From 63fff89467079ec4667d43ae519c381390a83511 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Thu, 23 Jan 2025 13:18:58 +0400 Subject: [PATCH 1/3] Updating MG API version --- .../mgmtGroupStructure/mgmtGroups.json | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/eslzArm/managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json b/eslzArm/managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json index 37231a5fb1..612fc7adc5 100644 --- a/eslzArm/managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json +++ b/eslzArm/managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json @@ -43,14 +43,14 @@ // Create top level management group under tenant root "type": "Microsoft.Management/managementGroups", "scope": "/", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "name": "[parameters('topLevelManagementGroupPrefix')]", "properties": {} }, { // Create management group for platform management groups "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "scope": "/", "name": "[variables('enterpriseScaleManagementGroups').platform]", "dependsOn": [ @@ -68,7 +68,7 @@ { // Create management group for landing zones "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "scope": "/", "name": "[variables('enterpriseScaleManagementGroups').landingZone]", "dependsOn": [ @@ -86,7 +86,7 @@ { // Create management group for sandbox subscriptions "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "scope": "/", "name": "[variables('enterpriseScaleManagementGroups').sandboxes]", "dependsOn": [ @@ -104,7 +104,7 @@ { // Create management group for decommissioned subscriptions "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "scope": "/", "name": "[variables('enterpriseScaleManagementGroups').decommissioned]", "dependsOn": [ @@ -123,7 +123,7 @@ // Create child management groups for platform resources "condition": "[not(empty(parameters('platformMgs')))]", "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "scope": "/", "name": "[concat(parameters('topLevelManagementGroupPrefix'), '-', parameters('platformMgs')[copyIndex()])]", "dependsOn": [ @@ -146,7 +146,7 @@ // Create child management groups for landing zones "condition": "[not(empty(parameters('landingZoneMgs')))]", "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "scope": "/", "name": "[concat(parameters('topLevelManagementGroupPrefix'), '-', parameters('landingZoneMgs')[copyIndex()])]", "dependsOn": [ From db6fdceeb861ba8f8e52306a69f323e95ca8f810 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Thu, 23 Jan 2025 16:17:49 +0400 Subject: [PATCH 2/3] What's New --- docs/wiki/Whats-new.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md index 7e68ccb818..6c83b34036 100644 --- a/docs/wiki/Whats-new.md +++ b/docs/wiki/Whats-new.md @@ -66,6 +66,7 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones: - Removed duplicate policy assignment "Container Apps should only be accessible over HTTPS" from initiative [Enforce-EncryptTransit_20241211](https://www.azadvertizer.net/azpolicyinitiativesadvertizer/Enforce-EncryptTransit_2024.html). Note, this is a breaking change, and existing assignments should be removed and re-assigned. - Added new custom policies [Audit-Tags-Mandatory](https://www.azadvertizer.net/azpolicyadvertizer/Audit-Tags-Mandatory.html) and [Audit-Tags-Mandatory-Rg](https://www.azadvertizer.net/azpolicyadvertizer/Audit-Tags-Mandatory-Rg.html) to support auditing for the existence of mandatory tags (based on an array of tags). Not assigned by default. - Updated the Workload Specific Compliance initiative section in the portal accelerator to allow configuring `Audit Only` effect for workloads using the `DoNotEnforce` enforcement mode. +- Updated the Management Group creation template to use the latest API version `2023-04-01`. ### December 2024 From b8d7cb75525e468750c924c0849bd20e6b436d96 Mon Sep 17 00:00:00 2001 From: Sacha Narinx Date: Thu, 23 Jan 2025 16:28:06 +0400 Subject: [PATCH 3/3] Updating lite version APIs --- .../mgmtGroupStructure/mgmtGroupsLite.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/eslzArm/managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json b/eslzArm/managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json index ed5291c94f..7d3c2b050e 100644 --- a/eslzArm/managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json +++ b/eslzArm/managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json @@ -31,14 +31,14 @@ { // Create top level management group under tenant root "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "name": "[parameters('topLevelManagementGroupPrefix')]", "properties": {} }, { // Create management group for platform management groups "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "name": "[variables('enterpriseScaleManagementGroups').platform]", "dependsOn": [ "[tenantResourceId('Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'))]" @@ -55,7 +55,7 @@ { // Create management group for landing zones "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "name": "[variables('enterpriseScaleManagementGroups').landingZone]", "dependsOn": [ "[tenantResourceId('Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'))]" @@ -72,7 +72,7 @@ { // Create management group for sandbox subscriptions "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "name": "[variables('enterpriseScaleManagementGroups').sandboxes]", "dependsOn": [ "[tenantResourceId('Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'))]" @@ -89,7 +89,7 @@ { // Create management group for decommissioned subscriptions "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "name": "[variables('enterpriseScaleManagementGroups').decommissioned]", "dependsOn": [ "[tenantResourceId('Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'))]" @@ -107,7 +107,7 @@ // Create child management groups for landing zones "condition": "[not(empty(parameters('landingZoneMgs')))]", "type": "Microsoft.Management/managementGroups", - "apiVersion": "2020-05-01", + "apiVersion": "2023-04-01", "name": "[concat(parameters('topLevelManagementGroupPrefix'), '-', parameters('landingZoneMgs')[copyIndex()])]", "dependsOn": [ "[tenantResourceId('Microsoft.Management/managementGroups/', variables('enterpriseScaleManagementGroups').landingZone)]"