('priority'))), not(empty(parameters('maxPriceForLowPriorityVm')))), createObject('maxPrice', parameters('maxPriceForLowPriorityVm')), null())]", + "host": "[if(not(empty(parameters('dedicatedHostId'))), createObject('id', parameters('dedicatedHostId')), null())]", + "licenseType": "[if(not(empty(parameters('licenseType'))), parameters('licenseType'), null())]" + }, + "dependsOn": [ + "vm_nic" + ] + }, + { + "condition": "[not(empty(parameters('configurationProfile')))]", + "type": "Microsoft.Automanage/configurationProfileAssignments", + "apiVersion": "2021-04-30-preview", + "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "name": "default", + "properties": { + "configurationProfile": "[parameters('configurationProfile')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "copy": { + "name": "vm_nic", + "count": "[length(parameters('nicConfigurations'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-Nic-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "networkInterfaceName": { + "value": "[format('{0}{1}', parameters('nicConfigurations')[copyIndex()].nicSuffix, parameters('name'))]" + }, + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "enableIPForwarding": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'enableIPForwarding'), if(not(empty(parameters('nicConfigurations')[copyIndex()].enableIPForwarding)), createObject('value', parameters('nicConfigurations')[copyIndex()].enableIPForwarding), createObject('value', false())), createObject('value', false()))]", + "enableAcceleratedNetworking": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'enableAcceleratedNetworking'), createObject('value', parameters('nicConfigurations')[copyIndex()].enableAcceleratedNetworking), createObject('value', true()))]", + "dnsServers": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'dnsServers'), if(not(empty(parameters('nicConfigurations')[copyIndex()].dnsServers)), createObject('value', parameters('nicConfigurations')[copyIndex()].dnsServers), createObject('value', createArray())), createObject('value', createArray()))]", + "networkSecurityGroupResourceId": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'networkSecurityGroupResourceId'), createObject('value', parameters('nicConfigurations')[copyIndex()].networkSecurityGroupResourceId), createObject('value', ''))]", + "ipConfigurations": { + "value": "[parameters('nicConfigurations')[copyIndex()].ipConfigurations]" + }, + "lock": { + "value": "[parameters('lock')]" + }, + "diagnosticStorageAccountId": { + "value": "[parameters('diagnosticStorageAccountId')]" + }, + "diagnosticWorkspaceId": { + "value": "[parameters('diagnosticWorkspaceId')]" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "[parameters('diagnosticEventHubAuthorizationRuleId')]" + }, + "diagnosticEventHubName": { + "value": "[parameters('diagnosticEventHubName')]" + }, + "pipDiagnosticSettingsName": { + "value": "[parameters('pipDiagnosticSettingsName')]" + }, + "nicDiagnosticSettingsName": { + "value": "[parameters('nicDiagnosticSettingsName')]" + }, + "pipdiagnosticMetricsToEnable": { + "value": "[parameters('pipdiagnosticMetricsToEnable')]" + }, + "pipdiagnosticLogCategoriesToEnable": { + "value": "[parameters('pipdiagnosticLogCategoriesToEnable')]" + }, + "nicDiagnosticMetricsToEnable": { + "value": "[parameters('nicdiagnosticMetricsToEnable')]" + }, + "roleAssignments": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'roleAssignments'), if(not(empty(parameters('nicConfigurations')[copyIndex()].roleAssignments)), createObject('value', parameters('nicConfigurations')[copyIndex()].roleAssignments), createObject('value', createArray())), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16578501272871551398" + } + }, + "parameters": { + "networkInterfaceName": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "enableIPForwarding": { + "type": "bool", + "defaultValue": false + }, + "enableAcceleratedNetworking": { + "type": "bool", + "defaultValue": false + }, + "dnsServers": { + "type": "array", + "defaultValue": [] + }, + "networkSecurityGroupResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The network security group (NSG) to attach to the network interface." + } + }, + "ipConfigurations": { + "type": "array" + }, + "lock": { + "type": "string", + "defaultValue": "" + }, + "diagnosticStorageAccountId": { + "type": "string" + }, + "diagnosticWorkspaceId": { + "type": "string" + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string" + }, + "diagnosticEventHubName": { + "type": "string" + }, + "pipdiagnosticMetricsToEnable": { + "type": "array" + }, + "pipdiagnosticLogCategoriesToEnable": { + "type": "array" + }, + "nicDiagnosticMetricsToEnable": { + "type": "array" + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "pipDiagnosticSettingsName": { + "type": "string", + "defaultValue": "[format('{0}-diagnosticSettings', parameters('virtualMachineName'))]", + "metadata": { + "description": "Optional. The name of the PIP diagnostic setting, if deployed." + } + }, + "nicDiagnosticSettingsName": { + "type": "string", + "defaultValue": "[format('{0}-diagnosticSettings', parameters('virtualMachineName'))]", + "metadata": { + "description": "Optional. The name of the NIC diagnostic setting, if deployed." + } + } + }, + "variables": { + "enableReferencedModulesTelemetry": false + }, + "resources": [ + { + "copy": { + "name": "networkInterface_publicIPAddresses", + "count": "[length(parameters('ipConfigurations'))]" + }, + "condition": "[contains(parameters('ipConfigurations')[copyIndex()], 'pipconfiguration')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-publicIP-{1}', deployment().name, copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[format('{0}{1}', parameters('virtualMachineName'), parameters('ipConfigurations')[copyIndex()].pipconfiguration.publicIpNameSuffix)]" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "[parameters('diagnosticEventHubAuthorizationRuleId')]" + }, + "diagnosticEventHubName": { + "value": "[parameters('diagnosticEventHubName')]" + }, + "diagnosticLogCategoriesToEnable": { + "value": "[parameters('pipdiagnosticLogCategoriesToEnable')]" + }, + "diagnosticMetricsToEnable": { + "value": "[parameters('pipdiagnosticMetricsToEnable')]" + }, + "diagnosticSettingsName": { + "value": "[parameters('pipDiagnosticSettingsName')]" + }, + "diagnosticStorageAccountId": { + "value": "[parameters('diagnosticStorageAccountId')]" + }, + "diagnosticWorkspaceId": { + "value": "[parameters('diagnosticWorkspaceId')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "lock": { + "value": "[parameters('lock')]" + }, + "publicIPAddressVersion": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPAddressVersion'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPAddressVersion), createObject('value', 'IPv4'))]", + "publicIPAllocationMethod": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPAllocationMethod'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPAllocationMethod), createObject('value', 'Static'))]", + "publicIPPrefixResourceId": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPPrefixResourceId'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPPrefixResourceId), createObject('value', ''))]", + "roleAssignments": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'roleAssignments'), createObject('value', parameters('ipConfigurations')[copyIndex()].roleAssignments), createObject('value', createArray()))]", + "skuName": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'skuName'), createObject('value', parameters('ipConfigurations')[copyIndex()].skuName), createObject('value', 'Standard'))]", + "skuTier": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'skuTier'), createObject('value', parameters('ipConfigurations')[copyIndex()].skuTier), createObject('value', 'Regional'))]", + "tags": { + "value": "[parameters('tags')]" + }, + "zones": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'zones'), createObject('value', parameters('ipConfigurations')[copyIndex()].zones), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14697279465996570029" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the Public IP Address." + } + }, + "publicIPPrefixResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix." + } + }, + "publicIPAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic", + "allowedValues": [ + "Dynamic", + "Static" + ], + "metadata": { + "description": "Optional. The public IP address allocation method." + } + }, + "skuName": { + "type": "string", + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard" + ], + "metadata": { + "description": "Optional. Name of a public IP address SKU." + } + }, + "skuTier": { + "type": "string", + "defaultValue": "Regional", + "allowedValues": [ + "Global", + "Regional" + ], + "metadata": { + "description": "Optional. Tier of a public IP address SKU." + } + }, + "zones": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. A list of availability zones denoting the IP allocated for the resource needs to come from." + } + }, + "publicIPAddressVersion": { + "type": "string", + "defaultValue": "IPv4", + "allowedValues": [ + "IPv4", + "IPv6" + ], + "metadata": { + "description": "Optional. IP address version." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "domainNameLabel": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system." + } + }, + "fqdn": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone." + } + }, + "reverseFqdn": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "diagnosticLogCategoriesToEnable": { + "type": "array", + "defaultValue": [ + "allLogs" + ], + "allowedValues": [ + "allLogs", + "DDoSProtectionNotifications", + "DDoSMitigationFlowLogs", + "DDoSMitigationReports" + ], + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource." + } + }, + "diagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "diagnosticSettingsName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to \"-diagnosticSettings\"." + } + } + }, + "variables": { + "copy": [ + { + "name": "diagnosticsLogsSpecified", + "count": "[length(filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', not(equals(lambdaVariables('item'), 'allLogs')))))]", + "input": { + "category": "[filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', not(equals(lambdaVariables('item'), 'allLogs'))))[copyIndex('diagnosticsLogsSpecified')]]", + "enabled": true + } + }, + { + "name": "diagnosticsMetrics", + "count": "[length(parameters('diagnosticMetricsToEnable'))]", + "input": { + "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]", + "timeGrain": null, + "enabled": true + } + } + ], + "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), variables('diagnosticsLogsSpecified'))]" + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "sku": { + "name": "[parameters('skuName')]", + "tier": "[parameters('skuTier')]" + }, + "zones": "[parameters('zones')]", + "properties": { + "dnsSettings": "[if(not(empty(parameters('domainNameLabel'))), createObject('domainNameLabel', parameters('domainNameLabel'), 'fqdn', parameters('fqdn'), 'reverseFqdn', parameters('reverseFqdn')), null())]", + "publicIPAddressVersion": "[parameters('publicIPAddressVersion')]", + "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]", + "publicIPPrefix": "[if(not(empty(parameters('publicIPPrefixResourceId'))), createObject('id', parameters('publicIPPrefixResourceId')), null())]", + "idleTimeoutInMinutes": 4, + "ipTags": [] + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + ] + }, + { + "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", + "name": "[if(not(empty(parameters('diagnosticSettingsName'))), parameters('diagnosticSettingsName'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]", + "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]", + "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]", + "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]", + "metrics": "[variables('diagnosticsMetrics')]", + "logs": "[variables('diagnosticsLogs')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + ] + }, + { + "copy": { + "name": "publicIpAddress_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PIPAddress-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15781585805590730053" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/publicIPAddresses', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the public IP address was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the public IP address." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the public IP address." + }, + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + }, + "ipAddress": { + "type": "string", + "metadata": { + "description": "The public IP address of the public IP address resource." + }, + "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2022-07-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2022-07-01').ipAddress, '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-NetworkInterface', deployment().name)]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('networkInterfaceName')]" + }, + "ipConfigurations": { + "copy": [ + { + "name": "value", + "count": "[length(parameters('ipConfigurations'))]", + "input": "[createObject('name', if(not(empty(parameters('ipConfigurations')[copyIndex('value')].name)), parameters('ipConfigurations')[copyIndex('value')].name, null()), 'primary', equals(copyIndex('value'), 0), 'privateIPAllocationMethod', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAllocationMethod'), if(not(empty(parameters('ipConfigurations')[copyIndex('value')].privateIPAllocationMethod)), parameters('ipConfigurations')[copyIndex('value')].privateIPAllocationMethod, null()), null()), 'privateIPAddress', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAddress'), if(not(empty(parameters('ipConfigurations')[copyIndex('value')].privateIPAddress)), parameters('ipConfigurations')[copyIndex('value')].privateIPAddress, null()), null()), 'publicIPAddressResourceId', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'pipconfiguration'), resourceId('Microsoft.Network/publicIPAddresses', format('{0}{1}', parameters('virtualMachineName'), parameters('ipConfigurations')[copyIndex('value')].pipconfiguration.publicIpNameSuffix)), null()), 'subnetResourceId', parameters('ipConfigurations')[copyIndex('value')].subnetResourceId, 'loadBalancerBackendAddressPools', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'loadBalancerBackendAddressPools'), parameters('ipConfigurations')[copyIndex('value')].loadBalancerBackendAddressPools, null()), 'applicationSecurityGroups', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'applicationSecurityGroups'), parameters('ipConfigurations')[copyIndex('value')].applicationSecurityGroups, null()), 'applicationGatewayBackendAddressPools', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'applicationGatewayBackendAddressPools'), parameters('ipConfigurations')[copyIndex('value')].applicationGatewayBackendAddressPools, null()), 'gatewayLoadBalancer', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'gatewayLoadBalancer'), parameters('ipConfigurations')[copyIndex('value')].gatewayLoadBalancer, null()), 'loadBalancerInboundNatRules', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'loadBalancerInboundNatRules'), parameters('ipConfigurations')[copyIndex('value')].loadBalancerInboundNatRules, null()), 'privateIPAddressVersion', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAddressVersion'), parameters('ipConfigurations')[copyIndex('value')].privateIPAddressVersion, null()), 'virtualNetworkTaps', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'virtualNetworkTaps'), parameters('ipConfigurations')[copyIndex('value')].virtualNetworkTaps, null()))]" + } + ] + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "[parameters('diagnosticEventHubAuthorizationRuleId')]" + }, + "diagnosticEventHubName": { + "value": "[parameters('diagnosticEventHubName')]" + }, + "diagnosticStorageAccountId": { + "value": "[parameters('diagnosticStorageAccountId')]" + }, + "diagnosticMetricsToEnable": { + "value": "[parameters('nicDiagnosticMetricsToEnable')]" + }, + "diagnosticSettingsName": { + "value": "[parameters('nicDiagnosticSettingsName')]" + }, + "diagnosticWorkspaceId": { + "value": "[parameters('diagnosticWorkspaceId')]" + }, + "dnsServers": "[if(not(empty(parameters('dnsServers'))), createObject('value', parameters('dnsServers')), createObject('value', createArray()))]", + "enableAcceleratedNetworking": { + "value": "[parameters('enableAcceleratedNetworking')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, + "enableIPForwarding": { + "value": "[parameters('enableIPForwarding')]" + }, + "lock": { + "value": "[parameters('lock')]" + }, + "networkSecurityGroupResourceId": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('value', parameters('networkSecurityGroupResourceId')), createObject('value', ''))]", + "roleAssignments": "[if(not(empty(parameters('roleAssignments'))), createObject('value', parameters('roleAssignments')), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17125191375440227612" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the network interface." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "enableIPForwarding": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether IP forwarding is enabled on this network interface." + } + }, + "enableAcceleratedNetworking": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. If the network interface is accelerated networking enabled." + } + }, + "dnsServers": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection." + } + }, + "networkSecurityGroupResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The network security group (NSG) to attach to the network interface." + } + }, + "auxiliaryMode": { + "type": "string", + "defaultValue": "None", + "allowedValues": [ + "Floating", + "MaxConnections", + "None" + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } + }, + "disableTcpStateTracking": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether to disable tcp state tracking. Subscription must be registered for the Microsoft.Network/AllowDisableTcpStateTracking feature before this property can be set to true." + } + }, + "ipConfigurations": { + "type": "array", + "metadata": { + "description": "Required. A list of IPConfigurations of the network interface." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource identifier of log analytics." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "diagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "diagnosticSettingsName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to \"-diagnosticSettings\"." + } + } + }, + "variables": { + "copy": [ + { + "name": "diagnosticsMetrics", + "count": "[length(parameters('diagnosticMetricsToEnable'))]", + "input": { + "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]", + "timeGrain": null, + "enabled": true + } + } + ] + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "copy": [ + { + "name": "ipConfigurations", + "count": "[length(parameters('ipConfigurations'))]", + "input": { + "name": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'name'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].name, format('ipconfig0{0}', add(copyIndex('ipConfigurations'), 1)))]", + "properties": { + "primary": "[if(equals(copyIndex('ipConfigurations'), 0), true(), false())]", + "privateIPAllocationMethod": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAllocationMethod'), if(not(empty(parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAllocationMethod)), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAllocationMethod, null()), null())]", + "privateIPAddress": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAddress'), if(not(empty(parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddress)), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddress, null()), null())]", + "publicIPAddress": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'publicIPAddressResourceId'), if(not(equals(parameters('ipConfigurations')[copyIndex('ipConfigurations')].publicIPAddressResourceId, null())), createObject('id', parameters('ipConfigurations')[copyIndex('ipConfigurations')].publicIPAddressResourceId), null()), null())]", + "subnet": { + "id": "[parameters('ipConfigurations')[copyIndex('ipConfigurations')].subnetResourceId]" + }, + "loadBalancerBackendAddressPools": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'loadBalancerBackendAddressPools'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].loadBalancerBackendAddressPools, null())]", + "applicationSecurityGroups": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'applicationSecurityGroups'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].applicationSecurityGroups, null())]", + "applicationGatewayBackendAddressPools": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'applicationGatewayBackendAddressPools'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].applicationGatewayBackendAddressPools, null())]", + "gatewayLoadBalancer": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'gatewayLoadBalancer'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].gatewayLoadBalancer, null())]", + "loadBalancerInboundNatRules": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'loadBalancerInboundNatRules'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].loadBalancerInboundNatRules, null())]", + "privateIPAddressVersion": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAddressVersion'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddressVersion, null())]", + "virtualNetworkTaps": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'virtualNetworkTaps'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].virtualNetworkTaps, null())]" + } + } + } + ], + "auxiliaryMode": "[parameters('auxiliaryMode')]", + "disableTcpStateTracking": "[parameters('disableTcpStateTracking')]", + "dnsSettings": "[if(not(empty(parameters('dnsServers'))), createObject('dnsServers', parameters('dnsServers')), null())]", + "enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]", + "enableIPForwarding": "[parameters('enableIPForwarding')]", + "networkSecurityGroup": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('id', parameters('networkSecurityGroupResourceId')), null())]" + } + }, + { + "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]", + "name": "[if(not(empty(parameters('diagnosticSettingsName'))), parameters('diagnosticSettingsName'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]", + "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]", + "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]", + "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]", + "metrics": "[variables('diagnosticsMetrics')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + ] + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + ] + }, + { + "copy": { + "name": "networkInterface_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-NIC-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14837312545510225155" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/networkInterfaces/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/networkInterfaces', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed resource." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed resource." + }, + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed resource." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "networkInterface_publicIPAddresses" + ] + } + ] + } + } + }, + { + "condition": "[parameters('extensionAadJoinConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-AADLogin', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "AADLogin" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.ActiveDirectory" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AADLoginForWindows'), createObject('value', 'AADSSHLoginforLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionAadJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAadJoinConfig').typeHandlerVersion), createObject('value', '1.0'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAadJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAadJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionAadJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAadJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": "[if(contains(parameters('extensionAadJoinConfig'), 'settings'), createObject('value', parameters('extensionAadJoinConfig').settings), createObject('value', createObject()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionDomainJoinConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-DomainJoin', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "DomainJoin" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Compute" + }, + "type": { + "value": "JsonADDomainExtension" + }, + "typeHandlerVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDomainJoinConfig').typeHandlerVersion), createObject('value', '1.3'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDomainJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionDomainJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDomainJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": { + "value": "[parameters('extensionDomainJoinConfig').settings]" + }, + "protectedSettings": { + "value": { + "Password": "[parameters('extensionDomainJoinPassword')]" + } + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionAntiMalwareConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "MicrosoftAntiMalware" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.Security" + }, + "type": { + "value": "IaaSAntimalware" + }, + "typeHandlerVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAntiMalwareConfig').typeHandlerVersion), createObject('value', '1.3'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAntiMalwareConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionAntiMalwareConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAntiMalwareConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": { + "value": "[parameters('extensionAntiMalwareConfig').settings]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionMonitoringAgentConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "MicrosoftMonitoringAgent" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.EnterpriseCloud.Monitoring" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'MicrosoftMonitoringAgent'), createObject('value', 'OmsAgentForLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.0'), createObject('value', '1.7')))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": { + "value": { + "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('monitoringWorkspaceId'), '/')[2], split(parameters('monitoringWorkspaceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('monitoringWorkspaceId'), '/'))), '2021-06-01').customerId, '')]" + } + }, + "protectedSettings": { + "value": { + "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('monitoringWorkspaceId'), '/')[2], split(parameters('monitoringWorkspaceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('monitoringWorkspaceId'), '/'))), '2021-06-01').primarySharedKey, '')]" + } + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionDependencyAgentConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-DependencyAgent', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "DependencyAgent" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.Monitoring.DependencyAgent" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'DependencyAgentWindows'), createObject('value', 'DependencyAgentLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDependencyAgentConfig').typeHandlerVersion), createObject('value', '9.5'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDependencyAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionDependencyAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDependencyAgentConfig').enableAutomaticUpgrade), createObject('value', true()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "NetworkWatcherAgent" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.NetworkWatcher" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'NetworkWatcherAgentWindows'), createObject('value', 'NetworkWatcherAgentLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').typeHandlerVersion), createObject('value', '1.4'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionDSCConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "DesiredStateConfiguration" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Powershell" + }, + "type": { + "value": "DSC" + }, + "typeHandlerVersion": "[if(contains(parameters('extensionDSCConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDSCConfig').typeHandlerVersion), createObject('value', '2.77'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDSCConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDSCConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionDSCConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDSCConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": "[if(contains(parameters('extensionDSCConfig'), 'settings'), createObject('value', parameters('extensionDSCConfig').settings), createObject('value', createObject()))]", + "protectedSettings": "[if(contains(parameters('extensionDSCConfig'), 'protectedSettings'), createObject('value', parameters('extensionDSCConfig').protectedSettings), createObject('value', createObject()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionCustomScriptConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "CustomScriptExtension" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'Microsoft.Compute'), createObject('value', 'Microsoft.Azure.Extensions'))]", + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'CustomScriptExtension'), createObject('value', 'CustomScript'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionCustomScriptConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.10'), createObject('value', '2.1')))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionCustomScriptConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionCustomScriptConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionCustomScriptConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": { + "value": { + "copy": [ + { + "name": "fileUris", + "count": "[length(parameters('extensionCustomScriptConfig').fileData)]", + "input": "[if(contains(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')], 'storageAccountId'), format('{0}?{1}', parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri, listAccountSas(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].storageAccountId, '2019-04-01', variables('accountSasProperties')).accountSasToken), parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri)]" + } + ] + } + }, + "protectedSettings": { + "value": "[parameters('extensionCustomScriptProtectedSetting')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location'))))]" + ] + }, + { + "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-AzureDiskEncryption', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "AzureDiskEncryption" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.Security" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AzureDiskEncryption'), createObject('value', 'AzureDiskEncryptionForLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '2.2'), createObject('value', '1.1')))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "forceUpdateTag": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'forceUpdateTag'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').forceUpdateTag), createObject('value', '1.0'))]", + "settings": { + "value": "[parameters('extensionAzureDiskEncryptionConfig').settings]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location'))))]" + ] + }, + { + "condition": "[not(empty(parameters('backupVaultName')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-Backup', uniqueString(deployment().name, parameters('location')))]", + "resourceGroup": "[parameters('backupVaultResourceGroup')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[format('vm;iaasvmcontainerv2;{0};{1}', resourceGroup().name, parameters('name'))]" + }, + "location": { + "value": "[parameters('location')]" + }, + "policyId": { + "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', parameters('backupVaultName'), parameters('backupPolicyName'))]" + }, + "protectedItemType": { + "value": "Microsoft.Compute/virtualMachines" + }, + "protectionContainerName": { + "value": "[format('iaasvmcontainer;iaasvmcontainerv2;{0};{1}', resourceGroup().name, parameters('name'))]" + }, + "recoveryVaultName": { + "value": "[parameters('backupVaultName')]" + }, + "sourceResourceId": { + "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15242592157036190831" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the resource." + } + }, + "protectionContainerName": { + "type": "string", + "metadata": { + "description": "Conditional. Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment." + } + }, + "recoveryVaultName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "protectedItemType": { + "type": "string", + "allowedValues": [ + "AzureFileShareProtectedItem", + "AzureVmWorkloadSAPAseDatabase", + "AzureVmWorkloadSAPHanaDatabase", + "AzureVmWorkloadSQLDatabase", + "DPMProtectedItem", + "GenericProtectedItem", + "MabFileFolderProtectedItem", + "Microsoft.ClassicCompute/virtualMachines", + "Microsoft.Compute/virtualMachines", + "Microsoft.Sql/servers/databases" + ], + "metadata": { + "description": "Required. The backup item type." + } + }, + "policyId": { + "type": "string", + "metadata": { + "description": "Required. ID of the backup policy with which this item is backed up." + } + }, + "sourceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource to back up." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems", + "apiVersion": "2023-01-01", + "name": "[format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "protectedItemType": "[parameters('protectedItemType')]", + "policyId": "[parameters('policyId')]", + "sourceResourceId": "[parameters('sourceResourceId')]" + } + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the protected item was created in." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the protected item." + }, + "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems', split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[0], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[1], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[2], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[3])]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The Name of the protected item." + }, + "value": "[format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name'))]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-AADLogin', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DependencyAgent', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DomainJoin', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location'))))]" + ] + }, + { + "copy": { + "name": "vm_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "9607326914801692122" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Compute Gallery Sharing Admin": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1ef6a3be-d0ac-425d-8c01-acb62866290b')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Data Operator for Managed Disks": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')]", + "Desktop Virtualization Power On Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')]", + "Desktop Virtualization Power On Off Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "Disk Backup Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')]", + "Disk Pool Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')]", + "Disk Restore Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')]", + "Disk Snapshot Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Reservation Purchaser": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f7b75c60-3036-4b75-91c3-6b41c27c1689')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Compute/virtualMachines/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Compute/virtualMachines', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the VM." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the VM." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the VM was created in." + }, + "value": "[resourceGroup().name]" + }, + "systemAssignedPrincipalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity.principalId, '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varComputeSubId')), format('{0}', variables('varComputeRgName'))), 'Microsoft.Resources/deployments', format('AVD-Availability-Set-{0}', parameters('time')))]" + ] + }, + { + "copy": { + "name": "sessionHostsAntimalwareExtension", + "count": "[length(range(1, parameters('count')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('SH-Antimal-{0}-{1}', sub(range(1, parameters('count'))[copyIndex()], 1), parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "virtualMachineName": { + "value": "[format('{0}{1}', variables('varSessionHostNamePrefix'), padLeft(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), 4, '0'))]" + }, + "name": { + "value": "MicrosoftAntiMalware" + }, + "publisher": { + "value": "Microsoft.Azure.Security" + }, + "type": { + "value": "IaaSAntimalware" + }, + "typeHandlerVersion": { + "value": "1.3" + }, + "autoUpgradeMinorVersion": { + "value": true + }, + "enableAutomaticUpgrade": { + "value": false + }, + "settings": { + "value": { + "AntimalwareEnabled": true, + "RealtimeProtectionEnabled": "true", + "ScheduledScanSettings": { + "isEnabled": "true", + "day": "7", + "time": "120", + "scanType": "Quick" + }, + "Exclusions": "[if(parameters('createAvdFslogixDeployment'), createObject('Extensions', '*.vhd;*.vhdx', 'Paths', format('\"%ProgramFiles%\\FSLogix\\Apps\\frxdrv.sys;%ProgramFiles%\\FSLogix\\Apps\\frxccd.sys;%ProgramFiles%\\FSLogix\\Apps\\frxdrvvt.sys;%TEMP%\\*.VHD;%TEMP%\\*.VHDX;%Windir%\\TEMP\\*.VHD;%Windir%\\TEMP\\*.VHDX;{0}\\*\\*.VHD;{1}\\*\\*.VHDX', variables('varFslogixSharePath'), variables('varFslogixSharePath')), 'Processes', '%ProgramFiles%\\FSLogix\\Apps\\frxccd.exe;%ProgramFiles%\\FSLogix\\Apps\\frxccds.exe;%ProgramFiles%\\FSLogix\\Apps\\frxsvc.exe'), createObject())]" + } + }, + "enableDefaultTelemetry": { + "value": false + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "sessionHosts" + ] + }, + { + "copy": { + "name": "monitoring", + "count": "[length(range(1, parameters('count')))]" + }, + "condition": "[parameters('deployMonitoring')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('SH-Mon-{0}-{1}', sub(range(1, parameters('count'))[copyIndex()], 1), parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "virtualMachineName": { + "value": "[format('{0}{1}', variables('varSessionHostNamePrefix'), padLeft(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), 4, '0'))]" + }, + "name": { + "value": "MicrosoftMonitoringAgent" + }, + "publisher": { + "value": "Microsoft.EnterpriseCloud.Monitoring" + }, + "type": { + "value": "MicrosoftMonitoringAgent" + }, + "typeHandlerVersion": { + "value": "1.0" + }, + "autoUpgradeMinorVersion": { + "value": true + }, + "enableAutomaticUpgrade": { + "value": false + }, + "settings": { + "value": { + "workspaceId": "[if(not(empty(parameters('alaWorkspaceResourceId'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('alaWorkspaceResourceId'), '/')[2], split(parameters('alaWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('alaWorkspaceResourceId'), '/'))), '2021-06-01').customerId, '')]" + } + }, + "protectedSettings": { + "value": { + "workspaceKey": "[if(not(empty(parameters('alaWorkspaceResourceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('alaWorkspaceResourceId'), '/')[2], split(parameters('alaWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('alaWorkspaceResourceId'), '/'))), '2021-06-01').primarySharedKey, '')]" + } + }, + "enableDefaultTelemetry": { + "value": false + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "sessionHostsAntimalwareExtension" + ] + }, + { + "copy": { + "name": "sessionHostConfiguration", + "count": "[length(range(1, parameters('count')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('SH-Config-{0}-{1}', range(1, parameters('count'))[copyIndex()], parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "name": { + "value": "[format('{0}{1}', variables('varSessionHostNamePrefix'), padLeft(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), 4, '0'))]" + }, + "hostPoolToken": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varHostpoolSubId')), format('{0}', variables('varHostpoolRgName'))), 'Microsoft.DesktopVirtualization/hostPools', variables('varHostPoolName')), '2019-12-10-preview').registrationInfo.token]" + }, + "baseScriptUri": { + "value": "[variables('varSessionHostConfigurationScriptUri')]" + }, + "scriptName": { + "value": "[variables('varSessionHostConfigurationScript')]" + }, + "fslogix": { + "value": "[parameters('createAvdFslogixDeployment')]" + }, + "identityDomainName": { + "value": "[parameters('identityDomainName')]" + }, + "vmSize": { + "value": "[parameters('vmSize')]" + }, + "fslogixFileShare": { + "value": "[variables('varFslogixSharePath')]" + }, + "fslogixStorageFqdn": { + "value": "[variables('varFslogixStorageFqdn')]" + }, + "identityServiceProvider": { + "value": "[parameters('identityServiceProvider')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16467384531279284955" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Extension deployment name." + } + }, + "identityServiceProvider": { + "type": "string", + "metadata": { + "description": "The service providing domain services for Azure Virtual Desktop." + } + }, + "identityDomainName": { + "type": "string", + "metadata": { + "description": "Identity domain name." + } + }, + "location": { + "type": "string", + "metadata": { + "description": "Location where to deploy compute services." + } + }, + "baseScriptUri": { + "type": "string", + "metadata": { + "description": "URI for AVD session host configuration URI path." + } + }, + "scriptName": { + "type": "string", + "metadata": { + "description": "URI for AVD session host configuration script." + } + }, + "fslogix": { + "type": "bool", + "metadata": { + "description": "Deploy FSlogix configuration." + } + }, + "fslogixFileShare": { + "type": "string", + "metadata": { + "description": "File share path for FSlogix storage." + } + }, + "fslogixStorageFqdn": { + "type": "string", + "metadata": { + "description": "FSLogix storage account FDQN." + } + }, + "vmSize": { + "type": "string", + "metadata": { + "description": "Session host VM size." + } + }, + "hostPoolToken": { + "type": "securestring", + "metadata": { + "description": "AVD Host Pool registration token" + } + } + }, + "variables": { + "varScriptArguments": "[format('-IdentityDomainName {0} -AmdVmSize {1} -IdentityServiceProvider {2} -Fslogix {3} -FslogixFileShare {4} -FslogixStorageFqdn {5} -HostPoolRegistrationToken {6} -NvidiaVmSize {7} -verbose', parameters('identityDomainName'), variables('varAmdVmSize'), parameters('identityServiceProvider'), parameters('fslogix'), parameters('fslogixFileShare'), parameters('fslogixStorageFqdn'), parameters('hostPoolToken'), variables('varNvidiaVmSize'))]", + "varAmdVmSizes": [ + "Standard_NV4as_v4", + "Standard_NV8as_v4", + "Standard_NV16as_v4", + "Standard_NV32as_v4" + ], + "varAmdVmSize": "[contains(variables('varAmdVmSizes'), parameters('vmSize'))]", + "varNvidiaVmSizes": [ + "Standard_NV6", + "Standard_NV12", + "Standard_NV24", + "Standard_NV12s_v3", + "Standard_NV24s_v3", + "Standard_NV48s_v3", + "Standard_NC4as_T4_v3", + "Standard_NC8as_T4_v3", + "Standard_NC16as_T4_v3", + "Standard_NC64as_T4_v3", + "Standard_NV6ads_A10_v5", + "Standard_NV12ads_A10_v5", + "Standard_NV18ads_A10_v5", + "Standard_NV36ads_A10_v5", + "Standard_NV36adms_A10_v5", + "Standard_NV72ads_A10_v5" + ], + "varNvidiaVmSize": "[contains(variables('varNvidiaVmSizes'), parameters('vmSize'))]" + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-08-01", + "name": "[format('{0}/SessionHostConfig', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": "[array(parameters('baseScriptUri'))]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptName'), variables('varScriptArguments'))]" + } + } + } + ] + } + }, + "dependsOn": [ + "monitoring", + "sessionHosts" + ] + } + ] +} \ No newline at end of file From 6be333017cfed0fdd19253198095fa564441468c Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Thu, 16 Nov 2023 07:35:11 -0600 Subject: [PATCH 14/15] updates --- .../deployNewSessionHostsToHostPools.json | 4 +- .../brownfield/addSessionHosts/deploy.bicep | 2 +- .../brownfield/addSessionHosts/deploy.json | 6221 +++++++++++++++++ .../brownfield/portalUiAddSessionHosts.json | 60 +- .../portal-ui/brownfield/portalUiAlerts.json | 4 +- .../brownfield/portalUiAppAttachToolsVM.json | 2 +- ...alUiAutoIncreasePremiumFileShareQuota.json | 2 +- .../brownfield/portalUiScalingTool.json | 2 +- .../brownfield/portalUiStartVmOnConnect.json | 2 +- 9 files changed, 6284 insertions(+), 15 deletions(-) create mode 100644 workload/bicep/brownfield/addSessionHosts/deploy.json diff --git a/workload/arm/brownfield/deployNewSessionHostsToHostPools.json b/workload/arm/brownfield/deployNewSessionHostsToHostPools.json index 45778263f..e15fb08fa 100644 --- a/workload/arm/brownfield/deployNewSessionHostsToHostPools.json +++ b/workload/arm/brownfield/deployNewSessionHostsToHostPools.json @@ -1,11 +1,11 @@ { - "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "10415575556481941453" + "templateHash": "14113926143591912424" } }, "parameters": { diff --git a/workload/bicep/brownfield/addSessionHosts/deploy.bicep b/workload/bicep/brownfield/addSessionHosts/deploy.bicep index 81c4380fb..0bc0a4ab1 100644 --- a/workload/bicep/brownfield/addSessionHosts/deploy.bicep +++ b/workload/bicep/brownfield/addSessionHosts/deploy.bicep @@ -1,4 +1,4 @@ -targetScope = 'subscription' +targetScope = 'resourceGroup' // ========== // // Parameters // diff --git a/workload/bicep/brownfield/addSessionHosts/deploy.json b/workload/bicep/brownfield/addSessionHosts/deploy.json new file mode 100644 index 000000000..e15fb08fa --- /dev/null +++ b/workload/bicep/brownfield/addSessionHosts/deploy.json @@ -0,0 +1,6221 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14113926143591912424" + } + }, + "parameters": { + "alaWorkspaceResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Log analytics workspace for diagnostic logs. (Default: \"\")" + } + }, + "applicationNameTag": { + "type": "string", + "defaultValue": "Contoso-App", + "metadata": { + "description": "Details about the application." + } + }, + "avsetFaultDomainCount": { + "type": "int", + "defaultValue": 2, + "metadata": { + "description": "Sets the number of fault domains for the availability set. (Default: 2)" + } + }, + "avsetUpdateDomainCount": { + "type": "int", + "defaultValue": 5, + "metadata": { + "description": "Sets the number of update domains for the availability set. (Default: 5)" + } + }, + "asgResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Application Security Group (ASG) for the session hosts. (Default: \"\")" + } + }, + "avsetCustomNamePrefix": { + "type": "string", + "defaultValue": "avail", + "maxLength": 9, + "metadata": { + "description": "AVD availability set custom name. (Default: avail)" + } + }, + "avdImageTemplateDefinitionId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Source custom image ID. (Default: \"\")" + } + }, + "computeRgResourceID": { + "type": "string", + "metadata": { + "description": "Resource Group name for the session hosts. (Default: )" + } + }, + "count": { + "type": "int", + "defaultValue": 1, + "metadata": { + "description": "Quantity of session hosts to deploy. (Default: 1)" + } + }, + "countIndex": { + "type": "int", + "metadata": { + "description": "The session host number to begin with for the deployment. (Default: )" + } + }, + "customNaming": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "AVD resources custom naming. (Default: false)" + } + }, + "createIntuneEnrollment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Required, Eronll session hosts on Intune. (Default: false)" + } + }, + "createAvdFslogixDeployment": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Deploy Fslogix setup. (Default: false)" + } + }, + "createResourceTags": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Apply tags on resources and resource groups. (Default: false)" + } + }, + "costCenterTag": { + "type": "string", + "defaultValue": "Contoso-CC", + "metadata": { + "description": "Cost center of owner team. (Default: Contoso-CC)" + } + }, + "diskEncryptionSetResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "AVD disk encryption set resource ID to enable server side encyption. (Default: \"\")" + } + }, + "departmentTag": { + "type": "string", + "defaultValue": "Contoso-AVD", + "metadata": { + "description": "Department that owns the deployment, (Dafult: Contoso-AVD)" + } + }, + "dataClassificationTag": { + "type": "string", + "defaultValue": "Non-business", + "allowedValues": [ + "Non-business", + "Public", + "General", + "Confidential", + "Highly-confidential" + ], + "metadata": { + "description": "Sensitivity of data hosted (Default: Non-business)" + } + }, + "diskZeroTrust": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Enables a zero trust configuration on the session host disks. (Default: false)" + } + }, + "deployMonitoring": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Deploy AVD monitoring resources and setings. (Default: false)" + } + }, + "deploymentEnvironment": { + "type": "string", + "defaultValue": "Dev", + "allowedValues": [ + "Dev", + "Test", + "Prod" + ], + "metadata": { + "description": "The name of the resource group to deploy. (Default: Dev)" + } + }, + "deploymentPrefix": { + "type": "string", + "defaultValue": "AVD1", + "minLength": 2, + "maxLength": 4, + "metadata": { + "description": "The name of the resource group to deploy. (Default: AVD1)" + } + }, + "domainJoinUserName": { + "type": "string", + "defaultValue": "NoUsername", + "metadata": { + "description": "AVD session host domain join user principal name. (Default: NoUsername)" + } + }, + "diskType": { + "type": "string", + "defaultValue": "Standard_LRS", + "metadata": { + "description": "OS disk type for session host. (Default: Standard_LRS)" + } + }, + "domainJoinPasswordSecretName": { + "type": "string", + "defaultValue": "domainJoinUserPassword", + "metadata": { + "description": "Domain join user password keyvault secret name. (Default: domainJoinUserPassword)" + } + }, + "enableAcceleratedNetworking": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Enables accelerated Networking on the session hosts. (Default: true)" + } + }, + "fslogixStorageAccountName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "FSLogix storage resource ID. (Default: )" + } + }, + "fslogixFileShareName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "FSLogix file share name. (Default: )" + } + }, + "hostPoolResourceID": { + "type": "string", + "metadata": { + "description": "AVD Host Pool resource ID. (Default: )" + } + }, + "identityDomainName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "FQDN of on-premises AD domain, used for FSLogix storage configuration and NTFS setup. (Default: \"\")" + } + }, + "subnetId": { + "type": "string", + "metadata": { + "description": "AVD subnet ID. (Default: )" + } + }, + "location": { + "type": "string", + "metadata": { + "description": "Location where to deploy compute services. (Default: )" + } + }, + "sessionHostCustomNamePrefix": { + "type": "string", + "defaultValue": "vmapp1duse2", + "maxLength": 11, + "metadata": { + "description": "AVD session host prefix custom name. (Default: vmapp1duse2)" + } + }, + "useAvailabilityZones": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Creates an availability zone and adds the VMs to it. Cannot be used in combination with availability set nor scale set. (Default: true)" + } + }, + "identityServiceProvider": { + "type": "string", + "defaultValue": "ADDS", + "metadata": { + "description": "The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" + } + }, + "vmSize": { + "type": "string", + "defaultValue": "Standard_D4ads_v5", + "metadata": { + "description": "Session host VM size. (Default: Standard_D4ads_v5)" + } + }, + "securityType": { + "type": "string", + "defaultValue": "TrustedLaunch", + "allowedValues": [ + "Standard", + "TrustedLaunch", + "ConfidentialVM" + ], + "metadata": { + "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" + } + }, + "secureBootEnabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. securityType should be set to TrustedLaunch or ConfidentialVM to enable UefiSettings. (Default: true)" + } + }, + "vTpmEnabled": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. securityType should be set to TrustedLaunch or ConfidentialVM to enable UefiSettings. (Default: true)" + } + }, + "useSharedImage": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Set to deploy image from Azure Compute Gallery. (Default: false)" + } + }, + "vmLocalUserName": { + "type": "string", + "defaultValue": "avdVmLocalUserName", + "metadata": { + "description": "Local administrator username. (Default: \"\")" + } + }, + "keyVaultResourceId": { + "type": "string", + "metadata": { + "description": "Resource ID of keyvault that contains credentials. (Default: )" + } + }, + "vmLocalAdminPasswordSecretName": { + "type": "string", + "metadata": { + "description": "VM local admin keyvault secret name. (Default: )" + } + }, + "sessionHostOuPath": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "OU path to join AVd VMs. (Default: \"\")" + } + }, + "osImage": { + "type": "string", + "defaultValue": "win11_22h2", + "allowedValues": [ + "win10_21h2", + "win10_21h2_office", + "win10_22h2_g2", + "win10_22h2_office_g2", + "win11_21h2", + "win11_21h2_office", + "win11_22h2", + "win11_22h2_office" + ], + "metadata": { + "description": "AVD OS image SKU. (Default: win11-21h2)" + } + }, + "time": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "Do not modify, used to set unique value for resource deployment." + } + }, + "workloadNameTag": { + "type": "string", + "defaultValue": "Contoso-Workload", + "metadata": { + "description": "The name of workload for tagging purposes. (Default: Contoso-Workload)" + } + }, + "workloadTypeTag": { + "type": "string", + "defaultValue": "Light", + "allowedValues": [ + "Light", + "Medium", + "High", + "Power" + ], + "metadata": { + "description": "Reference to the size of the VM for your workloads (Default: Light)" + } + }, + "workloadCriticalityTag": { + "type": "string", + "defaultValue": "Low", + "allowedValues": [ + "Low", + "Medium", + "High", + "Mission-critical", + "Custom" + ], + "metadata": { + "description": "Criticality of the workload. (Default: Low)" + } + }, + "workloadCriticalityCustomValueTag": { + "type": "string", + "defaultValue": "Contoso-Critical", + "metadata": { + "description": "Tag value for custom criticality value. (Default: Contoso-Critical)" + } + }, + "workloadSlaTag": { + "type": "string", + "defaultValue": "Contoso-SLA", + "metadata": { + "description": "Service level agreement level of the worload. (Contoso-SLA)" + } + }, + "opsTeamTag": { + "type": "string", + "defaultValue": "workload-admins@Contoso.com", + "metadata": { + "description": "Team accountable for day-to-day operations. (workload-admins@Contoso.com)" + } + }, + "ownerTag": { + "type": "string", + "defaultValue": "workload-owner@Contoso.com", + "metadata": { + "description": "Organizational owner of the AVD deployment. (Default: workload-owner@Contoso.com)" + } + } + }, + "variables": { + "$fxv#0": { + "australiacentral": { + "acronym": "auc", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiacentral2": { + "acronym": "auc2", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiaeast": { + "acronym": "aue", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "australiasoutheast": { + "acronym": "ause", + "timeDifference": "+10:00", + "timeZone": "AUS Eastern Standard Time" + }, + "brazilsouth": { + "acronym": "brs", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "brazilsoutheast": { + "acronym": "brse", + "timeDifference": "-3:00", + "timeZone": "E. South America Standard Time" + }, + "canadacentral": { + "acronym": "cac", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "canadaeast": { + "acronym": "cae", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "centralindia": { + "acronym": "inc", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "centralus": { + "acronym": "usc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "chinaeast": { + "acronym": "cne", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinaeast2": { + "acronym": "cne2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth": { + "acronym": "cnn", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "chinanorth2": { + "acronym": "cnn2", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "eastasia": { + "acronym": "ase", + "timeDifference": "+8:00", + "timeZone": "China Standard Time" + }, + "eastus": { + "acronym": "use", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "eastus2": { + "acronym": "use2", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "francecentral": { + "acronym": "frc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "francesouth": { + "acronym": "frs", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanynorth": { + "acronym": "den", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "germanywestcentral": { + "acronym": "dewc", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "japaneast": { + "acronym": "jpe", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "japanwest": { + "acronym": "jpw", + "timeDifference": "+9:00", + "timeZone": "Tokyo Standard Time" + }, + "jioindiacentral": { + "acronym": "injc", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "jioindiawest": { + "acronym": "injw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "koreacentral": { + "acronym": "krc", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "koreasouth": { + "acronym": "krs", + "timeDifference": "+9:00", + "timeZone": "Korea Standard Time" + }, + "northcentralus": { + "acronym": "usnc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "northeurope": { + "acronym": "eun", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "norwayeast": { + "acronym": "noe", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "norwaywest": { + "acronym": "now", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "southafricanorth": { + "acronym": "zan", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southafricawest": { + "acronym": "zaw", + "timeDifference": "+2:00", + "timeZone": "South Africa Standard Time" + }, + "southcentralus": { + "acronym": "ussc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "southeastasia": { + "acronym": "asse", + "timeDifference": "+8:00", + "timeZone": "Singapore Standard Time" + }, + "southindia": { + "acronym": "ins", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "swedencentral": { + "acronym": "sec", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandnorth": { + "acronym": "chn", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "switzerlandwest": { + "acronym": "chw", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "uaecentral": { + "acronym": "aec", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uaenorth": { + "acronym": "aen", + "timeDifference": "+3:00", + "timeZone": "Arabian Standard Time" + }, + "uksouth": { + "acronym": "uks", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "ukwest": { + "acronym": "ukw", + "timeDifference": "0:00", + "timeZone": "GMT Standard Time" + }, + "usdodcentral": { + "acronym": "dodc", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usdodeast": { + "acronym": "dode", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "usgovarizona": { + "acronym": "az", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "usgovtexas": { + "acronym": "tx", + "timeDifference": "-6:00", + "timeZone": "Central Standard Time" + }, + "usgovvirginia": { + "acronym": "va", + "timeDifference": "-5:00", + "timeZone": "Eastern Standard Time" + }, + "westcentralus": { + "acronym": "uswc", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + }, + "westeurope": { + "acronym": "euw", + "timeDifference": "+1:00", + "timeZone": "Central Europe Standard Time" + }, + "westindia": { + "acronym": "inw", + "timeDifference": "+5:30", + "timeZone": "India Standard Time" + }, + "westus": { + "acronym": "usw", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus2": { + "acronym": "usw2", + "timeDifference": "-8:00", + "timeZone": "Pacific Standard Time" + }, + "westus3": { + "acronym": "usw3", + "timeDifference": "-7:00", + "timeZone": "Mountain Standard Time" + } + }, + "$fxv#1": { + "win10_21h2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "windows-10", + "sku": "win10-21h2-avd", + "version": "latest" + }, + "win10_21h2_office": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win10-21h2-avd-m365", + "version": "latest" + }, + "win10_22h2_g2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "windows-10", + "sku": "win10-22h2-avd-g2", + "version": "latest" + }, + "win10_22h2_office_g2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win10-22h2-avd-m365-g2", + "version": "latest" + }, + "win11_21h2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "Windows-11", + "sku": "win11-21h2-avd", + "version": "latest" + }, + "win11_21h2_office": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win11-21h2-avd-m365", + "version": "latest" + }, + "win11_22h2": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "Windows-11", + "sku": "win11-22h2-avd", + "version": "latest" + }, + "win11_22h2_office": { + "publisher": "MicrosoftWindowsDesktop", + "offer": "office-365", + "sku": "win11-22h2-avd-m365", + "version": "latest" + }, + "winServer_2022_Datacenter": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-g2", + "version": "latest" + }, + "winServer_2022_Datacenter_smalldisk_g2": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-smalldisk-g2", + "version": "latest" + }, + "winServer_2022_datacenter_core": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-core-g2", + "version": "latest" + }, + "winServer_2022_Datacenter_core_smalldisk_g2": { + "publisher": "MicrosoftWindowsServer", + "offer": "WindowsServer", + "sku": "2022-datacenter-core-smalldisk-g2", + "version": "latest" + } + }, + "varDeploymentPrefixLowercase": "[toLower(parameters('deploymentPrefix'))]", + "varSessionHostLocationAcronym": "[variables('varLocations')[variables('varSessionHostLocationLowercase')].acronym]", + "varDeploymentEnvironmentComputeStorage": "[if(equals(parameters('deploymentEnvironment'), 'Dev'), 'd', if(equals(parameters('deploymentEnvironment'), 'Test'), 't', if(equals(parameters('deploymentEnvironment'), 'Prod'), 'p', '')))]", + "varSessionHostNamePrefix": "[if(parameters('customNaming'), parameters('sessionHostCustomNamePrefix'), format('vm{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varSessionHostLocationAcronym')))]", + "varDeploymentEnvironmentLowercase": "[toLower(parameters('deploymentEnvironment'))]", + "varComputeStorageResourcesNamingStandard": "[format('{0}-{1}-{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentLowercase'), variables('varSessionHostLocationAcronym'))]", + "varAvsetNamePrefix": "[if(parameters('customNaming'), format('{0}-{1}', parameters('avsetCustomNamePrefix'), variables('varComputeStorageResourcesNamingStandard')), format('avail-{0}', variables('varComputeStorageResourcesNamingStandard')))]", + "varLocations": "[variables('$fxv#0')]", + "varMarketPlaceGalleryWindows": "[variables('$fxv#1')]", + "varTimeZoneSessionHosts": "[variables('varLocations')[variables('varSessionHostLocationLowercase')].timeZone]", + "varSessionHostLocationLowercase": "[toLower(replace(parameters('location'), ' ', ''))]", + "varMaxAvsetMembersCount": 199, + "varDivisionAvsetValue": "[div(parameters('count'), variables('varMaxAvsetMembersCount'))]", + "varDivisionAvsetRemainderValue": "[mod(parameters('count'), variables('varMaxAvsetMembersCount'))]", + "varAvsetCount": "[if(greater(variables('varDivisionAvsetRemainderValue'), 0), add(variables('varDivisionAvsetValue'), 1), variables('varDivisionAvsetValue'))]", + "varComputeSubId": "[split(parameters('computeRgResourceID'), '/')[2]]", + "varComputeRgName": "[split(parameters('computeRgResourceID'), '/')[4]]", + "varHostpoolSubId": "[split(parameters('hostPoolResourceID'), '/')[2]]", + "varHostpoolRgName": "[split(parameters('hostPoolResourceID'), '/')[4]]", + "varHostPoolName": "[split(parameters('hostPoolResourceID'), '/')[8]]", + "varKeyVaultSubId": "[split(parameters('keyVaultResourceId'), '/')[2]]", + "varKeyVaultRgName": "[split(parameters('keyVaultResourceId'), '/')[4]]", + "varKeyVaultName": "[split(parameters('keyVaultResourceId'), '/')[8]]", + "varManagedDisk": "[if(empty(parameters('diskEncryptionSetResourceId')), createObject('storageAccountType', parameters('diskType')), createObject('diskEncryptionSet', createObject('id', parameters('diskEncryptionSetResourceId')), 'storageAccountType', parameters('diskType')))]", + "varFslogixStorageFqdn": "[if(parameters('createAvdFslogixDeployment'), format('{0}.file.{1}', parameters('fslogixStorageAccountName'), environment().suffixes.storage), '')]", + "varFslogixSharePath": "[if(parameters('createAvdFslogixDeployment'), format('\\\\{0}.file.{1}\\{2}', parameters('fslogixStorageAccountName'), environment().suffixes.storage, parameters('fslogixFileShareName')), '')]", + "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/add-sh/workload/", + "varSessionHostConfigurationScriptUri": "[format('{0}scripts/Set-SessionHostConfiguration.ps1', variables('varBaseScriptUri'))]", + "varSessionHostConfigurationScript": "./Set-SessionHostConfiguration.ps1", + "varAllAvailabilityZones": "[pickZones('Microsoft.Compute', 'virtualMachines', parameters('location'), 3)]", + "varAvdDefaultTags": { + "cm-resource-parent": "[parameters('hostPoolResourceID')]", + "Environment": "[parameters('deploymentEnvironment')]", + "ServiceWorkload": "AVD", + "CreationTimeUTC": "[parameters('time')]" + }, + "varCustomResourceTags": "[if(parameters('createResourceTags'), createObject('WorkloadName', parameters('workloadNameTag'), 'WorkloadType', parameters('workloadTypeTag'), 'DataClassification', parameters('dataClassificationTag'), 'Department', parameters('departmentTag'), 'Criticality', if(equals(parameters('workloadCriticalityTag'), 'Custom'), parameters('workloadCriticalityCustomValueTag'), parameters('workloadCriticalityTag')), 'ApplicationName', parameters('applicationNameTag'), 'ServiceClass', parameters('workloadSlaTag'), 'OpsTeam', parameters('opsTeamTag'), 'Owner', parameters('ownerTag'), 'CostCenter', parameters('costCenterTag')), createObject())]", + "varNicDiagnosticMetricsToEnable": [ + "AllMetrics" + ] + }, + "resources": [ + { + "condition": "[not(parameters('useAvailabilityZones'))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('AVD-Availability-Set-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "namePrefix": { + "value": "[variables('varAvsetNamePrefix')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "count": { + "value": "[variables('varAvsetCount')]" + }, + "faultDomainCount": { + "value": "[parameters('avsetFaultDomainCount')]" + }, + "updateDomainCount": { + "value": "[parameters('avsetUpdateDomainCount')]" + }, + "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "1483242996907610497" + } + }, + "parameters": { + "location": { + "type": "string", + "metadata": { + "description": "Location where to deploy compute services." + } + }, + "namePrefix": { + "type": "string", + "metadata": { + "description": "Availablity Set name." + } + }, + "count": { + "type": "int", + "metadata": { + "description": "Availablity Set count." + } + }, + "faultDomainCount": { + "type": "int", + "metadata": { + "description": "Sets the number of fault domains for the availability set." + } + }, + "updateDomainCount": { + "type": "int", + "metadata": { + "description": "Sets the number of update domains for the availability set." + } + }, + "tags": { + "type": "object", + "metadata": { + "description": "Tags to be applied to resources" + } + } + }, + "resources": [ + { + "copy": { + "name": "availabilitySet", + "count": "[length(range(1, parameters('count')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-{1}', parameters('namePrefix'), padLeft(range(1, parameters('count'))[copyIndex()], 3, '0'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[format('{0}-{1}', parameters('namePrefix'), padLeft(range(1, parameters('count'))[copyIndex()], 3, '0'))]" + }, + "location": { + "value": "[parameters('location')]" + }, + "availabilitySetFaultDomain": { + "value": "[parameters('faultDomainCount')]" + }, + "availabilitySetUpdateDomain": { + "value": "[parameters('updateDomainCount')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "9592547259644072861" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the availability set that is being created." + } + }, + "availabilitySetFaultDomain": { + "type": "int", + "defaultValue": 2, + "metadata": { + "description": "Optional. The number of fault domains to use." + } + }, + "availabilitySetUpdateDomain": { + "type": "int", + "defaultValue": 5, + "metadata": { + "description": "Optional. The number of update domains to use." + } + }, + "availabilitySetSku": { + "type": "string", + "defaultValue": "Aligned", + "metadata": { + "description": "Optional. SKU of the availability set.\r\n- Use \\'Aligned\\' for virtual machines with managed disks.\r\n- Use \\'Classic\\' for virtual machines with unmanaged disks.\r\n" + } + }, + "proximityPlacementGroupId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of a proximity placement group." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Resource location." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the availability set resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/availabilitySets", + "apiVersion": "2022-11-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "platformFaultDomainCount": "[parameters('availabilitySetFaultDomain')]", + "platformUpdateDomainCount": "[parameters('availabilitySetUpdateDomain')]", + "proximityPlacementGroup": "[if(not(empty(parameters('proximityPlacementGroupId'))), createObject('id', parameters('proximityPlacementGroupId')), null())]" + }, + "sku": { + "name": "[parameters('availabilitySetSku')]" + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Compute/availabilitySets/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + ] + }, + { + "copy": { + "name": "availabilitySet_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-AvSet-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "5076096840451227372" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Compute Gallery Sharing Admin": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1ef6a3be-d0ac-425d-8c01-acb62866290b')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Data Operator for Managed Disks": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')]", + "Desktop Virtualization Power On Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')]", + "Desktop Virtualization Power On Off Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "Disk Backup Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')]", + "Disk Pool Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')]", + "Disk Restore Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')]", + "Disk Snapshot Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Reservation Purchaser": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f7b75c60-3036-4b75-91c3-6b41c27c1689')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Compute/availabilitySets/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Compute/availabilitySets', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the availability set." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the availability set." + }, + "value": "[resourceId('Microsoft.Compute/availabilitySets', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the availability set was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/availabilitySets', parameters('name')), '2022-11-01', 'full').location]" + } + } + } + } + } + ] + } + } + }, + { + "copy": { + "name": "sessionHosts", + "count": "[length(range(1, parameters('count')))]", + "mode": "serial", + "batchSize": 3 + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('SH-{0}-{1}', sub(range(1, parameters('count'))[copyIndex()], 1), parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[format('{0}{1}', variables('varSessionHostNamePrefix'), padLeft(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), 4, '0'))]" + }, + "location": { + "value": "[parameters('location')]" + }, + "timeZone": { + "value": "[variables('varTimeZoneSessionHosts')]" + }, + "systemAssignedIdentity": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('value', true()), createObject('value', false()))]", + "availabilityZone": "[if(parameters('useAvailabilityZones'), createObject('value', take(skip(variables('varAllAvailabilityZones'), mod(range(1, parameters('count'))[copyIndex()], length(variables('varAllAvailabilityZones')))), 1)), createObject('value', createArray()))]", + "encryptionAtHost": { + "value": "[parameters('diskZeroTrust')]" + }, + "availabilitySetResourceId": "[if(parameters('useAvailabilityZones'), createObject('value', ''), createObject('value', format('/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Compute/availabilitySets/{2}-{3}', variables('varComputeSubId'), variables('varComputeRgName'), variables('varAvsetNamePrefix'), padLeft(add(1, div(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), variables('varMaxAvsetMembersCount'))), 3, '0'))))]", + "osType": { + "value": "Windows" + }, + "licenseType": { + "value": "Windows_Client" + }, + "vmSize": { + "value": "[parameters('vmSize')]" + }, + "securityType": { + "value": "[parameters('securityType')]" + }, + "secureBootEnabled": { + "value": "[parameters('secureBootEnabled')]" + }, + "vTpmEnabled": { + "value": "[parameters('vTpmEnabled')]" + }, + "imageReference": "[if(parameters('useSharedImage'), createObject('value', json(format('{{''id'': ''{0}''}}', parameters('avdImageTemplateDefinitionId')))), createObject('value', variables('varMarketPlaceGalleryWindows')[parameters('osImage')]))]", + "osDisk": { + "value": { + "createOption": "fromImage", + "deleteOption": "Delete", + "diskSizeGB": 128, + "managedDisk": "[variables('varManagedDisk')]" + } + }, + "adminUsername": { + "value": "[parameters('vmLocalUserName')]" + }, + "adminPassword": { + "reference": { + "keyVault": { + "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varKeyVaultSubId')), format('{0}', variables('varKeyVaultRgName'))), 'Microsoft.KeyVault/vaults', variables('varKeyVaultName'))]" + }, + "secretName": "[parameters('vmLocalAdminPasswordSecretName')]" + } + }, + "nicConfigurations": { + "value": [ + { + "nicSuffix": "nic-01-", + "deleteOption": "Delete", + "enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]", + "ipConfigurations": "[if(not(empty(parameters('asgResourceId'))), createArray(createObject('name', 'ipconfig01', 'subnetResourceId', parameters('subnetId'), 'applicationSecurityGroups', createArray(createObject('id', parameters('asgResourceId'))))), createArray(createObject('name', 'ipconfig01', 'subnetResourceId', parameters('subnetId'))))]" + } + ] + }, + "extensionDomainJoinPassword": "[if(or(equals(parameters('identityServiceProvider'), 'ADDS'), equals(parameters('identityServiceProvider'), 'AADDS')), createObject('reference', createObject('keyVault', createObject('id', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varKeyVaultSubId')), format('{0}', variables('varKeyVaultRgName'))), 'Microsoft.KeyVault/vaults', variables('varKeyVaultName'))), 'secretName', parameters('domainJoinPasswordSecretName'))), createObject('value', 'domainJoinUserPassword'))]", + "extensionDomainJoinConfig": { + "value": { + "enabled": "[if(or(equals(parameters('identityServiceProvider'), 'ADDS'), equals(parameters('identityServiceProvider'), 'AADDS')), true(), false())]", + "settings": { + "name": "[parameters('identityDomainName')]", + "ouPath": "[if(not(empty(parameters('sessionHostOuPath'))), parameters('sessionHostOuPath'), null())]", + "user": "[parameters('domainJoinUserName')]", + "restart": "true", + "options": "3" + } + } + }, + "extensionAadJoinConfig": { + "value": { + "enabled": "[if(equals(parameters('identityServiceProvider'), 'AAD'), true(), false())]", + "settings": "[if(parameters('createIntuneEnrollment'), createObject('mdmId', '0000000a-0000-0000-c000-000000000000'), createObject())]" + } + }, + "nicdiagnosticMetricsToEnable": "[if(parameters('deployMonitoring'), createObject('value', variables('varNicDiagnosticMetricsToEnable')), createObject('value', createArray()))]", + "diagnosticWorkspaceId": "[if(parameters('deployMonitoring'), createObject('value', parameters('alaWorkspaceResourceId')), createObject('value', ''))]", + "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "3205620537307637582" + } + }, + "parameters": { + "name": { + "type": "string", + "defaultValue": "[take(toLower(uniqueString(resourceGroup().name)), 10)]", + "metadata": { + "description": "Optional. The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name." + } + }, + "vmComputerNamesTransformation": { + "type": "string", + "defaultValue": "none", + "allowedValues": [ + "none", + "uppercase", + "lowercase" + ], + "metadata": { + "description": "Optional. Specifies whether the computer names should be transformed. The transformation is performed on all computer names. Available transformations are 'none' (Default), 'uppercase' and 'lowercase'." + } + }, + "vmSize": { + "type": "string", + "metadata": { + "description": "Required. Specifies the size for the VMs." + } + }, + "encryptionAtHost": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs." + } + }, + "securityType": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings." + } + }, + "secureBootEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings." + } + }, + "vTpmEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings." + } + }, + "imageReference": { + "type": "object", + "metadata": { + "description": "Required. OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image." + } + }, + "plan": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use." + } + }, + "osDisk": { + "type": "object", + "metadata": { + "description": "Required. Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs." + } + }, + "dataDisks": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs." + } + }, + "ultraSSDEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled." + } + }, + "adminUsername": { + "type": "securestring", + "metadata": { + "description": "Required. Administrator username." + } + }, + "adminPassword": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. When specifying a Windows Virtual Machine, this value should be passed." + } + }, + "customData": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format." + } + }, + "certificatesToBeInstalled": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Specifies set of certificates that should be installed onto the virtual machine." + } + }, + "priority": { + "type": "string", + "defaultValue": "Regular", + "allowedValues": [ + "Regular", + "Low", + "Spot" + ], + "metadata": { + "description": "Optional. Specifies the priority for the virtual machine." + } + }, + "enableEvictionPolicy": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy." + } + }, + "maxPriceForLowPriorityVm": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars." + } + }, + "dedicatedHostId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Specifies resource ID about the dedicated host that the virtual machine resides in." + } + }, + "licenseType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "Windows_Client", + "Windows_Server", + "" + ], + "metadata": { + "description": "Optional. Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system." + } + }, + "publicKeys": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. The list of SSH public keys used to authenticate with linux based VMs." + } + }, + "systemAssignedIdentity": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Enables system assigned managed identity on the resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = \"True\"." + } + }, + "userAssignedIdentities": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. The ID(s) to assign to the resource." + } + }, + "bootDiagnostics": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled." + } + }, + "bootDiagnosticStorageAccountName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided." + } + }, + "bootDiagnosticStorageAccountUri": { + "type": "string", + "defaultValue": "[format('.blob.{0}/', environment().suffixes.storage)]", + "metadata": { + "description": "Optional. Storage account boot diagnostic base URI." + } + }, + "proximityPlacementGroupResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of a proximity placement group." + } + }, + "availabilitySetResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set." + } + }, + "availabilityZone": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set." + } + }, + "nicConfigurations": { + "type": "array", + "metadata": { + "description": "Required. Configures NICs and PIPs." + } + }, + "pipDiagnosticSettingsName": { + "type": "string", + "defaultValue": "[format('{0}-diagnosticSettings', parameters('name'))]", + "metadata": { + "description": "Optional. The name of the PIP diagnostic setting, if deployed." + } + }, + "pipdiagnosticLogCategoriesToEnable": { + "type": "array", + "defaultValue": [ + "allLogs" + ], + "allowedValues": [ + "allLogs", + "DDoSProtectionNotifications", + "DDoSMitigationFlowLogs", + "DDoSMitigationReports" + ], + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource." + } + }, + "pipdiagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "nicDiagnosticSettingsName": { + "type": "string", + "defaultValue": "[format('{0}-diagnosticSettings', parameters('name'))]", + "metadata": { + "description": "Optional. The name of the NIC diagnostic setting, if deployed." + } + }, + "nicdiagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "backupVaultName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Recovery service vault name to add VMs to backup." + } + }, + "backupVaultResourceGroup": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "Optional. Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default." + } + }, + "backupPolicyName": { + "type": "string", + "defaultValue": "DefaultPolicy", + "metadata": { + "description": "Optional. Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault." + } + }, + "allowExtensionOperations": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine." + } + }, + "extensionDomainJoinPassword": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. Required if name is specified. Password of the user specified in user parameter." + } + }, + "extensionDomainJoinConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Domain Join] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionAadJoinConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [AAD Join] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionAntiMalwareConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Anti Malware] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionMonitoringAgentConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Monitoring Agent] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "monitoringWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true." + } + }, + "extensionDependencyAgentConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Dependency Agent] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionNetworkWatcherAgentConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Network Watcher Agent] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionAzureDiskEncryptionConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Azure Disk Encryption] extension. Must at least contain the [\"enabled\": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys." + } + }, + "extensionDSCConfig": { + "type": "object", + "defaultValue": { + "enabled": false + }, + "metadata": { + "description": "Optional. The configuration for the [Desired State Configuration] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionCustomScriptConfig": { + "type": "object", + "defaultValue": { + "enabled": false, + "fileData": [] + }, + "metadata": { + "description": "Optional. The configuration for the [Custom Script] extension. Must at least contain the [\"enabled\": true] property to be executed." + } + }, + "extensionCustomScriptProtectedSetting": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "baseTime": { + "type": "string", + "defaultValue": "[utcNow('u')]", + "metadata": { + "description": "Generated. Do not provide a value! This date value is used to generate a registration token." + } + }, + "sasTokenValidityLength": { + "type": "string", + "defaultValue": "PT8H", + "metadata": { + "description": "Optional. SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours." + } + }, + "osType": { + "type": "string", + "allowedValues": [ + "Windows", + "Linux" + ], + "metadata": { + "description": "Required. The chosen OS type." + } + }, + "disablePasswordAuthentication": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Specifies whether password authentication should be disabled." + } + }, + "provisionVMAgent": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later." + } + }, + "enableAutomaticUpdates": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning." + } + }, + "patchMode": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "AutomaticByPlatform", + "AutomaticByOS", + "Manual", + "ImageDefault", + "" + ], + "metadata": { + "description": "Optional. VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'." + } + }, + "patchAssessmentMode": { + "type": "string", + "defaultValue": "ImageDefault", + "allowedValues": [ + "AutomaticByPlatform", + "ImageDefault" + ], + "metadata": { + "description": "Optional. VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours." + } + }, + "timeZone": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`." + } + }, + "additionalUnattendContent": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object." + } + }, + "winRM": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object." + } + }, + "configurationProfile": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction", + "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest", + "" + ], + "metadata": { + "description": "Required. The configuration profile of automanage." + } + } + }, + "variables": { + "copy": [ + { + "name": "publicKeysFormatted", + "count": "[length(parameters('publicKeys'))]", + "input": { + "path": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].path]", + "keyData": "[parameters('publicKeys')[copyIndex('publicKeysFormatted')].keyData]" + } + } + ], + "vmComputerNameTransformed": "[if(equals(parameters('vmComputerNamesTransformation'), 'uppercase'), toUpper(parameters('name')), if(equals(parameters('vmComputerNamesTransformation'), 'lowercase'), toLower(parameters('name')), parameters('name')))]", + "linuxConfiguration": { + "disablePasswordAuthentication": "[parameters('disablePasswordAuthentication')]", + "ssh": { + "publicKeys": "[variables('publicKeysFormatted')]" + }, + "provisionVMAgent": "[parameters('provisionVMAgent')]", + "patchSettings": "[if(and(parameters('provisionVMAgent'), or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('ImageDefault')))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]" + }, + "windowsConfiguration": { + "provisionVMAgent": "[parameters('provisionVMAgent')]", + "enableAutomaticUpdates": "[parameters('enableAutomaticUpdates')]", + "patchSettings": "[if(and(parameters('provisionVMAgent'), or(or(equals(toLower(parameters('patchMode')), toLower('AutomaticByPlatform')), equals(toLower(parameters('patchMode')), toLower('AutomaticByOS'))), equals(toLower(parameters('patchMode')), toLower('Manual')))), createObject('patchMode', parameters('patchMode'), 'assessmentMode', parameters('patchAssessmentMode')), null())]", + "timeZone": "[if(empty(parameters('timeZone')), null(), parameters('timeZone'))]", + "additionalUnattendContent": "[if(empty(parameters('additionalUnattendContent')), null(), parameters('additionalUnattendContent'))]", + "winRM": "[if(not(empty(parameters('winRM'))), createObject('listeners', parameters('winRM')), null())]" + }, + "accountSasProperties": { + "signedServices": "b", + "signedPermission": "r", + "signedExpiry": "[dateTimeAdd(parameters('baseTime'), parameters('sasTokenValidityLength'))]", + "signedResourceTypes": "o", + "signedProtocol": "https" + }, + "identityType": "[if(if(parameters('extensionAadJoinConfig').enabled, true(), parameters('systemAssignedIdentity')), if(not(empty(parameters('userAssignedIdentities'))), 'SystemAssigned,UserAssigned', 'SystemAssigned'), if(not(empty(parameters('userAssignedIdentities'))), 'UserAssigned', 'None'))]", + "identity": "[if(not(equals(variables('identityType'), 'None')), createObject('type', variables('identityType'), 'userAssignedIdentities', if(not(empty(parameters('userAssignedIdentities'))), parameters('userAssignedIdentities'), null())), null())]", + "enableReferencedModulesTelemetry": false + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2022-11-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "identity": "[variables('identity')]", + "tags": "[parameters('tags')]", + "zones": "[if(not(equals(parameters('availabilityZone'), 0)), array(parameters('availabilityZone')), null())]", + "plan": "[if(not(empty(parameters('plan'))), parameters('plan'), null())]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "securityProfile": { + "encryptionAtHost": "[if(parameters('encryptionAtHost'), parameters('encryptionAtHost'), null())]", + "securityType": "[parameters('securityType')]", + "uefiSettings": "[if(equals(parameters('securityType'), 'TrustedLaunch'), createObject('secureBootEnabled', parameters('secureBootEnabled'), 'vTpmEnabled', parameters('vTpmEnabled')), null())]" + }, + "storageProfile": { + "copy": [ + { + "name": "dataDisks", + "count": "[length(parameters('dataDisks'))]", + "input": { + "lun": "[copyIndex('dataDisks')]", + "name": "[format('{0}-disk-data-{1}', parameters('name'), padLeft(add(copyIndex('dataDisks'), 1), 2, '0'))]", + "diskSizeGB": "[parameters('dataDisks')[copyIndex('dataDisks')].diskSizeGB]", + "createOption": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'createOption'), parameters('dataDisks')[copyIndex('dataDisks')].createOption, 'Empty')]", + "deleteOption": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'deleteOption'), parameters('dataDisks')[copyIndex('dataDisks')].deleteOption, 'Delete')]", + "caching": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')], 'caching'), parameters('dataDisks')[copyIndex('dataDisks')].caching, 'ReadOnly')]", + "managedDisk": { + "storageAccountType": "[parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.storageAccountType]", + "diskEncryptionSet": "[if(contains(parameters('dataDisks')[copyIndex('dataDisks')].managedDisk, 'diskEncryptionSet'), createObject('id', parameters('dataDisks')[copyIndex('dataDisks')].managedDisk.diskEncryptionSet.id), null())]" + } + } + } + ], + "imageReference": "[parameters('imageReference')]", + "osDisk": { + "name": "[format('osdisk-01-{0}', parameters('name'))]", + "createOption": "[if(contains(parameters('osDisk'), 'createOption'), parameters('osDisk').createOption, 'FromImage')]", + "deleteOption": "[if(contains(parameters('osDisk'), 'deleteOption'), parameters('osDisk').deleteOption, 'Delete')]", + "diskSizeGB": "[parameters('osDisk').diskSizeGB]", + "caching": "[if(contains(parameters('osDisk'), 'caching'), parameters('osDisk').caching, 'ReadOnly')]", + "managedDisk": { + "storageAccountType": "[parameters('osDisk').managedDisk.storageAccountType]", + "diskEncryptionSet": "[if(contains(parameters('osDisk').managedDisk, 'diskEncryptionSet'), createObject('id', parameters('osDisk').managedDisk.diskEncryptionSet.id), null())]" + } + } + }, + "additionalCapabilities": { + "ultraSSDEnabled": "[parameters('ultraSSDEnabled')]" + }, + "osProfile": { + "computerName": "[variables('vmComputerNameTransformed')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPassword')]", + "customData": "[if(not(empty(parameters('customData'))), base64(parameters('customData')), null())]", + "windowsConfiguration": "[if(equals(parameters('osType'), 'Windows'), variables('windowsConfiguration'), null())]", + "linuxConfiguration": "[if(equals(parameters('osType'), 'Linux'), variables('linuxConfiguration'), null())]", + "secrets": "[parameters('certificatesToBeInstalled')]", + "allowExtensionOperations": "[parameters('allowExtensionOperations')]" + }, + "networkProfile": { + "copy": [ + { + "name": "networkInterfaces", + "count": "[length(parameters('nicConfigurations'))]", + "input": { + "properties": { + "deleteOption": "[if(contains(parameters('nicConfigurations')[copyIndex('networkInterfaces')], 'deleteOption'), parameters('nicConfigurations')[copyIndex('networkInterfaces')].deleteOption, 'Delete')]", + "primary": "[if(equals(copyIndex('networkInterfaces'), 0), true(), false())]" + }, + "id": "[resourceId('Microsoft.Network/networkInterfaces', format('{0}{1}', parameters('nicConfigurations')[copyIndex('networkInterfaces')].nicSuffix, parameters('name')))]" + } + } + ] + }, + "diagnosticsProfile": { + "bootDiagnostics": { + "enabled": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), true(), parameters('bootDiagnostics'))]", + "storageUri": "[if(not(empty(parameters('bootDiagnosticStorageAccountName'))), format('https://{0}{1}', parameters('bootDiagnosticStorageAccountName'), parameters('bootDiagnosticStorageAccountUri')), null())]" + } + }, + "availabilitySet": "[if(not(empty(parameters('availabilitySetResourceId'))), createObject('id', parameters('availabilitySetResourceId')), null())]", + "proximityPlacementGroup": "[if(not(empty(parameters('proximityPlacementGroupResourceId'))), createObject('id', parameters('proximityPlacementGroupResourceId')), null())]", + "priority": "[parameters('priority')]", + "evictionPolicy": "[if(parameters('enableEvictionPolicy'), 'Deallocate', null())]", + "billingProfile": "[if(and(not(empty(parameters('priority'))), not(empty(parameters('maxPriceForLowPriorityVm')))), createObject('maxPrice', parameters('maxPriceForLowPriorityVm')), null())]", + "host": "[if(not(empty(parameters('dedicatedHostId'))), createObject('id', parameters('dedicatedHostId')), null())]", + "licenseType": "[if(not(empty(parameters('licenseType'))), parameters('licenseType'), null())]" + }, + "dependsOn": [ + "vm_nic" + ] + }, + { + "condition": "[not(empty(parameters('configurationProfile')))]", + "type": "Microsoft.Automanage/configurationProfileAssignments", + "apiVersion": "2021-04-30-preview", + "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "name": "default", + "properties": { + "configurationProfile": "[parameters('configurationProfile')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Compute/virtualMachines/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "copy": { + "name": "vm_nic", + "count": "[length(parameters('nicConfigurations'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-Nic-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "networkInterfaceName": { + "value": "[format('{0}{1}', parameters('nicConfigurations')[copyIndex()].nicSuffix, parameters('name'))]" + }, + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "enableIPForwarding": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'enableIPForwarding'), if(not(empty(parameters('nicConfigurations')[copyIndex()].enableIPForwarding)), createObject('value', parameters('nicConfigurations')[copyIndex()].enableIPForwarding), createObject('value', false())), createObject('value', false()))]", + "enableAcceleratedNetworking": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'enableAcceleratedNetworking'), createObject('value', parameters('nicConfigurations')[copyIndex()].enableAcceleratedNetworking), createObject('value', true()))]", + "dnsServers": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'dnsServers'), if(not(empty(parameters('nicConfigurations')[copyIndex()].dnsServers)), createObject('value', parameters('nicConfigurations')[copyIndex()].dnsServers), createObject('value', createArray())), createObject('value', createArray()))]", + "networkSecurityGroupResourceId": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'networkSecurityGroupResourceId'), createObject('value', parameters('nicConfigurations')[copyIndex()].networkSecurityGroupResourceId), createObject('value', ''))]", + "ipConfigurations": { + "value": "[parameters('nicConfigurations')[copyIndex()].ipConfigurations]" + }, + "lock": { + "value": "[parameters('lock')]" + }, + "diagnosticStorageAccountId": { + "value": "[parameters('diagnosticStorageAccountId')]" + }, + "diagnosticWorkspaceId": { + "value": "[parameters('diagnosticWorkspaceId')]" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "[parameters('diagnosticEventHubAuthorizationRuleId')]" + }, + "diagnosticEventHubName": { + "value": "[parameters('diagnosticEventHubName')]" + }, + "pipDiagnosticSettingsName": { + "value": "[parameters('pipDiagnosticSettingsName')]" + }, + "nicDiagnosticSettingsName": { + "value": "[parameters('nicDiagnosticSettingsName')]" + }, + "pipdiagnosticMetricsToEnable": { + "value": "[parameters('pipdiagnosticMetricsToEnable')]" + }, + "pipdiagnosticLogCategoriesToEnable": { + "value": "[parameters('pipdiagnosticLogCategoriesToEnable')]" + }, + "nicDiagnosticMetricsToEnable": { + "value": "[parameters('nicdiagnosticMetricsToEnable')]" + }, + "roleAssignments": "[if(contains(parameters('nicConfigurations')[copyIndex()], 'roleAssignments'), if(not(empty(parameters('nicConfigurations')[copyIndex()].roleAssignments)), createObject('value', parameters('nicConfigurations')[copyIndex()].roleAssignments), createObject('value', createArray())), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16578501272871551398" + } + }, + "parameters": { + "networkInterfaceName": { + "type": "string" + }, + "virtualMachineName": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object" + }, + "enableIPForwarding": { + "type": "bool", + "defaultValue": false + }, + "enableAcceleratedNetworking": { + "type": "bool", + "defaultValue": false + }, + "dnsServers": { + "type": "array", + "defaultValue": [] + }, + "networkSecurityGroupResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The network security group (NSG) to attach to the network interface." + } + }, + "ipConfigurations": { + "type": "array" + }, + "lock": { + "type": "string", + "defaultValue": "" + }, + "diagnosticStorageAccountId": { + "type": "string" + }, + "diagnosticWorkspaceId": { + "type": "string" + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string" + }, + "diagnosticEventHubName": { + "type": "string" + }, + "pipdiagnosticMetricsToEnable": { + "type": "array" + }, + "pipdiagnosticLogCategoriesToEnable": { + "type": "array" + }, + "nicDiagnosticMetricsToEnable": { + "type": "array" + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "pipDiagnosticSettingsName": { + "type": "string", + "defaultValue": "[format('{0}-diagnosticSettings', parameters('virtualMachineName'))]", + "metadata": { + "description": "Optional. The name of the PIP diagnostic setting, if deployed." + } + }, + "nicDiagnosticSettingsName": { + "type": "string", + "defaultValue": "[format('{0}-diagnosticSettings', parameters('virtualMachineName'))]", + "metadata": { + "description": "Optional. The name of the NIC diagnostic setting, if deployed." + } + } + }, + "variables": { + "enableReferencedModulesTelemetry": false + }, + "resources": [ + { + "copy": { + "name": "networkInterface_publicIPAddresses", + "count": "[length(parameters('ipConfigurations'))]" + }, + "condition": "[contains(parameters('ipConfigurations')[copyIndex()], 'pipconfiguration')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-publicIP-{1}', deployment().name, copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[format('{0}{1}', parameters('virtualMachineName'), parameters('ipConfigurations')[copyIndex()].pipconfiguration.publicIpNameSuffix)]" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "[parameters('diagnosticEventHubAuthorizationRuleId')]" + }, + "diagnosticEventHubName": { + "value": "[parameters('diagnosticEventHubName')]" + }, + "diagnosticLogCategoriesToEnable": { + "value": "[parameters('pipdiagnosticLogCategoriesToEnable')]" + }, + "diagnosticMetricsToEnable": { + "value": "[parameters('pipdiagnosticMetricsToEnable')]" + }, + "diagnosticSettingsName": { + "value": "[parameters('pipDiagnosticSettingsName')]" + }, + "diagnosticStorageAccountId": { + "value": "[parameters('diagnosticStorageAccountId')]" + }, + "diagnosticWorkspaceId": { + "value": "[parameters('diagnosticWorkspaceId')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "lock": { + "value": "[parameters('lock')]" + }, + "publicIPAddressVersion": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPAddressVersion'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPAddressVersion), createObject('value', 'IPv4'))]", + "publicIPAllocationMethod": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPAllocationMethod'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPAllocationMethod), createObject('value', 'Static'))]", + "publicIPPrefixResourceId": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'publicIPPrefixResourceId'), createObject('value', parameters('ipConfigurations')[copyIndex()].publicIPPrefixResourceId), createObject('value', ''))]", + "roleAssignments": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'roleAssignments'), createObject('value', parameters('ipConfigurations')[copyIndex()].roleAssignments), createObject('value', createArray()))]", + "skuName": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'skuName'), createObject('value', parameters('ipConfigurations')[copyIndex()].skuName), createObject('value', 'Standard'))]", + "skuTier": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'skuTier'), createObject('value', parameters('ipConfigurations')[copyIndex()].skuTier), createObject('value', 'Regional'))]", + "tags": { + "value": "[parameters('tags')]" + }, + "zones": "[if(contains(parameters('ipConfigurations')[copyIndex()], 'zones'), createObject('value', parameters('ipConfigurations')[copyIndex()].zones), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14697279465996570029" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the Public IP Address." + } + }, + "publicIPPrefixResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix." + } + }, + "publicIPAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic", + "allowedValues": [ + "Dynamic", + "Static" + ], + "metadata": { + "description": "Optional. The public IP address allocation method." + } + }, + "skuName": { + "type": "string", + "defaultValue": "Basic", + "allowedValues": [ + "Basic", + "Standard" + ], + "metadata": { + "description": "Optional. Name of a public IP address SKU." + } + }, + "skuTier": { + "type": "string", + "defaultValue": "Regional", + "allowedValues": [ + "Global", + "Regional" + ], + "metadata": { + "description": "Optional. Tier of a public IP address SKU." + } + }, + "zones": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. A list of availability zones denoting the IP allocated for the resource needs to come from." + } + }, + "publicIPAddressVersion": { + "type": "string", + "defaultValue": "IPv4", + "allowedValues": [ + "IPv4", + "IPv6" + ], + "metadata": { + "description": "Optional. IP address version." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "domainNameLabel": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system." + } + }, + "fqdn": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone." + } + }, + "reverseFqdn": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "diagnosticLogCategoriesToEnable": { + "type": "array", + "defaultValue": [ + "allLogs" + ], + "allowedValues": [ + "allLogs", + "DDoSProtectionNotifications", + "DDoSMitigationFlowLogs", + "DDoSMitigationReports" + ], + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource." + } + }, + "diagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "diagnosticSettingsName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to \"-diagnosticSettings\"." + } + } + }, + "variables": { + "copy": [ + { + "name": "diagnosticsLogsSpecified", + "count": "[length(filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', not(equals(lambdaVariables('item'), 'allLogs')))))]", + "input": { + "category": "[filter(parameters('diagnosticLogCategoriesToEnable'), lambda('item', not(equals(lambdaVariables('item'), 'allLogs'))))[copyIndex('diagnosticsLogsSpecified')]]", + "enabled": true + } + }, + { + "name": "diagnosticsMetrics", + "count": "[length(parameters('diagnosticMetricsToEnable'))]", + "input": { + "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]", + "timeGrain": null, + "enabled": true + } + } + ], + "diagnosticsLogs": "[if(contains(parameters('diagnosticLogCategoriesToEnable'), 'allLogs'), createArray(createObject('categoryGroup', 'allLogs', 'enabled', true())), variables('diagnosticsLogsSpecified'))]" + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "sku": { + "name": "[parameters('skuName')]", + "tier": "[parameters('skuTier')]" + }, + "zones": "[parameters('zones')]", + "properties": { + "dnsSettings": "[if(not(empty(parameters('domainNameLabel'))), createObject('domainNameLabel', parameters('domainNameLabel'), 'fqdn', parameters('fqdn'), 'reverseFqdn', parameters('reverseFqdn')), null())]", + "publicIPAddressVersion": "[parameters('publicIPAddressVersion')]", + "publicIPAllocationMethod": "[parameters('publicIPAllocationMethod')]", + "publicIPPrefix": "[if(not(empty(parameters('publicIPPrefixResourceId'))), createObject('id', parameters('publicIPPrefixResourceId')), null())]", + "idleTimeoutInMinutes": 4, + "ipTags": [] + } + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + ] + }, + { + "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', parameters('name'))]", + "name": "[if(not(empty(parameters('diagnosticSettingsName'))), parameters('diagnosticSettingsName'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]", + "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]", + "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]", + "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]", + "metrics": "[variables('diagnosticsMetrics')]", + "logs": "[variables('diagnosticsLogs')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + ] + }, + { + "copy": { + "name": "publicIpAddress_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-PIPAddress-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15781585805590730053" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/publicIPAddresses/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/publicIPAddresses', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the public IP address was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the public IP address." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the public IP address." + }, + "value": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('name'))]" + }, + "ipAddress": { + "type": "string", + "metadata": { + "description": "The public IP address of the public IP address resource." + }, + "value": "[if(contains(reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2022-07-01'), 'ipAddress'), reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2022-07-01').ipAddress, '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/publicIPAddresses', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-NetworkInterface', deployment().name)]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('networkInterfaceName')]" + }, + "ipConfigurations": { + "copy": [ + { + "name": "value", + "count": "[length(parameters('ipConfigurations'))]", + "input": "[createObject('name', if(not(empty(parameters('ipConfigurations')[copyIndex('value')].name)), parameters('ipConfigurations')[copyIndex('value')].name, null()), 'primary', equals(copyIndex('value'), 0), 'privateIPAllocationMethod', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAllocationMethod'), if(not(empty(parameters('ipConfigurations')[copyIndex('value')].privateIPAllocationMethod)), parameters('ipConfigurations')[copyIndex('value')].privateIPAllocationMethod, null()), null()), 'privateIPAddress', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAddress'), if(not(empty(parameters('ipConfigurations')[copyIndex('value')].privateIPAddress)), parameters('ipConfigurations')[copyIndex('value')].privateIPAddress, null()), null()), 'publicIPAddressResourceId', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'pipconfiguration'), resourceId('Microsoft.Network/publicIPAddresses', format('{0}{1}', parameters('virtualMachineName'), parameters('ipConfigurations')[copyIndex('value')].pipconfiguration.publicIpNameSuffix)), null()), 'subnetResourceId', parameters('ipConfigurations')[copyIndex('value')].subnetResourceId, 'loadBalancerBackendAddressPools', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'loadBalancerBackendAddressPools'), parameters('ipConfigurations')[copyIndex('value')].loadBalancerBackendAddressPools, null()), 'applicationSecurityGroups', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'applicationSecurityGroups'), parameters('ipConfigurations')[copyIndex('value')].applicationSecurityGroups, null()), 'applicationGatewayBackendAddressPools', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'applicationGatewayBackendAddressPools'), parameters('ipConfigurations')[copyIndex('value')].applicationGatewayBackendAddressPools, null()), 'gatewayLoadBalancer', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'gatewayLoadBalancer'), parameters('ipConfigurations')[copyIndex('value')].gatewayLoadBalancer, null()), 'loadBalancerInboundNatRules', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'loadBalancerInboundNatRules'), parameters('ipConfigurations')[copyIndex('value')].loadBalancerInboundNatRules, null()), 'privateIPAddressVersion', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'privateIPAddressVersion'), parameters('ipConfigurations')[copyIndex('value')].privateIPAddressVersion, null()), 'virtualNetworkTaps', if(contains(parameters('ipConfigurations')[copyIndex('value')], 'virtualNetworkTaps'), parameters('ipConfigurations')[copyIndex('value')].virtualNetworkTaps, null()))]" + } + ] + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "diagnosticEventHubAuthorizationRuleId": { + "value": "[parameters('diagnosticEventHubAuthorizationRuleId')]" + }, + "diagnosticEventHubName": { + "value": "[parameters('diagnosticEventHubName')]" + }, + "diagnosticStorageAccountId": { + "value": "[parameters('diagnosticStorageAccountId')]" + }, + "diagnosticMetricsToEnable": { + "value": "[parameters('nicDiagnosticMetricsToEnable')]" + }, + "diagnosticSettingsName": { + "value": "[parameters('nicDiagnosticSettingsName')]" + }, + "diagnosticWorkspaceId": { + "value": "[parameters('diagnosticWorkspaceId')]" + }, + "dnsServers": "[if(not(empty(parameters('dnsServers'))), createObject('value', parameters('dnsServers')), createObject('value', createArray()))]", + "enableAcceleratedNetworking": { + "value": "[parameters('enableAcceleratedNetworking')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + }, + "enableIPForwarding": { + "value": "[parameters('enableIPForwarding')]" + }, + "lock": { + "value": "[parameters('lock')]" + }, + "networkSecurityGroupResourceId": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('value', parameters('networkSecurityGroupResourceId')), createObject('value', ''))]", + "roleAssignments": "[if(not(empty(parameters('roleAssignments'))), createObject('value', parameters('roleAssignments')), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "17125191375440227612" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the network interface." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "enableIPForwarding": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether IP forwarding is enabled on this network interface." + } + }, + "enableAcceleratedNetworking": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. If the network interface is accelerated networking enabled." + } + }, + "dnsServers": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection." + } + }, + "networkSecurityGroupResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The network security group (NSG) to attach to the network interface." + } + }, + "auxiliaryMode": { + "type": "string", + "defaultValue": "None", + "allowedValues": [ + "Floating", + "MaxConnections", + "None" + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } + }, + "disableTcpStateTracking": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether to disable tcp state tracking. Subscription must be registered for the Microsoft.Network/AllowDisableTcpStateTracking feature before this property can be set to true." + } + }, + "ipConfigurations": { + "type": "array", + "metadata": { + "description": "Required. A list of IPConfigurations of the network interface." + } + }, + "lock": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "diagnosticStorageAccountId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account." + } + }, + "diagnosticWorkspaceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource identifier of log analytics." + } + }, + "diagnosticEventHubAuthorizationRuleId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "diagnosticEventHubName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category." + } + }, + "diagnosticMetricsToEnable": { + "type": "array", + "defaultValue": [ + "AllMetrics" + ], + "allowedValues": [ + "AllMetrics" + ], + "metadata": { + "description": "Optional. The name of metrics that will be streamed." + } + }, + "diagnosticSettingsName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The name of the diagnostic setting, if deployed. If left empty, it defaults to \"-diagnosticSettings\"." + } + } + }, + "variables": { + "copy": [ + { + "name": "diagnosticsMetrics", + "count": "[length(parameters('diagnosticMetricsToEnable'))]", + "input": { + "category": "[parameters('diagnosticMetricsToEnable')[copyIndex('diagnosticsMetrics')]]", + "timeGrain": null, + "enabled": true + } + } + ] + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "copy": [ + { + "name": "ipConfigurations", + "count": "[length(parameters('ipConfigurations'))]", + "input": { + "name": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'name'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].name, format('ipconfig0{0}', add(copyIndex('ipConfigurations'), 1)))]", + "properties": { + "primary": "[if(equals(copyIndex('ipConfigurations'), 0), true(), false())]", + "privateIPAllocationMethod": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAllocationMethod'), if(not(empty(parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAllocationMethod)), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAllocationMethod, null()), null())]", + "privateIPAddress": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAddress'), if(not(empty(parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddress)), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddress, null()), null())]", + "publicIPAddress": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'publicIPAddressResourceId'), if(not(equals(parameters('ipConfigurations')[copyIndex('ipConfigurations')].publicIPAddressResourceId, null())), createObject('id', parameters('ipConfigurations')[copyIndex('ipConfigurations')].publicIPAddressResourceId), null()), null())]", + "subnet": { + "id": "[parameters('ipConfigurations')[copyIndex('ipConfigurations')].subnetResourceId]" + }, + "loadBalancerBackendAddressPools": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'loadBalancerBackendAddressPools'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].loadBalancerBackendAddressPools, null())]", + "applicationSecurityGroups": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'applicationSecurityGroups'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].applicationSecurityGroups, null())]", + "applicationGatewayBackendAddressPools": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'applicationGatewayBackendAddressPools'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].applicationGatewayBackendAddressPools, null())]", + "gatewayLoadBalancer": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'gatewayLoadBalancer'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].gatewayLoadBalancer, null())]", + "loadBalancerInboundNatRules": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'loadBalancerInboundNatRules'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].loadBalancerInboundNatRules, null())]", + "privateIPAddressVersion": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'privateIPAddressVersion'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].privateIPAddressVersion, null())]", + "virtualNetworkTaps": "[if(contains(parameters('ipConfigurations')[copyIndex('ipConfigurations')], 'virtualNetworkTaps'), parameters('ipConfigurations')[copyIndex('ipConfigurations')].virtualNetworkTaps, null())]" + } + } + } + ], + "auxiliaryMode": "[parameters('auxiliaryMode')]", + "disableTcpStateTracking": "[parameters('disableTcpStateTracking')]", + "dnsSettings": "[if(not(empty(parameters('dnsServers'))), createObject('dnsServers', parameters('dnsServers')), null())]", + "enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]", + "enableIPForwarding": "[parameters('enableIPForwarding')]", + "networkSecurityGroup": "[if(not(empty(parameters('networkSecurityGroupResourceId'))), createObject('id', parameters('networkSecurityGroupResourceId')), null())]" + } + }, + { + "condition": "[or(or(or(not(empty(parameters('diagnosticStorageAccountId'))), not(empty(parameters('diagnosticWorkspaceId')))), not(empty(parameters('diagnosticEventHubAuthorizationRuleId')))), not(empty(parameters('diagnosticEventHubName'))))]", + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]", + "name": "[if(not(empty(parameters('diagnosticSettingsName'))), parameters('diagnosticSettingsName'), format('{0}-diagnosticSettings', parameters('name')))]", + "properties": { + "storageAccountId": "[if(not(empty(parameters('diagnosticStorageAccountId'))), parameters('diagnosticStorageAccountId'), null())]", + "workspaceId": "[if(not(empty(parameters('diagnosticWorkspaceId'))), parameters('diagnosticWorkspaceId'), null())]", + "eventHubAuthorizationRuleId": "[if(not(empty(parameters('diagnosticEventHubAuthorizationRuleId'))), parameters('diagnosticEventHubAuthorizationRuleId'), null())]", + "eventHubName": "[if(not(empty(parameters('diagnosticEventHubName'))), parameters('diagnosticEventHubName'), null())]", + "metrics": "[variables('diagnosticsMetrics')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + ] + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/networkInterfaces/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + ] + }, + { + "copy": { + "name": "networkInterface_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-NIC-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "14837312545510225155" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/networkInterfaces/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/networkInterfaces', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the deployed resource." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the deployed resource." + }, + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group of the deployed resource." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/networkInterfaces', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "networkInterface_publicIPAddresses" + ] + } + ] + } + } + }, + { + "condition": "[parameters('extensionAadJoinConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-AADLogin', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "AADLogin" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.ActiveDirectory" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AADLoginForWindows'), createObject('value', 'AADSSHLoginforLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionAadJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAadJoinConfig').typeHandlerVersion), createObject('value', '1.0'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAadJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAadJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionAadJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAadJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": "[if(contains(parameters('extensionAadJoinConfig'), 'settings'), createObject('value', parameters('extensionAadJoinConfig').settings), createObject('value', createObject()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionDomainJoinConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-DomainJoin', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "DomainJoin" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Compute" + }, + "type": { + "value": "JsonADDomainExtension" + }, + "typeHandlerVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDomainJoinConfig').typeHandlerVersion), createObject('value', '1.3'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDomainJoinConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDomainJoinConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionDomainJoinConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDomainJoinConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": { + "value": "[parameters('extensionDomainJoinConfig').settings]" + }, + "protectedSettings": { + "value": { + "Password": "[parameters('extensionDomainJoinPassword')]" + } + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionAntiMalwareConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "MicrosoftAntiMalware" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.Security" + }, + "type": { + "value": "IaaSAntimalware" + }, + "typeHandlerVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAntiMalwareConfig').typeHandlerVersion), createObject('value', '1.3'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAntiMalwareConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAntiMalwareConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionAntiMalwareConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAntiMalwareConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": { + "value": "[parameters('extensionAntiMalwareConfig').settings]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionMonitoringAgentConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "MicrosoftMonitoringAgent" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.EnterpriseCloud.Monitoring" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'MicrosoftMonitoringAgent'), createObject('value', 'OmsAgentForLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.0'), createObject('value', '1.7')))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionMonitoringAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionMonitoringAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionMonitoringAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": { + "value": { + "workspaceId": "[if(not(empty(parameters('monitoringWorkspaceId'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('monitoringWorkspaceId'), '/')[2], split(parameters('monitoringWorkspaceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('monitoringWorkspaceId'), '/'))), '2021-06-01').customerId, '')]" + } + }, + "protectedSettings": { + "value": { + "workspaceKey": "[if(not(empty(parameters('monitoringWorkspaceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('monitoringWorkspaceId'), '/')[2], split(parameters('monitoringWorkspaceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('monitoringWorkspaceId'), '/'))), '2021-06-01').primarySharedKey, '')]" + } + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionDependencyAgentConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-DependencyAgent', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "DependencyAgent" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.Monitoring.DependencyAgent" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'DependencyAgentWindows'), createObject('value', 'DependencyAgentLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDependencyAgentConfig').typeHandlerVersion), createObject('value', '9.5'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDependencyAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDependencyAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionDependencyAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDependencyAgentConfig').enableAutomaticUpgrade), createObject('value', true()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionNetworkWatcherAgentConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "NetworkWatcherAgent" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.NetworkWatcher" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'NetworkWatcherAgentWindows'), createObject('value', 'NetworkWatcherAgentLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').typeHandlerVersion), createObject('value', '1.4'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionNetworkWatcherAgentConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionNetworkWatcherAgentConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionDSCConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "DesiredStateConfiguration" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Powershell" + }, + "type": { + "value": "DSC" + }, + "typeHandlerVersion": "[if(contains(parameters('extensionDSCConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionDSCConfig').typeHandlerVersion), createObject('value', '2.77'))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionDSCConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionDSCConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionDSCConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionDSCConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": "[if(contains(parameters('extensionDSCConfig'), 'settings'), createObject('value', parameters('extensionDSCConfig').settings), createObject('value', createObject()))]", + "protectedSettings": "[if(contains(parameters('extensionDSCConfig'), 'protectedSettings'), createObject('value', parameters('extensionDSCConfig').protectedSettings), createObject('value', createObject()))]", + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + }, + { + "condition": "[parameters('extensionCustomScriptConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "CustomScriptExtension" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'Microsoft.Compute'), createObject('value', 'Microsoft.Azure.Extensions'))]", + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'CustomScriptExtension'), createObject('value', 'CustomScript'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionCustomScriptConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '1.10'), createObject('value', '2.1')))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionCustomScriptConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionCustomScriptConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionCustomScriptConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionCustomScriptConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "settings": { + "value": { + "copy": [ + { + "name": "fileUris", + "count": "[length(parameters('extensionCustomScriptConfig').fileData)]", + "input": "[if(contains(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')], 'storageAccountId'), format('{0}?{1}', parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri, listAccountSas(parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].storageAccountId, '2019-04-01', variables('accountSasProperties')).accountSasToken), parameters('extensionCustomScriptConfig').fileData[copyIndex('fileUris')].uri)]" + } + ] + } + }, + "protectedSettings": { + "value": "[parameters('extensionCustomScriptProtectedSetting')]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location'))))]" + ] + }, + { + "condition": "[parameters('extensionAzureDiskEncryptionConfig').enabled]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-AzureDiskEncryption', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "virtualMachineName": { + "value": "[parameters('name')]" + }, + "name": { + "value": "AzureDiskEncryption" + }, + "location": { + "value": "[parameters('location')]" + }, + "publisher": { + "value": "Microsoft.Azure.Security" + }, + "type": "[if(equals(parameters('osType'), 'Windows'), createObject('value', 'AzureDiskEncryption'), createObject('value', 'AzureDiskEncryptionForLinux'))]", + "typeHandlerVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'typeHandlerVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').typeHandlerVersion), if(equals(parameters('osType'), 'Windows'), createObject('value', '2.2'), createObject('value', '1.1')))]", + "autoUpgradeMinorVersion": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'autoUpgradeMinorVersion'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').autoUpgradeMinorVersion), createObject('value', true()))]", + "enableAutomaticUpgrade": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'enableAutomaticUpgrade'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').enableAutomaticUpgrade), createObject('value', false()))]", + "forceUpdateTag": "[if(contains(parameters('extensionAzureDiskEncryptionConfig'), 'forceUpdateTag'), createObject('value', parameters('extensionAzureDiskEncryptionConfig').forceUpdateTag), createObject('value', '1.0'))]", + "settings": { + "value": "[parameters('extensionAzureDiskEncryptionConfig').settings]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location'))))]" + ] + }, + { + "condition": "[not(empty(parameters('backupVaultName')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-Backup', uniqueString(deployment().name, parameters('location')))]", + "resourceGroup": "[parameters('backupVaultResourceGroup')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[format('vm;iaasvmcontainerv2;{0};{1}', resourceGroup().name, parameters('name'))]" + }, + "location": { + "value": "[parameters('location')]" + }, + "policyId": { + "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupPolicies', parameters('backupVaultName'), parameters('backupPolicyName'))]" + }, + "protectedItemType": { + "value": "Microsoft.Compute/virtualMachines" + }, + "protectionContainerName": { + "value": "[format('iaasvmcontainer;iaasvmcontainerv2;{0};{1}', resourceGroup().name, parameters('name'))]" + }, + "recoveryVaultName": { + "value": "[parameters('backupVaultName')]" + }, + "sourceResourceId": { + "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + }, + "enableDefaultTelemetry": { + "value": "[variables('enableReferencedModulesTelemetry')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "15242592157036190831" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the resource." + } + }, + "protectionContainerName": { + "type": "string", + "metadata": { + "description": "Conditional. Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment." + } + }, + "recoveryVaultName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "protectedItemType": { + "type": "string", + "allowedValues": [ + "AzureFileShareProtectedItem", + "AzureVmWorkloadSAPAseDatabase", + "AzureVmWorkloadSAPHanaDatabase", + "AzureVmWorkloadSQLDatabase", + "DPMProtectedItem", + "GenericProtectedItem", + "MabFileFolderProtectedItem", + "Microsoft.ClassicCompute/virtualMachines", + "Microsoft.Compute/virtualMachines", + "Microsoft.Sql/servers/databases" + ], + "metadata": { + "description": "Required. The backup item type." + } + }, + "policyId": { + "type": "string", + "metadata": { + "description": "Required. ID of the backup policy with which this item is backed up." + } + }, + "sourceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Resource ID of the resource to back up." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems", + "apiVersion": "2023-01-01", + "name": "[format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "protectedItemType": "[parameters('protectedItemType')]", + "policyId": "[parameters('policyId')]", + "sourceResourceId": "[parameters('sourceResourceId')]" + } + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the protected item was created in." + }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the protected item." + }, + "value": "[resourceId('Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems', split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[0], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[1], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[2], split(format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name')), '/')[3])]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The Name of the protected item." + }, + "value": "[format('{0}/Azure/{1}/{2}', parameters('recoveryVaultName'), parameters('protectionContainerName'), parameters('name'))]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-AADLogin', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-CustomScriptExtension', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DependencyAgent', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DesiredStateConfiguration', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-DomainJoin', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-MicrosoftAntiMalware', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-MicrosoftMonitoringAgent', uniqueString(deployment().name, parameters('location'))))]", + "[resourceId('Microsoft.Resources/deployments', format('{0}-VM-NetworkWatcherAgent', uniqueString(deployment().name, parameters('location'))))]" + ] + }, + { + "copy": { + "name": "vm_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-VM-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "9607326914801692122" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Compute Gallery Sharing Admin": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1ef6a3be-d0ac-425d-8c01-acb62866290b')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Data Operator for Managed Disks": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '959f8984-c045-4866-89c7-12bf9737be2e')]", + "Desktop Virtualization Power On Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '489581de-a3bd-480d-9518-53dea7416b33')]", + "Desktop Virtualization Power On Off Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '40c5ff49-9181-41f8-ae61-143b0e78555e')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "Disk Backup Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3e5e47e6-65f7-47ef-90b5-e5dd4d455f24')]", + "Disk Pool Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '60fc6e62-5479-42d4-8bf4-67625fcc2840')]", + "Disk Restore Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b50d9833-a0cb-478e-945f-707fcc997c13')]", + "Disk Snapshot Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7efff54f-a5b4-42b5-a1c5-5411624893ce')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Reservation Purchaser": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f7b75c60-3036-4b75-91c3-6b41c27c1689')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "VM Scanner Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'd24ecba3-c1f4-40fa-a7bb-4588a071e8fd')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Compute/virtualMachines/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Compute/virtualMachines', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + ] + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the VM." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the VM." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines', parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the VM was created in." + }, + "value": "[resourceGroup().name]" + }, + "systemAssignedPrincipalId": { + "type": "string", + "metadata": { + "description": "The principal ID of the system assigned identity." + }, + "value": "[if(and(parameters('systemAssignedIdentity'), contains(reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity, 'principalId')), reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').identity.principalId, '')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines', parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varComputeSubId')), format('{0}', variables('varComputeRgName'))), 'Microsoft.Resources/deployments', format('AVD-Availability-Set-{0}', parameters('time')))]" + ] + }, + { + "copy": { + "name": "sessionHostsAntimalwareExtension", + "count": "[length(range(1, parameters('count')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('SH-Antimal-{0}-{1}', sub(range(1, parameters('count'))[copyIndex()], 1), parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "virtualMachineName": { + "value": "[format('{0}{1}', variables('varSessionHostNamePrefix'), padLeft(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), 4, '0'))]" + }, + "name": { + "value": "MicrosoftAntiMalware" + }, + "publisher": { + "value": "Microsoft.Azure.Security" + }, + "type": { + "value": "IaaSAntimalware" + }, + "typeHandlerVersion": { + "value": "1.3" + }, + "autoUpgradeMinorVersion": { + "value": true + }, + "enableAutomaticUpgrade": { + "value": false + }, + "settings": { + "value": { + "AntimalwareEnabled": true, + "RealtimeProtectionEnabled": "true", + "ScheduledScanSettings": { + "isEnabled": "true", + "day": "7", + "time": "120", + "scanType": "Quick" + }, + "Exclusions": "[if(parameters('createAvdFslogixDeployment'), createObject('Extensions', '*.vhd;*.vhdx', 'Paths', format('\"%ProgramFiles%\\FSLogix\\Apps\\frxdrv.sys;%ProgramFiles%\\FSLogix\\Apps\\frxccd.sys;%ProgramFiles%\\FSLogix\\Apps\\frxdrvvt.sys;%TEMP%\\*.VHD;%TEMP%\\*.VHDX;%Windir%\\TEMP\\*.VHD;%Windir%\\TEMP\\*.VHDX;{0}\\*\\*.VHD;{1}\\*\\*.VHDX', variables('varFslogixSharePath'), variables('varFslogixSharePath')), 'Processes', '%ProgramFiles%\\FSLogix\\Apps\\frxccd.exe;%ProgramFiles%\\FSLogix\\Apps\\frxccds.exe;%ProgramFiles%\\FSLogix\\Apps\\frxsvc.exe'), createObject())]" + } + }, + "enableDefaultTelemetry": { + "value": false + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "sessionHosts" + ] + }, + { + "copy": { + "name": "monitoring", + "count": "[length(range(1, parameters('count')))]" + }, + "condition": "[parameters('deployMonitoring')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('SH-Mon-{0}-{1}', sub(range(1, parameters('count'))[copyIndex()], 1), parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "virtualMachineName": { + "value": "[format('{0}{1}', variables('varSessionHostNamePrefix'), padLeft(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), 4, '0'))]" + }, + "name": { + "value": "MicrosoftMonitoringAgent" + }, + "publisher": { + "value": "Microsoft.EnterpriseCloud.Monitoring" + }, + "type": { + "value": "MicrosoftMonitoringAgent" + }, + "typeHandlerVersion": { + "value": "1.0" + }, + "autoUpgradeMinorVersion": { + "value": true + }, + "enableAutomaticUpgrade": { + "value": false + }, + "settings": { + "value": { + "workspaceId": "[if(not(empty(parameters('alaWorkspaceResourceId'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('alaWorkspaceResourceId'), '/')[2], split(parameters('alaWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('alaWorkspaceResourceId'), '/'))), '2021-06-01').customerId, '')]" + } + }, + "protectedSettings": { + "value": { + "workspaceKey": "[if(not(empty(parameters('alaWorkspaceResourceId'))), listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('alaWorkspaceResourceId'), '/')[2], split(parameters('alaWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('alaWorkspaceResourceId'), '/'))), '2021-06-01').primarySharedKey, '')]" + } + }, + "enableDefaultTelemetry": { + "value": false + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "18224849399427196214" + } + }, + "parameters": { + "virtualMachineName": { + "type": "string", + "metadata": { + "description": "Conditional. The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment." + } + }, + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the virtual machine extension." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location the extension is deployed to." + } + }, + "publisher": { + "type": "string", + "metadata": { + "description": "Required. The name of the extension handler publisher." + } + }, + "type": { + "type": "string", + "metadata": { + "description": "Required. Specifies the type of the extension; an example is \"CustomScriptExtension\"." + } + }, + "typeHandlerVersion": { + "type": "string", + "metadata": { + "description": "Required. Specifies the version of the script handler." + } + }, + "autoUpgradeMinorVersion": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true." + } + }, + "forceUpdateTag": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. How the extension handler should be forced to update even if the extension configuration has not changed." + } + }, + "settings": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific settings." + } + }, + "protectedSettings": { + "type": "secureObject", + "defaultValue": {}, + "metadata": { + "description": "Optional. Any object that contains the extension specific protected settings." + } + }, + "supressFailures": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false." + } + }, + "enableAutomaticUpgrade": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-11-01", + "name": "[format('{0}/{1}', parameters('virtualMachineName'), parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "[parameters('publisher')]", + "type": "[parameters('type')]", + "typeHandlerVersion": "[parameters('typeHandlerVersion')]", + "autoUpgradeMinorVersion": "[parameters('autoUpgradeMinorVersion')]", + "enableAutomaticUpgrade": "[parameters('enableAutomaticUpgrade')]", + "forceUpdateTag": "[if(not(empty(parameters('forceUpdateTag'))), parameters('forceUpdateTag'), null())]", + "settings": "[if(not(empty(parameters('settings'))), parameters('settings'), null())]", + "protectedSettings": "[if(not(empty(parameters('protectedSettings'))), parameters('protectedSettings'), null())]", + "suppressFailures": "[parameters('supressFailures')]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the extension." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the extension." + }, + "value": "[resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name'))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the Resource Group the extension was created in." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Compute/virtualMachines/extensions', parameters('virtualMachineName'), parameters('name')), '2022-11-01', 'full').location]" + } + } + } + }, + "dependsOn": [ + "sessionHostsAntimalwareExtension" + ] + }, + { + "copy": { + "name": "sessionHostConfiguration", + "count": "[length(range(1, parameters('count')))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('SH-Config-{0}-{1}', range(1, parameters('count'))[copyIndex()], parameters('time'))]", + "subscriptionId": "[format('{0}', variables('varComputeSubId'))]", + "resourceGroup": "[format('{0}', variables('varComputeRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "name": { + "value": "[format('{0}{1}', variables('varSessionHostNamePrefix'), padLeft(add(range(1, parameters('count'))[copyIndex()], parameters('countIndex')), 4, '0'))]" + }, + "hostPoolToken": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', variables('varHostpoolSubId')), format('{0}', variables('varHostpoolRgName'))), 'Microsoft.DesktopVirtualization/hostPools', variables('varHostPoolName')), '2019-12-10-preview').registrationInfo.token]" + }, + "baseScriptUri": { + "value": "[variables('varSessionHostConfigurationScriptUri')]" + }, + "scriptName": { + "value": "[variables('varSessionHostConfigurationScript')]" + }, + "fslogix": { + "value": "[parameters('createAvdFslogixDeployment')]" + }, + "identityDomainName": { + "value": "[parameters('identityDomainName')]" + }, + "vmSize": { + "value": "[parameters('vmSize')]" + }, + "fslogixFileShare": { + "value": "[variables('varFslogixSharePath')]" + }, + "fslogixStorageFqdn": { + "value": "[variables('varFslogixStorageFqdn')]" + }, + "identityServiceProvider": { + "value": "[parameters('identityServiceProvider')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "16467384531279284955" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Extension deployment name." + } + }, + "identityServiceProvider": { + "type": "string", + "metadata": { + "description": "The service providing domain services for Azure Virtual Desktop." + } + }, + "identityDomainName": { + "type": "string", + "metadata": { + "description": "Identity domain name." + } + }, + "location": { + "type": "string", + "metadata": { + "description": "Location where to deploy compute services." + } + }, + "baseScriptUri": { + "type": "string", + "metadata": { + "description": "URI for AVD session host configuration URI path." + } + }, + "scriptName": { + "type": "string", + "metadata": { + "description": "URI for AVD session host configuration script." + } + }, + "fslogix": { + "type": "bool", + "metadata": { + "description": "Deploy FSlogix configuration." + } + }, + "fslogixFileShare": { + "type": "string", + "metadata": { + "description": "File share path for FSlogix storage." + } + }, + "fslogixStorageFqdn": { + "type": "string", + "metadata": { + "description": "FSLogix storage account FDQN." + } + }, + "vmSize": { + "type": "string", + "metadata": { + "description": "Session host VM size." + } + }, + "hostPoolToken": { + "type": "securestring", + "metadata": { + "description": "AVD Host Pool registration token" + } + } + }, + "variables": { + "varScriptArguments": "[format('-IdentityDomainName {0} -AmdVmSize {1} -IdentityServiceProvider {2} -Fslogix {3} -FslogixFileShare {4} -FslogixStorageFqdn {5} -HostPoolRegistrationToken {6} -NvidiaVmSize {7} -verbose', parameters('identityDomainName'), variables('varAmdVmSize'), parameters('identityServiceProvider'), parameters('fslogix'), parameters('fslogixFileShare'), parameters('fslogixStorageFqdn'), parameters('hostPoolToken'), variables('varNvidiaVmSize'))]", + "varAmdVmSizes": [ + "Standard_NV4as_v4", + "Standard_NV8as_v4", + "Standard_NV16as_v4", + "Standard_NV32as_v4" + ], + "varAmdVmSize": "[contains(variables('varAmdVmSizes'), parameters('vmSize'))]", + "varNvidiaVmSizes": [ + "Standard_NV6", + "Standard_NV12", + "Standard_NV24", + "Standard_NV12s_v3", + "Standard_NV24s_v3", + "Standard_NV48s_v3", + "Standard_NC4as_T4_v3", + "Standard_NC8as_T4_v3", + "Standard_NC16as_T4_v3", + "Standard_NC64as_T4_v3", + "Standard_NV6ads_A10_v5", + "Standard_NV12ads_A10_v5", + "Standard_NV18ads_A10_v5", + "Standard_NV36ads_A10_v5", + "Standard_NV36adms_A10_v5", + "Standard_NV72ads_A10_v5" + ], + "varNvidiaVmSize": "[contains(variables('varNvidiaVmSizes'), parameters('vmSize'))]" + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines/extensions", + "apiVersion": "2022-08-01", + "name": "[format('{0}/SessionHostConfig', parameters('name'))]", + "location": "[parameters('location')]", + "properties": { + "publisher": "Microsoft.Compute", + "type": "CustomScriptExtension", + "typeHandlerVersion": "1.10", + "autoUpgradeMinorVersion": true, + "settings": { + "fileUris": "[array(parameters('baseScriptUri'))]" + }, + "protectedSettings": { + "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('scriptName'), variables('varScriptArguments'))]" + } + } + } + ] + } + }, + "dependsOn": [ + "monitoring", + "sessionHosts" + ] + } + ] +} \ No newline at end of file diff --git a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json index 6cf117495..9c403b977 100644 --- a/workload/portal-ui/brownfield/portalUiAddSessionHosts.json +++ b/workload/portal-ui/brownfield/portalUiAddSessionHosts.json @@ -4,7 +4,7 @@ "kind": "Form", "properties": { "isWizard": false, - "title": "Azure Virtual Desktop - Landing Zone Accelerator (LZA) - Baseline", + "title": "Azure Virtual Desktop LZA: Deploy New Session Hosts", "steps": [ { "name": "basics", @@ -231,6 +231,11 @@ "resourceType": "Microsoft.KeyVault/vaults", "constraints": { "required": true + }, + "options": { + "filter": { + "subscription": "onBasics" + } } }, { @@ -283,6 +288,34 @@ } ] }, + { + "name": "managementPlane", + "label": "Management plane", + "elements": [ + { + "name": "managementPlaneSettings", + "type": "Microsoft.Common.Section", + "label": "Settings:", + "elements": [ + { + "name": "fslogixStorageAccountSelector", + "type": "Microsoft.Solutions.ResourceSelector", + "label": "Host pool", + "toolTip": "Select host pool where to add new session hosts.", + "resourceType": "Microsoft.DesktopVirtualization/hostpools", + "constraints": { + "required": true + }, + "options": { + "filter": { + "subscription": "onBasics" + } + } + } + ] + } + ] + }, { "name": "sessionHosts", "label": "Session hosts", @@ -638,10 +671,16 @@ "name": "fslogixStorageAccountSelector", "type": "Microsoft.Solutions.ResourceSelector", "label": "Storage account", - "toolTip": "The name of the Storage account created and configured to host FSLogix user profile containers.", + "toolTip": "Select storage account created and configured to host FSLogix user profile containers.", "resourceType": "Microsoft.Storage/storageAccounts", "constraints": { "required": true + }, + "options": { + "filter": { + "subscription": "onBasics", + "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.name]" + } } }, { @@ -651,7 +690,9 @@ "toolTip": "The name of the file share created and configured to host FSLogix user profile containers.", "placeholder": "Example: fslogix-pc-avd1-dev-use2-001", "constraints": { - "required": true + "required": true, + "subscription":"onBasics", + "location":"[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.name]" } } ] @@ -727,7 +768,6 @@ "name": "virtualNetworkSubnetSelectorName", "label": "Subnet", "type": "Microsoft.Common.DropDown", - "visible": "[not(steps('network').createAvdVirtualNetwork)]", "defaultValue": "", "toolTip": "Azure Virtual Desktop subnet.", "multiselect": false, @@ -740,10 +780,18 @@ "required": true } }, + { + "name": "applicationSecurityGroup", + "type": "Microsoft.Common.CheckBox", + "label": "Application Security Group (ASG)", + "defaultValue": true, + "toolTip": "Configure session host to use FSLogix." + }, { "name": "applicationSecurityGroupSelectorId", "type": "Microsoft.Solutions.ResourceSelector", - "label": "Application Security Group", + "visible": "[steps('network').networkSettings.applicationSecurityGroup]", + "label": "Select ASG", "resourceType": "Microsoft.Network/applicationSecurityGroups", "options": { "filter": { @@ -1126,7 +1174,7 @@ }, "outputs": { "parameters": {}, - "kind": "Subscription", + "kind": "resourceGroups", "location": "[steps('basics').resourceScope.location.name]", "subscriptionId": "[steps('basics').resourceScope.subscription.id]" } diff --git a/workload/portal-ui/brownfield/portalUiAlerts.json b/workload/portal-ui/brownfield/portalUiAlerts.json index 02cffeb45..e528327d3 100644 --- a/workload/portal-ui/brownfield/portalUiAlerts.json +++ b/workload/portal-ui/brownfield/portalUiAlerts.json @@ -3,8 +3,8 @@ "view": { "kind": "Form", "properties": { - "title": "Create AVD Alerts", - "steps": [ + "title": "Azure Virtual Desktop LZA: Create AVD Alerts", + "steps": [ { "name": "basics", "label": "Basics", diff --git a/workload/portal-ui/brownfield/portalUiAppAttachToolsVM.json b/workload/portal-ui/brownfield/portalUiAppAttachToolsVM.json index 5ee6b5de7..48f586ea0 100644 --- a/workload/portal-ui/brownfield/portalUiAppAttachToolsVM.json +++ b/workload/portal-ui/brownfield/portalUiAppAttachToolsVM.json @@ -3,7 +3,7 @@ "view": { "kind": "Form", "properties": { - "title": "Deploy App Attach VM with Tools", + "title": "Azure Virtual Desktop LZA: Deploy App Attach VM with Tools", "steps": [ { "name": "basics", diff --git a/workload/portal-ui/brownfield/portalUiAutoIncreasePremiumFileShareQuota.json b/workload/portal-ui/brownfield/portalUiAutoIncreasePremiumFileShareQuota.json index 03c75d65f..3668ef7d8 100644 --- a/workload/portal-ui/brownfield/portalUiAutoIncreasePremiumFileShareQuota.json +++ b/workload/portal-ui/brownfield/portalUiAutoIncreasePremiumFileShareQuota.json @@ -3,7 +3,7 @@ "view": { "kind": "Form", "properties": { - "title": "AVD Landing Zone Accelerator: Auto Increase Premium File Share Quota", + "title": "Azure Virtual Desktop LZA: Auto Increase Premium File Share Quota", "steps": [ { "name": "basics", diff --git a/workload/portal-ui/brownfield/portalUiScalingTool.json b/workload/portal-ui/brownfield/portalUiScalingTool.json index 46e3cf7d3..e51afdad9 100644 --- a/workload/portal-ui/brownfield/portalUiScalingTool.json +++ b/workload/portal-ui/brownfield/portalUiScalingTool.json @@ -3,7 +3,7 @@ "view": { "kind": "Form", "properties": { - "title": "AVD Landing Zone Accelerator: Scaling Tool", + "title": "Azure Virtual Desktop LZA: Scaling Tool", "steps": [ { "name": "basics", diff --git a/workload/portal-ui/brownfield/portalUiStartVmOnConnect.json b/workload/portal-ui/brownfield/portalUiStartVmOnConnect.json index a16f75f8a..451801570 100644 --- a/workload/portal-ui/brownfield/portalUiStartVmOnConnect.json +++ b/workload/portal-ui/brownfield/portalUiStartVmOnConnect.json @@ -3,7 +3,7 @@ "view": { "kind": "Form", "properties": { - "title": "AVD Accelerator: Start VM On Connect", + "title": "Azure Virtual Desktop LZA: Start VM On Connect", "steps": [ { "name": "basics", From ce345e8caea2cfd250cc7a6bc387e3b1b10830c6 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Thu, 16 Nov 2023 07:47:40 -0600 Subject: [PATCH 15/15] updates --- workload/bicep/modules/avdSessionHosts/deploy.bicep | 2 +- workload/scripts/Set-SessionHostConfiguration.ps1 | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/workload/bicep/modules/avdSessionHosts/deploy.bicep b/workload/bicep/modules/avdSessionHosts/deploy.bicep index ca4693f4c..d662ce9d9 100644 --- a/workload/bicep/modules/avdSessionHosts/deploy.bicep +++ b/workload/bicep/modules/avdSessionHosts/deploy.bicep @@ -213,7 +213,7 @@ module sessionHosts '../../../../carml/1.3.0/Microsoft.Compute/virtualMachines/d // ADDS or AADDS domain join. extensionDomainJoinPassword: keyVault.getSecret('domainJoinUserPassword') extensionDomainJoinConfig: { - enabled: (identityServiceProvider == 'ADDS' || identityServiceProvider == 'AADDS') ? true : false + enabled: (identityServiceProvider == 'AADDS' || identityServiceProvider == 'ADDS') ? true : false settings: { name: identityDomainName ouPath: !empty(sessionHostOuPath) ? sessionHostOuPath : null diff --git a/workload/scripts/Set-SessionHostConfiguration.ps1 b/workload/scripts/Set-SessionHostConfiguration.ps1 index 6b4485e4a..f8b0a9ef2 100644 --- a/workload/scripts/Set-SessionHostConfiguration.ps1 +++ b/workload/scripts/Set-SessionHostConfiguration.ps1 @@ -1,5 +1,5 @@ Param( -[parameter(Mandatory)] +[parameter(Mandatory=$false)] [string] $IdentityDomainName, @@ -15,11 +15,11 @@ $IdentityServiceProvider, [string] $Fslogix, -[parameter(Mandatory=)] +[parameter(Mandatory=$false)] [string] $FslogixFileShare, -[parameter(Mandatory)] +[parameter(Mandatory=$false)] [string] $fslogixStorageFqdn,