Skip to content

Commit

Permalink
Merge pull request #600 from yahanda/waf-compliancy-patch-1
Browse files Browse the repository at this point in the history 
update WAF compliant improvement
  • Loading branch information
@danycontre
danycontre committed Mar 26, 2024
2 parents 5d3ced6 + b23b742 commit 70cf375
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 7 deletions.
2 changes: 2 additions & 0 deletions workload/docs/getting-started-baseline.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ Prior to deploying the Baseline solution, you need to ensure you have met the fo
- [x] If implementing Zero Trust, ensure the prerequisites for encryption at host have been implemented: [Prerequisites](https://learn.microsoft.com/azure/virtual-machines/disks-enable-host-based-encryption-portal?tabs=azure-powershell#prerequisites).
- [x] If enabling Start VM on Connect or Scaling Plans features, it is required to provide the ObjectID for the enterprise application Azure Virtual Desktop (Name can also be displayed as 'Windows Virtual Desktops'). To get the ObjectID got to Microsoft Entra ID > Enterprise applications, remove all filters and search for 'Virtual Desktops' and copy the ObjectID that is paired with the Application ID: 9cdead84-a844-4324-93f2-b2e6bb768d07.
- [x] Account used for portal UI deployment, needs to be able to query Microsoft Entra tenant and get the ObjectID of the Azure Virtual Desktop enterprise app, query will be executed by the automation using the user context.
- [x] If complying with WAF, the Domain Controllers VMs if hosted in Azure should follow High Availability best practices as mentioned in [here](https://learn.microsoft.com/azure/architecture/example-scenario/identity/adds-extend-domain#reliability) and High availability for Entra Domain services can be setup using replica set as mentioned in [here](https://learn.microsoft.com/entra/identity/domain-services/concepts-replica-sets).
- [x] If customer selects "Compute gallery" as the image source then it is customer's responsibility to ensure the high availability of the images used and keep the number of replicas to a minumum for scaling the deployments, as mentioned in [here](https://learn.microsoft.com/azure/virtual-machines/azure-compute-gallery).

## Planning

Expand Down
11 changes: 6 additions & 5 deletions workload/portal-ui/portal-ui-baseline.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -554,7 +554,7 @@
"type": "Microsoft.Common.InfoBox",
"visible": true,
"options": {
"text": "If you select 'Use availability zones' below, some regions may not be available for deployment of session hosts because not all regions support Availability Zones. \n\nThe 'Session hosts region' drop down will automatically update based on this selection. If the value changes to blank, select an alternate region or set 'Use availability zones' to 'No'.",
"text": "If you select 'Use availability zones' below and/or select 'Use zone redundant storage' on the Storage section, some regions may not be available for deployment of session hosts because not all regions support Availability Zones. \n\nThe 'Session hosts region' drop down will automatically update based on these selections. If the value changes to blank, select an alternate region or set 'Use availability zones' and 'Use zone redundant storage' to 'No'.",
"uri": "https://learn.microsoft.com/azure/reliability/availability-zones-service-support#azure-regions-with-availability-zone-support",
"style": "Info"
}
Expand All @@ -576,7 +576,7 @@
"toolTip": "Select the region where the session hosts and required resources are to be deployed.",
"constraints": {
"required": true,
"allowedValues": "[if(equals(steps('sessionHosts').sessionHostsRegionSection.sessionHostsAvailabilitySettings, false), map(first(map(filter(steps('sessionHosts').sessionHostsRegionSection.computeApi.value, (resourceTypes) => equals(resourceTypes.resourceType, 'virtualMachines')), (item) => item.locations)), (item) => parse(concat('{\"label\":\"', item, '\",\"value\":\"', toLower(replace(item, ' ', '')), '\"}'))), map(filter(first(map(filter(steps('sessionHosts').sessionHostsRegionSection.computeApi.value, (resourceTypes) => equals(resourceTypes.resourceType, 'virtualMachines')), (item) => item.zoneMappings)), (item) => equals(length(item.zones), 3)), (item) => parse(concat('{\"label\":\"', item.location, '\",\"value\":\"', toLower(replace(item.location, ' ', '')), '\"}'))))]"
"allowedValues": "[if(and(equals(steps('sessionHosts').sessionHostsRegionSection.sessionHostsAvailabilitySettings, false), equals(steps('storage').storageGeneralSettings.storageGeneralSettingsZoneRedundancy, false)), map(first(map(filter(steps('sessionHosts').sessionHostsRegionSection.computeApi.value, (resourceTypes) => equals(resourceTypes.resourceType, 'virtualMachines')), (item) => item.locations)), (item) => parse(concat('{\"label\":\"', item, '\",\"value\":\"', toLower(replace(item, ' ', '')), '\"}'))), map(filter(first(map(filter(steps('sessionHosts').sessionHostsRegionSection.computeApi.value, (resourceTypes) => equals(resourceTypes.resourceType, 'virtualMachines')), (item) => item.zoneMappings)), (item) => equals(length(item.zones), 3)), (item) => parse(concat('{\"label\":\"', item.location, '\",\"value\":\"', toLower(replace(item.location, ' ', '')), '\"}'))))]"
}
}
]
Expand Down Expand Up @@ -881,7 +881,8 @@
"type": "Microsoft.Common.InfoBox",
"visible": true,
"options": {
"text": "Storage resources will be deployed on the same location on the Session Hosts section.",
"text": "Storage resources will be deployed on the same location on the Session Hosts section. \n\nIf you select 'Use zone redundant storage' below, some regions may not be available for deployment of storage accounts because not all regions support Availability Zones. \n\nThe 'Session hosts region' drop down on the Session Hosts section will automatically update based on this selection. If the value changes to blank, select an alternate region or set 'Use zone redundant storage' to 'No'.",
"uri": "https://learn.microsoft.com/azure/reliability/availability-zones-service-support#azure-regions-with-availability-zone-support",
"style": "Info"
}
},
Expand All @@ -904,7 +905,7 @@
"name": "storageGeneralSettingsZoneRedundancy",
"type": "Microsoft.Common.CheckBox",
"label": "Zone redundant storage",
"defaultValue": false,
"defaultValue": true,
"toolTip": "Select to replicate storage across availability zones or only use local redundancy."
}
]
Expand Down Expand Up @@ -1487,7 +1488,7 @@
"type": "Microsoft.Common.CheckBox",
"visible": true,
"label": "Deploy monitoring",
"defaultValue": false,
"defaultValue": true,
"toolTip": "Deploy monitoring settings and if selected deploy Azure log analytics workspace."
},
{
Expand Down
4 changes: 2 additions & 2 deletions workload/portal-ui/portal-ui-custom-image.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@
"name": "storageAccountType",
"type": "Microsoft.Common.DropDown",
"label": "Storage account type",
"defaultValue": "Standard Locally-Redundant Storage",
"defaultValue": "Standard Zone-Redundant Storage",
"toolTip": "Determine the performance and redundancy for the Image Version.",
"constraints": {
"required": true,
Expand Down Expand Up @@ -151,7 +151,7 @@
"type": "Microsoft.Common.CheckBox",
"visible": true,
"label": "Enable replication to disaster recovery location",
"defaultValue": false,
"defaultValue": true,
"toolTip": "Determine whether to replicate the Image Version to your disaster recovery location."
},
{
Expand Down

0 comments on commit 70cf375

Please sign in to comment.