diff --git a/docs/content/patterns/alz/FAQ.md b/docs/content/patterns/alz/FAQ.md index 2c96edbe7..2e7128633 100644 --- a/docs/content/patterns/alz/FAQ.md +++ b/docs/content/patterns/alz/FAQ.md @@ -8,6 +8,10 @@ weight: 80 *No but you will need to be using Azure Management groups and for now our focus is on the resources frequently deployed as part of Azure Landing Zone deployments.* +## Do I need to deploy to each region that I want to monitor? + +*No, deploying to multiple regions is not necessary. The definitions and assignments are scoped to a management group and are not region specific.* + ## Do I need to use the thresholds defined as default values in the metric rule alerts? *It's provided as a starting point, we've based the initial thresholds on what we've seen and what Microsoft's documentation recommends. You will need to adjust the thresholds at some point.* diff --git a/docs/content/patterns/alz/Known-Issues.md b/docs/content/patterns/alz/Known-Issues.md index ce1586fc1..d5bb4a064 100644 --- a/docs/content/patterns/alz/Known-Issues.md +++ b/docs/content/patterns/alz/Known-Issues.md @@ -48,24 +48,25 @@ When a role or a role assignement is removed, some orphaned object can still app ### Cause -A deployment has been performed using one region (i.e. 'uksouth') in the command line. A subsequent cleanup is performed to allow a second deploy against a different region (i.e. 'westeurope'). Deployment entries still exists from the previous operation, so a region conflict is detected blocking you to run another deployment using a different region. +A deployment has been performed using one region, for example "uksouth", and when you try to deploy again to the same scope but to a different region you will receive an error. This happens even when a cleanup has been performed (see [Cleaning up a Deployment](../Cleaning-up-a-Deployment) for more details). This is because deployment entries still exists from the previous operation, so a region conflict is detected blocking you to run another deployment using a different region. ### Resolution +Situation 1: You are trying to deploy to a different region in addition to a previous deployment. Deploying to the same scope in a different region is not necessary. The definitions and assignments are scoped to a management group and are not region specific. No action is required. -To resolve this issue, follow the steps below: +Situation 2: You cleaned up a previous implementation and want to deploy again to a different region. To resolve this issue, follow the steps below: 1. Navigate to ***Management Groups*** 2. Select the management group (corresponding to the value entered for the *enterpriseScaleCompanyPrefix* during the deployment) were AMBA deployment was targeted to 3. Click ***Deployment*** 4. Select all the deployment instances related to AMBA and click ***Delete***. -{{< hint type=Important >}} +{{< hint type=Note >}} To recognize the deployment names belonging to AMBA, select those whose names start with: 1. amba- 2. pid- 3. alzArm -4. preparingToLaunch +4. ambaPreparingToLaunch If you deployed AMBA just one time, you have 14 deployment instances diff --git a/docs/content/patterns/alz/Moving-from-preview-to-GA.md b/docs/content/patterns/alz/Moving-from-preview-to-GA.md index 1fcb6d793..0b2a8c1c3 100644 --- a/docs/content/patterns/alz/Moving-from-preview-to-GA.md +++ b/docs/content/patterns/alz/Moving-from-preview-to-GA.md @@ -4,7 +4,7 @@ geekdocCollapseSection: true weight: 70 --- -In some scenarios, it may be necessary to remove everything deployed by the ALZ Monitor solution. The instructions below detail execution of a PowerShell script to delete all resources deployed, including: +When moving from the preview version to GA, it is required to remove everything deployed by the ALZ Monitor solution. The instructions below detail execution of a PowerShell script to delete all resources deployed, including: - Metric Alerts - Activity Log Alerts diff --git a/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md b/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md index 733bc09cd..4281e8619 100644 --- a/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md +++ b/docs/content/patterns/alz/deploy/Customize-Policy-Assignment.md @@ -20,7 +20,9 @@ As an example you may want to change alert thresholds for one or more metric ale If we want to change the threshold value for Virtual Network Gateway Express Route CPU utilization from 80 (default value) to 90, and Virtual Network Gateway Egress traffic from 1 to 1000, what we would do is include this in a parameter file as shown below. These specific thresholds would then be set in the individual policy assignment, while the remaining values for all other policies would remain at default. Note that the parameter file shown below has been truncated for brevity, compared to the samples included. -> The parameters file templates contain the same default values as listed in our documentation. However, be aware that the _Policy assignment parameter reference type​_ will change for all parameters when using the template parameter file, even when a value of a parameter wasn't modified it will appear as a _User defined parameter_ after deployment. This occurs because the parameter is explicitly defined in the parameter file. To avoid this, you can create your own parameter files that only include the parameters that you wish to modify. +{{< hint type=Note >}} +The parameter file contains the same default values as listed in our documentation. However, be aware that the _Policy assignment parameter reference type​_ will change for all parameters when using the template parameter file, even when a value of a parameter wasn't modified it will appear as a _User defined parameter_ after deployment. This occurs because the parameter is explicitly defined in the parameter file. To avoid this, you can create your own parameter files that only includes the parameters that you wish to modify. +{{< /hint >}} ```json { diff --git a/docs/content/patterns/alz/deploy/Deploy-with-Azure-CLI.md b/docs/content/patterns/alz/deploy/Deploy-with-Azure-CLI.md index 05ef25725..84a8a8ce0 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-Azure-CLI.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-Azure-CLI.md @@ -4,7 +4,7 @@ weight: 30 --- {{< hint type=Important >}} -Updating from a preview version is not supported. If you deployed a preview version, please proceed with [Cleaning Up Preview Version Deployment](../Cleaning-Up-Preview-Version-Deployment) before continuing. +Updating from a preview version is not supported. If you deployed a preview version, please proceed with [Moving from preview to GA](../../Moving-from-preview-to-GA) before continuing. {{< /hint >}} ## 1. Parameter configuration @@ -134,6 +134,8 @@ pseudoRootManagementGroup="The pseudo root management group id parenting the ide When running Azure CLI from PowerShell the variables have to start with a $. Above-mentioned "pseudoRootManagementGroup" variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the "enterpriseScaleCompanyPrefix" parameter, as set previously within the parameter files. + +The location variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. {{< /hint >}} ## 4. Deploying AMBA diff --git a/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md b/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md index ebd2fa164..d022bee6b 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-Azure-Pipelines.md @@ -4,7 +4,7 @@ weight: 50 --- {{< hint type=Important >}} -Updating from a preview version is not supported. If you deployed a preview version, please proceed with [Cleaning Up Preview Version Deployment](../Cleaning-Up-Preview-Version-Deployment) before continuing. +Updating from a preview version is not supported. If you deployed a preview version, please proceed with [Moving from preview to GA](../../Moving-from-preview-to-GA) before continuing. {{< /hint >}} ## 1. Parameter configuration @@ -132,6 +132,8 @@ Also in your Azure DevOps project, configure a service connection to your Azure {{< hint type=important >}} Above-mentioned "ManagementGroupPrefix" variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the "parPolicyPseudoRootMgmtGroup" parameter, as set previously within the parameter files. + +The location variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. {{< /hint >}} ## Next steps diff --git a/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md b/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md index ba57b0561..0d0e63583 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-Azure-PowerShell.md @@ -4,7 +4,7 @@ weight: 40 --- {{< hint type=Important >}} -Updating from a preview version is not supported. If you deployed a preview version, please proceed with [Cleaning Up Preview Version Deployment](../Cleaning-Up-Preview-Version-Deployment) before continuing. +Updating from a preview version is not supported. If you deployed a preview version, please proceed with [Moving from preview to GA](../../Moving-from-preview-to-GA) before continuing. {{< /hint >}} ## 1. Parameter configuration @@ -132,6 +132,8 @@ $pseudoRootManagementGroup = "The pseudo root management group id parenting the {{< hint type=important >}} Above-mentioned "pseudoRootManagementGroup" variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the "parPolicyPseudoRootMgmtGroup" parameter, as set previously within the parameter files. + +The location variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. {{< /hint >}} ## 4. Deploy the policy definitions, initiatives and policy assignments with default settings diff --git a/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md b/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md index 6642e7041..dffe8b962 100644 --- a/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md +++ b/docs/content/patterns/alz/deploy/Deploy-with-GitHub-Actions.md @@ -4,7 +4,7 @@ weight: 60 --- {{< hint type=Important >}} -Updating from a preview version is not supported. If you deployed a preview version, please proceed with [Cleaning Up Preview Version Deployment](../Cleaning-Up-Preview-Version-Deployment) before continuing. +Updating from a preview version is not supported. If you deployed a preview version, please proceed with [Moving from preview to GA](../../Moving-from-preview-to-GA) before continuing. {{< /hint >}} ## 1. Parameter configuration @@ -132,6 +132,8 @@ To deploy through GitHub actions, please refer to the [sample-workflow.yml](http {{< hint type=important >}} Above-mentioned "ManagementGroupPrefix" variable value, being the so called "pseudo root management group id", should _coincide_ with the value of the "parPolicyPseudoRootMgmtGroup" parameter, as set previously within the parameter files. + +The location variable refers to the deployment location. Deploying to multiple regions is not necessary as the definitions and assignments are scoped to a management group and are not region specific. {{< /hint >}} ## Next steps