From 21db5ad52aa006d98d62b193b82331a09ecc8e9e Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Mon, 14 Aug 2023 18:44:04 -0500 Subject: [PATCH 01/42] refactor storage setup --- workload/bicep/deploy-baseline.bicep | 2 + .../modules/storageAzureFiles/deploy.bicep | 53 +++ .../storageAzureFiles/ntfsPermissions.bicep | 50 +++ workload/scripts/Set-NtfsPermissions.ps1 | 323 ++++++++++++++++++ 4 files changed, 428 insertions(+) create mode 100644 workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep create mode 100644 workload/scripts/Set-NtfsPermissions.ps1 diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index a3e43b917..dd36daaa5 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -1145,6 +1145,7 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if createOuForStorageString: varCreateOuForStorageString managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : '' domainJoinUserName: avdDomainJoinUserName + domainJoinUserPassword: avdDomainJoinUserPassword //change to keyvault wrklKvName: varWrklKvName serviceObjectsRgName: varServiceObjectsRgName identityDomainName: avdIdentityDomainName @@ -1188,6 +1189,7 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr createOuForStorageString: varCreateOuForStorageString managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : '' domainJoinUserName: avdDomainJoinUserName + domainJoinUserPassword: avdDomainJoinUserPassword //change to keyvault wrklKvName: varWrklKvName serviceObjectsRgName: varServiceObjectsRgName identityDomainName: avdIdentityDomainName diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 9974bc884..428194eaf 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -43,6 +43,10 @@ param wrklKvName string @sys.description('AVD session host domain join credentials.') param domainJoinUserName string +@sys.description('AVD session host domain join credentials.') +@secure() +param domainJoinUserPassword string + @sys.description('Azure Files storage account SKU.') param storageSku string @@ -95,9 +99,30 @@ param createOuForStorageString string @sys.description('Managed Identity Client ID') param managedIdentityClientId string +param FslogixSolution string = 'ProfileContainer' + +param KerberosEncryption string = 'AES256' + +param _artifactsLocation string = 'https://github.com/moisesjgomez/avdaccelerator/tree/ntfs-permissions/workload/scripts/' + +param _artifactsLocationSasToken string = '' + +param StorageAccountPrefix string = '' + +param SecurityPrincipalNames array = [] + +param storageResourceGroup string = '' + +param storageSolution string = 'AzureStorageAccount' + +param storageCount int = 1 + +param storageIndex int = 0 + // =========== // // Variable declaration // // =========== // + var varAzureCloudName = environment().name var varStoragePurposeLower = toLower(storagePurpose) var varAvdFileShareLogsDiagnostic = [ @@ -106,6 +131,7 @@ var varAvdFileShareLogsDiagnostic = [ var varAvdFileShareMetricsDiagnostic = [ 'Transaction' ] + var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' var vardirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId}' @@ -188,6 +214,7 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts //} // Custom Extension call in on the DSC script to join Azure storage account to domain. +/* module addShareToDomainScript './.bicep/azureFilesDomainJoin.bicep' = { scope: resourceGroup('${workloadSubsId}', '${serviceObjectsRgName}') name: 'Add-${storagePurpose}-Storage-Setup-${time}' @@ -203,6 +230,32 @@ module addShareToDomainScript './.bicep/azureFilesDomainJoin.bicep' = { storageAndFile ] } +*/ + +module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { + name: 'FslogixNtfsPermissions_${time}' + scope: resourceGroup('${workloadSubsId}', '${serviceObjectsRgName}') + params: { + _artifactsLocation: storageToDomainScriptUri + _artifactsLocationSasToken: _artifactsLocationSasToken + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution ${identityServiceProvider} -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountName ${storageAccountName} -Netbios ${identityDomainName} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + //DeploymentScriptNamePrefix: DeploymentScriptNamePrefix + Location: sessionHostLocation + ManagementVmName: managementVmName + //TagsDeploymentScripts: TagsDeploymentScripts + //TagsVirtualMachines: TagsVirtualMachines + Timestamp: time + //UserAssignedIdentityResourceId: UserAssignedIdentityResourceId + } + /* + dependsOn: [ + privateDnsZoneGroups + privateEndpoints + shares + ] + */ +} + // =========== // // Outputs // diff --git a/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep b/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep new file mode 100644 index 000000000..890c97583 --- /dev/null +++ b/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep @@ -0,0 +1,50 @@ +param _artifactsLocation string +@secure() +param _artifactsLocationSasToken string +@secure() +param CommandToExecute string +//param DeploymentScriptNamePrefix string +param Location string +param ManagementVmName string +//param TagsDeploymentScripts object +//param TagsVirtualMachines object +param Timestamp string +//param UserAssignedIdentityResourceId string + +resource customScriptExtension 'Microsoft.Compute/virtualMachines/extensions@2020-12-01' = { + name: '${ManagementVmName}/CustomScriptExtension' + location: Location + //tags: TagsVirtualMachines + properties: { + publisher: 'Microsoft.Compute' + type: 'CustomScriptExtension' + typeHandlerVersion: '1.10' + autoUpgradeMinorVersion: true + settings: { + fileUris: [ + '${_artifactsLocation}Set-NtfsPermissions.ps1${_artifactsLocationSasToken}' + ] + timestamp: Timestamp + } + protectedSettings: { + commandToExecute: CommandToExecute + } + } +} +/* +module deploymentScript '../deploymentScript.bicep' = { + name: 'DeploymentScript_FSLogix-CleanUp_${Timestamp}' + params: { + Arguments: '-VirtualMachineName ${ManagementVmName} -ResourceGroupName ${resourceGroup().name}' + Location: Location + Name: '${DeploymentScriptNamePrefix}fslogix' + Script: 'param([string]$ResourceGroupName,[string]$VirtualMachineName); Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -ForceDeletion $true -Force; $DeploymentScriptOutputs = @{}; $DeploymentScriptOutputs["virtualMachineName"] = $VirtualMachineName' + Tags: TagsDeploymentScripts + Timestamp: Timestamp + UserAssignedIdentityResourceId: UserAssignedIdentityResourceId + } + dependsOn: [ + customScriptExtension + ] +} +*/ diff --git a/workload/scripts/Set-NtfsPermissions.ps1 b/workload/scripts/Set-NtfsPermissions.ps1 new file mode 100644 index 000000000..fa2c39083 --- /dev/null +++ b/workload/scripts/Set-NtfsPermissions.ps1 @@ -0,0 +1,323 @@ +param +( + [Parameter(Mandatory)] + [String]$ClientId, + + [Parameter(Mandatory=$false)] + [String]$DomainAccountType = "ComputerAccount", + + [Parameter(Mandatory)] + [String]$DomainJoinPassword, + + [Parameter(Mandatory)] + [String]$DomainJoinUserPrincipalName, + + [Parameter(Mandatory=$false)] + [String]$ActiveDirectorySolution, + + [Parameter(Mandatory=$false)] + [String]$Environment, + + [Parameter(Mandatory)] + [String]$FslogixSolution, + + [Parameter(Mandatory=$false)] + [ValidateSet("AES256","RC4")] + [String]$KerberosEncryptionType, + + [Parameter(Mandatory=$false)] + [String]$Netbios, + + [Parameter(Mandatory=$false)] + [String]$OuPath, + + [Parameter(Mandatory=$false)] + [String]$ResourceNameSuffix, + + [Parameter(Mandatory)] + [String]$SecurityPrincipalNames, + + [Parameter(Mandatory=$false)] + [String]$SmbServerLocation, + + [Parameter(Mandatory=$false)] + [String]$StorageAccountPrefix, + + [Parameter(Mandatory=$false)] + [String]$StorageAccountResourceGroupName, + + [Parameter(Mandatory=$false)] + [Int]$StorageCount, + + [Parameter(Mandatory=$false)] + [Int]$StorageIndex, + + [Parameter(Mandatory)] + [String]$StorageSolution, + + [Parameter(Mandatory=$false)] + [String]$StorageSuffix, + + [Parameter(Mandatory=$false)] + [String]$SubscriptionId, + + [Parameter(Mandatory=$false)] + [String]$TenantId +) + +function Write-Log +{ + param( + [parameter(Mandatory)] + [string]$Message, + + [parameter(Mandatory)] + [string]$Type + ) + $Path = 'C:\cse.txt' + if(!(Test-Path -Path $Path)) + { + New-Item -Path C:\ -Name cse.txt | Out-Null + } + $Timestamp = Get-Date -Format 'MM/dd/yyyy HH:mm:ss.ff' + $Entry = '[' + $Timestamp + '] [' + $Type + '] ' + $Message + $Entry | Out-File -FilePath $Path -Append +} + +$ErrorActionPreference = 'Stop' + +try +{ + ############################################################## + # Install Prerequisites + ############################################################## + # Install Active Directory PowerShell module + if($StorageSolution -eq 'AzureNetAppFiles' -or ($StorageSolution -eq 'AzureStorageAccount' -and $ActiveDirectorySolution -eq 'ActiveDirectoryDomainServices')) + { + $RsatInstalled = (Get-WindowsFeature -Name 'RSAT-AD-PowerShell').Installed + if(!$RsatInstalled) + { + Install-WindowsFeature -Name 'RSAT-AD-PowerShell' + Write-Log -Message "Installation of the AD module succeeded" -Type 'INFO' + } + else + { + Write-Log -Message "AD module already exists" -Type 'INFO' + } + } + + if($StorageSolution -eq 'AzureStorageAccount') + { + # Install latest NuGet Provider; recommended for PowerShellGet + $NuGet = Get-PackageProvider | Where-Object {$_.Name -eq 'NuGet'} + if(!$NuGet) + { + Install-PackageProvider -Name 'NuGet' -Force + Write-Log -Message "Installed the NuGet Package Provider" -Type 'INFO' + } + else + { + Write-Log -Message "NuGet Package Provider already exists" -Type 'INFO' + } + + # Install required Az.Storage module + $AzStorageModule = Get-Module -ListAvailable | Where-Object {$_.Name -eq 'Az.Storage'} + if(!$AzStorageModule) + { + Install-Module -Name 'Az.Storage' -Repository 'PSGallery' -RequiredVersion '5.5.0' -Force + Write-Log -Message "Installed the Az.Storage module" -Type 'INFO' + } + else + { + Write-Log -Message "Az.Storage module already exists" -Type 'INFO' + } + } + + + ############################################################## + # Variables + ############################################################## + # Convert Security Principal Names from a JSON array to a PowerShell array + [array]$SecurityPrincipalNames = $SecurityPrincipalNames.Replace("'",'"') | ConvertFrom-Json + Write-Log -Message "Security Principal Names:" -Type 'INFO' + $SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force + + # Selects the appropraite share names based on the FSlogixSolution param from the deployment + $Shares = switch($FslogixSolution) + { + 'CloudCacheProfileContainer' {@('profile-containers')} + 'CloudCacheProfileOfficeContainer' {@('office-containers','profile-containers')} + 'ProfileContainer' {@('profile-containers')} + 'ProfileOfficeContainer' {@('office-containers','profile-containers')} + } + + if($StorageSolution -eq 'AzureNetAppFiles' -or ($StorageSolution -eq 'AzureStorageAccount' -and $ActiveDirectorySolution -eq 'ActiveDirectoryDomainServices')) + { + # Create Domain credential + $DomainUsername = $DomainJoinUserPrincipalName + $DomainPassword = ConvertTo-SecureString -String $DomainJoinPassword -AsPlainText -Force + [pscredential]$DomainCredential = New-Object System.Management.Automation.PSCredential ($DomainUsername, $DomainPassword) + + # Get Domain information + $Domain = Get-ADDomain -Credential $DomainCredential -Current 'LocalComputer' + Write-Log -Message "Domain information collection succeeded" -Type 'INFO' + } + + if($StorageSolution -eq 'AzureStorageAccount') + { + $FilesSuffix = '.file.' + $StorageSuffix + Write-Log -Message "Azure Files Suffix = $FilesSuffix" -Type 'INFO' + } + + + ############################################################## + # Process Storage Resources + ############################################################## + for($i = 0; $i -lt $StorageCount; $i++) + { + # Determine Principal for assignment + $SecurityPrincipalName = $SecurityPrincipalNames[$i] + $Group = $Netbios + '\' + $SecurityPrincipalName + Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' + + # Get storage resource details + switch($StorageSolution) + { + 'AzureNetAppFiles' { + $Credential = $DomainCredential + $SmbServerName = (Get-ADComputer -Filter "Name -like 'anf-$SmbServerLocation*'" -Credential $DomainCredential).Name + $FileServer = '\\' + $SmbServerName + '.' + $Domain.DNSRoot + } + 'AzureStorageAccount' { + $StorageAccountName = $StorageAccountPrefix + ($i + $StorageIndex).ToString().PadLeft(2,'0') + $FileServer = '\\' + $StorageAccountName + $FilesSuffix + + # Connects to Azure using a User Assigned Managed Identity + Connect-AzAccount -Identity -AccountId $ClientId -Environment $Environment -Tenant $TenantId -Subscription $SubscriptionId + Write-Log -Message "Authenticated to Azure" -Type 'INFO' + + # Get the storage account key + $StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountResourceGroupName -Name $StorageAccountName)[0].Value + Write-Log -Message "The GET operation for the Storage Account key on $StorageAccountName succeeded" -Type 'INFO' + + # Create credential for accessing the storage account + $StorageUsername = 'Azure\' + $StorageAccountName + $StoragePassword = ConvertTo-SecureString -String "$($StorageKey)" -AsPlainText -Force + [pscredential]$StorageKeyCredential = New-Object System.Management.Automation.PSCredential ($StorageUsername, $StoragePassword) + $Credential = $StorageKeyCredential + + if($ActiveDirectorySolution -eq 'ActiveDirectoryDomainServices') + { + # Get / create kerberos key for Azure Storage Account + $KerberosKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountResourceGroupName -Name $StorageAccountName -ListKerbKey | Where-Object {$_.Keyname -contains 'kerb1'}).Value + if(!$KerberosKey) + { + New-AzStorageAccountKey -ResourceGroupName $StorageAccountResourceGroupName -Name $StorageAccountName -KeyName kerb1 + $Key = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountResourceGroupName -Name $StorageAccountName -ListKerbKey | Where-Object {$_.Keyname -contains 'kerb1'}).Value + Write-Log -Message "Kerberos Key creation on Storage Account, $StorageAccountName, succeeded." -Type 'INFO' + } + else + { + $Key = $KerberosKey + Write-Log -Message "Acquired Kerberos Key from Storage Account, $StorageAccountName." -Type 'INFO' + } + + # Creates a password for the Azure Storage Account in AD using the Kerberos key + $ComputerPassword = ConvertTo-SecureString -String $Key.Replace("'","") -AsPlainText -Force + Write-Log -Message "Secure string conversion succeeded" -Type 'INFO' + + # Create the SPN value for the Azure Storage Account; attribute for computer object in AD + $SPN = 'cifs/' + $StorageAccountName + $FilesSuffix + + # Create the Description value for the Azure Storage Account; attribute for computer object in AD + $Description = "Computer account object for Azure storage account $($StorageAccountName)." + + # Create the AD computer object for the Azure Storage Account + $Computer = Get-ADComputer -Credential $DomainCredential -Filter {Name -eq $StorageAccountName} + if($Computer) + { + Remove-ADComputer -Credential $DomainCredential -Identity $StorageAccountName -Confirm:$false + } + $ComputerObject = New-ADComputer -Credential $DomainCredential -Name $StorageAccountName -Path $OuPath -ServicePrincipalNames $SPN -AccountPassword $ComputerPassword -Description $Description -PassThru + Write-Log -Message "Computer object creation succeeded" -Type 'INFO' + + # Update the Azure Storage Account with the domain join 'INFO' + $SamAccountName = switch($KerberosEncryptionType) + { + 'AES256' {$StorageAccountName} + 'RC4' {$ComputerObject.SamAccountName} + } + + Set-AzStorageAccount ` + -ResourceGroupName $StorageAccountResourceGroupName ` + -Name $StorageAccountName ` + -EnableActiveDirectoryDomainServicesForFile $true ` + -ActiveDirectoryDomainName $Domain.DNSRoot ` + -ActiveDirectoryNetBiosDomainName $Domain.NetBIOSName ` + -ActiveDirectoryForestName $Domain.Forest ` + -ActiveDirectoryDomainGuid $Domain.ObjectGUID ` + -ActiveDirectoryDomainsid $Domain.DomainSID ` + -ActiveDirectoryAzureStorageSid $ComputerObject.SID.Value ` + -ActiveDirectorySamAccountName $SamAccountName ` + -ActiveDirectoryAccountType 'Computer' + Write-Log -Message "Storage Account update with domain join info succeeded" -Type 'INFO' + + # Enable AES256 encryption if selected + if($KerberosEncryptionType -eq 'AES256') + { + # Set the Kerberos encryption on the computer object + $DistinguishedName = 'CN=' + $StorageAccountName + ',' + $OuPath + Set-ADComputer -Credential $DomainCredential -Identity $DistinguishedName -KerberosEncryptionType 'AES256' + Write-Log -Message "Setting Kerberos AES256 Encryption on the computer object succeeded" -Type 'INFO' + + # Reset the Kerberos key on the Storage Account + New-AzStorageAccountKey -ResourceGroupName $StorageAccountResourceGroupName -Name $StorageAccountName -KeyName kerb1 + $Key = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountResourceGroupName -Name $StorageAccountName -ListKerbKey | Where-Object {$_.Keyname -contains 'kerb1'}).Value + Write-Log -Message "Resetting the Kerberos key on the Storage Account succeeded" -Type 'INFO' + + # Update the password on the computer object with the new Kerberos key on the Storage Account + $NewPassword = ConvertTo-SecureString -String $Key -AsPlainText -Force + Set-ADAccountPassword -Credential $DomainCredential -Identity $DistinguishedName -Reset -NewPassword $NewPassword + Write-Log -Message "Setting the new Kerberos key on the Computer Object succeeded" -Type 'INFO' + } + } + Disconnect-AzAccount + Write-Log -Message "Disconnection to Azure succeeded" -Type 'INFO' + } + } + + foreach($Share in $Shares) + { + # Mount file share + $FileShare = $FileServer + '\' + $Share + New-PSDrive -Name 'Z' -PSProvider 'FileSystem' -Root $FileShare -Credential $Credential + Write-Log -Message "Mounting the Azure file share, $FileShare, succeeded" -Type 'INFO' + + # Set recommended NTFS permissions on the file share + $ACL = Get-Acl -Path 'Z:' + $CreatorOwner = New-Object System.Security.Principal.Ntaccount ("Creator Owner") + $ACL.PurgeAccessRules($CreatorOwner) + $AuthenticatedUsers = New-Object System.Security.Principal.Ntaccount ("Authenticated Users") + $ACL.PurgeAccessRules($AuthenticatedUsers) + $Users = New-Object System.Security.Principal.Ntaccount ("Users") + $ACL.PurgeAccessRules($Users) + $DomainUsers = New-Object System.Security.AccessControl.FileSystemAccessRule("$Group","Modify","None","None","Allow") + $ACL.SetAccessRule($DomainUsers) + $CreatorOwner = New-Object System.Security.AccessControl.FileSystemAccessRule("Creator Owner","Modify","ContainerInherit,ObjectInherit","InheritOnly","Allow") + $ACL.AddAccessRule($CreatorOwner) + $ACL | Set-Acl -Path 'Z:' + Write-Log -Message "Setting the NTFS permissions on the Azure file share succeeded" -Type 'INFO' + + # Unmount file share + Remove-PSDrive -Name 'Z' -PSProvider 'FileSystem' -Force + Start-Sleep -Seconds 5 + Write-Log -Message "Unmounting the Azure file share, $FileShare, succeeded" -Type 'INFO' + } + } +} +catch { + Write-Log -Message $_ -Type 'ERROR' + $ErrorData = $_ | Select-Object * + $ErrorData | Out-File -FilePath 'C:\cse.txt' -Append + throw +} \ No newline at end of file From 97b8e415eb60830d2fe8313cdabc4fb439472c4a Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Tue, 15 Aug 2023 15:03:55 -0500 Subject: [PATCH 02/42] Update deploy.bicep --- workload/bicep/modules/storageAzureFiles/deploy.bicep | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 428194eaf..17257773e 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -119,6 +119,8 @@ param storageCount int = 1 param storageIndex int = 0 +param ActiveDirectorySolution string = 'ActiveDirectoryDomainServices' + // =========== // // Variable declaration // // =========== // @@ -236,9 +238,9 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro name: 'FslogixNtfsPermissions_${time}' scope: resourceGroup('${workloadSubsId}', '${serviceObjectsRgName}') params: { - _artifactsLocation: storageToDomainScriptUri + _artifactsLocation: _artifactsLocation //storageToDomainScriptUri _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution ${identityServiceProvider} -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountName ${storageAccountName} -Netbios ${identityDomainName} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution '${ActiveDirectorySolution}' -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountName ${storageAccountName} -Netbios ${identityDomainName} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' //change active directory solution to id service provider //DeploymentScriptNamePrefix: DeploymentScriptNamePrefix Location: sessionHostLocation ManagementVmName: managementVmName From 214ef540aa22fa9627b40a9f9b2c27577a71ca0c Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Wed, 16 Aug 2023 12:11:19 -0500 Subject: [PATCH 03/42] Update deploy.bicep --- .../modules/storageAzureFiles/deploy.bicep | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 17257773e..6c10dd3e0 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -234,13 +234,28 @@ module addShareToDomainScript './.bicep/azureFilesDomainJoin.bicep' = { } */ +module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { + name: 'FslogixNtfsPermissions_${time}' + scope: resourceGroup(workloadSubsId, serviceObjectsRgName) + params: { + _artifactsLocation: _artifactsLocation + _artifactsLocationSasToken: _artifactsLocationSasToken + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountName ${storageAccountName} -Netbios ${identityDomainName} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + Location: sessionHostLocation + ManagementVmName: managementVmName + Timestamp: time + } + //... + } + +/* module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { name: 'FslogixNtfsPermissions_${time}' scope: resourceGroup('${workloadSubsId}', '${serviceObjectsRgName}') params: { _artifactsLocation: _artifactsLocation //storageToDomainScriptUri _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution '${ActiveDirectorySolution}' -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountName ${storageAccountName} -Netbios ${identityDomainName} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' //change active directory solution to id service provider + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountName ${storageAccountName} -Netbios ${identityDomainName} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' //change active directory solution to id service provider //DeploymentScriptNamePrefix: DeploymentScriptNamePrefix Location: sessionHostLocation ManagementVmName: managementVmName @@ -249,14 +264,14 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro Timestamp: time //UserAssignedIdentityResourceId: UserAssignedIdentityResourceId } - /* + dependsOn: [ privateDnsZoneGroups privateEndpoints shares ] - */ -} + +}*/ // =========== // From ab6119dc5cfd7b4b6ced48a1628f2792092eb8e0 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Wed, 16 Aug 2023 15:06:52 -0500 Subject: [PATCH 04/42] updates --- workload/bicep/modules/storageAzureFiles/deploy.bicep | 4 +++- workload/scripts/Set-NtfsPermissions.ps1 | 8 ++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 6c10dd3e0..881de8a1e 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -121,6 +121,8 @@ param storageIndex int = 0 param ActiveDirectorySolution string = 'ActiveDirectoryDomainServices' +param netBios string = 'mngenvmcap88523' + // =========== // // Variable declaration // // =========== // @@ -240,7 +242,7 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro params: { _artifactsLocation: _artifactsLocation _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountName ${storageAccountName} -Netbios ${identityDomainName} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -Netbios ${netBios} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' Location: sessionHostLocation ManagementVmName: managementVmName Timestamp: time diff --git a/workload/scripts/Set-NtfsPermissions.ps1 b/workload/scripts/Set-NtfsPermissions.ps1 index fa2c39083..b62bbf1b3 100644 --- a/workload/scripts/Set-NtfsPermissions.ps1 +++ b/workload/scripts/Set-NtfsPermissions.ps1 @@ -62,7 +62,10 @@ param [String]$SubscriptionId, [Parameter(Mandatory=$false)] - [String]$TenantId + [String]$TenantId, + + [Parameter(Mandatory=$false)] + [String]$StorageAccountFullName ) function Write-Log @@ -189,7 +192,8 @@ try $FileServer = '\\' + $SmbServerName + '.' + $Domain.DNSRoot } 'AzureStorageAccount' { - $StorageAccountName = $StorageAccountPrefix + ($i + $StorageIndex).ToString().PadLeft(2,'0') + //$StorageAccountName = $StorageAccountPrefix + ($i + $StorageIndex).ToString().PadLeft(2,'0') + $StorageAccountName = $StorageAccountFullName $FileServer = '\\' + $StorageAccountName + $FilesSuffix # Connects to Azure using a User Assigned Managed Identity From 36c459248d1d81307186ad0e3f100515c2572ef0 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Thu, 17 Aug 2023 19:48:48 -0500 Subject: [PATCH 05/42] updates --- .../modules/storageAzureFiles/deploy.bicep | 2 +- workload/scripts/Set-NtfsPermissions.ps1 | 20 ++++++++++--------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 881de8a1e..778de3736 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -242,7 +242,7 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro params: { _artifactsLocation: _artifactsLocation _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -Netbios ${netBios} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -StorageAccountPrefix ${StorageAccountPrefix} -Netbios ${netBios} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' Location: sessionHostLocation ManagementVmName: managementVmName Timestamp: time diff --git a/workload/scripts/Set-NtfsPermissions.ps1 b/workload/scripts/Set-NtfsPermissions.ps1 index b62bbf1b3..e2e260b2b 100644 --- a/workload/scripts/Set-NtfsPermissions.ps1 +++ b/workload/scripts/Set-NtfsPermissions.ps1 @@ -65,7 +65,10 @@ param [String]$TenantId, [Parameter(Mandatory=$false)] - [String]$StorageAccountFullName + [String]$StorageAccountFullName, + + [Parameter(Mandatory=$false)] + [String]$FileShareName ) function Write-Log @@ -141,18 +144,21 @@ try # Variables ############################################################## # Convert Security Principal Names from a JSON array to a PowerShell array - [array]$SecurityPrincipalNames = $SecurityPrincipalNames.Replace("'",'"') | ConvertFrom-Json + #[array]$SecurityPrincipalNames = $SecurityPrincipalNames.Replace("'",'"') | ConvertFrom-Json Write-Log -Message "Security Principal Names:" -Type 'INFO' $SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force # Selects the appropraite share names based on the FSlogixSolution param from the deployment - $Shares = switch($FslogixSolution) + <#$Shares = switch($FslogixSolution) { 'CloudCacheProfileContainer' {@('profile-containers')} 'CloudCacheProfileOfficeContainer' {@('office-containers','profile-containers')} - 'ProfileContainer' {@('profile-containers')} + 'ProfileContainer' {@('fslogix-pc-nf59-dev-use-001')} 'ProfileOfficeContainer' {@('office-containers','profile-containers')} } + #> + + $Share = $Filesharename if($StorageSolution -eq 'AzureNetAppFiles' -or ($StorageSolution -eq 'AzureStorageAccount' -and $ActiveDirectorySolution -eq 'ActiveDirectoryDomainServices')) { @@ -192,7 +198,7 @@ try $FileServer = '\\' + $SmbServerName + '.' + $Domain.DNSRoot } 'AzureStorageAccount' { - //$StorageAccountName = $StorageAccountPrefix + ($i + $StorageIndex).ToString().PadLeft(2,'0') + #$StorageAccountName = $StorageAccountPrefix + ($i + $StorageIndex).ToString().PadLeft(2,'0') $StorageAccountName = $StorageAccountFullName $FileServer = '\\' + $StorageAccountName + $FilesSuffix @@ -289,9 +295,6 @@ try Write-Log -Message "Disconnection to Azure succeeded" -Type 'INFO' } } - - foreach($Share in $Shares) - { # Mount file share $FileShare = $FileServer + '\' + $Share New-PSDrive -Name 'Z' -PSProvider 'FileSystem' -Root $FileShare -Credential $Credential @@ -316,7 +319,6 @@ try Remove-PSDrive -Name 'Z' -PSProvider 'FileSystem' -Force Start-Sleep -Seconds 5 Write-Log -Message "Unmounting the Azure file share, $FileShare, succeeded" -Type 'INFO' - } } } catch { From bdd709a3dba933f8785899478d8aa0947f375264 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Fri, 18 Aug 2023 00:34:56 -0500 Subject: [PATCH 06/42] Update Set-NtfsPermissions.ps1 --- workload/scripts/Set-NtfsPermissions.ps1 | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/workload/scripts/Set-NtfsPermissions.ps1 b/workload/scripts/Set-NtfsPermissions.ps1 index e2e260b2b..af4cfaff1 100644 --- a/workload/scripts/Set-NtfsPermissions.ps1 +++ b/workload/scripts/Set-NtfsPermissions.ps1 @@ -18,9 +18,6 @@ param [Parameter(Mandatory=$false)] [String]$Environment, - [Parameter(Mandatory)] - [String]$FslogixSolution, - [Parameter(Mandatory=$false)] [ValidateSet("AES256","RC4")] [String]$KerberosEncryptionType, @@ -31,9 +28,6 @@ param [Parameter(Mandatory=$false)] [String]$OuPath, - [Parameter(Mandatory=$false)] - [String]$ResourceNameSuffix, - [Parameter(Mandatory)] [String]$SecurityPrincipalNames, @@ -148,16 +142,7 @@ try Write-Log -Message "Security Principal Names:" -Type 'INFO' $SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force - # Selects the appropraite share names based on the FSlogixSolution param from the deployment - <#$Shares = switch($FslogixSolution) - { - 'CloudCacheProfileContainer' {@('profile-containers')} - 'CloudCacheProfileOfficeContainer' {@('office-containers','profile-containers')} - 'ProfileContainer' {@('fslogix-pc-nf59-dev-use-001')} - 'ProfileOfficeContainer' {@('office-containers','profile-containers')} - } - #> - + #Set share name $Share = $Filesharename if($StorageSolution -eq 'AzureNetAppFiles' -or ($StorageSolution -eq 'AzureStorageAccount' -and $ActiveDirectorySolution -eq 'ActiveDirectoryDomainServices')) @@ -198,7 +183,6 @@ try $FileServer = '\\' + $SmbServerName + '.' + $Domain.DNSRoot } 'AzureStorageAccount' { - #$StorageAccountName = $StorageAccountPrefix + ($i + $StorageIndex).ToString().PadLeft(2,'0') $StorageAccountName = $StorageAccountFullName $FileServer = '\\' + $StorageAccountName + $FilesSuffix From f65a918cc5f794afe09396e2266d579ddf0cd898 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Fri, 18 Aug 2023 01:18:59 -0500 Subject: [PATCH 07/42] updates --- .../modules/storageAzureFiles/deploy.bicep | 21 ++++++++--------- workload/scripts/Set-NtfsPermissions.ps1 | 23 ++++++++----------- 2 files changed, 19 insertions(+), 25 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 778de3736..745a8ad98 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -83,7 +83,9 @@ param time string = utcNow() @sys.description('Sets purpose of the storage account.') param storagePurpose string -//parameters for domain join +@sys.description('ActiveDirectorySolution. ') +param ActiveDirectorySolution string = 'ActiveDirectoryDomainServices' + @sys.description('Sets location of DSC Agent.') param dscAgentPackageLocation string @@ -99,19 +101,16 @@ param createOuForStorageString string @sys.description('Managed Identity Client ID') param managedIdentityClientId string -param FslogixSolution string = 'ProfileContainer' - +@sys.description('Kerberos Encryption. Default is AES256.') param KerberosEncryption string = 'AES256' +@sys.description('Location of script. Default is located in workload/scripts') param _artifactsLocation string = 'https://github.com/moisesjgomez/avdaccelerator/tree/ntfs-permissions/workload/scripts/' +@description('SAS Token to access script.') param _artifactsLocationSasToken string = '' -param StorageAccountPrefix string = '' - -param SecurityPrincipalNames array = [] - -param storageResourceGroup string = '' +param SecurityPrincipalNames string = '' param storageSolution string = 'AzureStorageAccount' @@ -119,9 +118,7 @@ param storageCount int = 1 param storageIndex int = 0 -param ActiveDirectorySolution string = 'ActiveDirectoryDomainServices' - -param netBios string = 'mngenvmcap88523' +param netBios string = '' // =========== // // Variable declaration // @@ -242,7 +239,7 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro params: { _artifactsLocation: _artifactsLocation _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -StorageAccountPrefix ${StorageAccountPrefix} -Netbios ${netBios} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -FileShareName "${fileShareName}" -Netbios ${netBios} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' Location: sessionHostLocation ManagementVmName: managementVmName Timestamp: time diff --git a/workload/scripts/Set-NtfsPermissions.ps1 b/workload/scripts/Set-NtfsPermissions.ps1 index af4cfaff1..5f162e9b5 100644 --- a/workload/scripts/Set-NtfsPermissions.ps1 +++ b/workload/scripts/Set-NtfsPermissions.ps1 @@ -22,6 +22,12 @@ param [ValidateSet("AES256","RC4")] [String]$KerberosEncryptionType, + [Parameter(Mandatory=$false)] + [String]$StorageAccountFullName, + + [Parameter(Mandatory=$false)] + [String]$FileShareName, + [Parameter(Mandatory=$false)] [String]$Netbios, @@ -34,9 +40,6 @@ param [Parameter(Mandatory=$false)] [String]$SmbServerLocation, - [Parameter(Mandatory=$false)] - [String]$StorageAccountPrefix, - [Parameter(Mandatory=$false)] [String]$StorageAccountResourceGroupName, @@ -56,14 +59,8 @@ param [String]$SubscriptionId, [Parameter(Mandatory=$false)] - [String]$TenantId, - - [Parameter(Mandatory=$false)] - [String]$StorageAccountFullName, - - [Parameter(Mandatory=$false)] - [String]$FileShareName -) + [String]$TenantId + ) function Write-Log { @@ -142,7 +139,7 @@ try Write-Log -Message "Security Principal Names:" -Type 'INFO' $SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force - #Set share name + #Set share name $Share = $Filesharename if($StorageSolution -eq 'AzureNetAppFiles' -or ($StorageSolution -eq 'AzureStorageAccount' -and $ActiveDirectorySolution -eq 'ActiveDirectoryDomainServices')) @@ -170,7 +167,7 @@ try for($i = 0; $i -lt $StorageCount; $i++) { # Determine Principal for assignment - $SecurityPrincipalName = $SecurityPrincipalNames[$i] + $SecurityPrincipalName = $SecurityPrincipalNames $Group = $Netbios + '\' + $SecurityPrincipalName Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' From 1c94d79712b020e053abbfcd9b1534d286a7e313 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Fri, 18 Aug 2023 10:39:48 -0500 Subject: [PATCH 08/42] updates --- workload/bicep/deploy-baseline.bicep | 45 ++++++++++++++++--- workload/bicep/modules/identity/deploy.bicep | 14 ++++++ .../modules/storageAzureFiles/deploy.bicep | 16 +++---- 3 files changed, 62 insertions(+), 13 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index dd36daaa5..4fb5623cb 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -66,9 +66,13 @@ param avdApplicationGroupIdentitiesIds array = [] @sys.description('Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)') param avdApplicationGroupIdentityType string = 'Group' +param securityPrincipalNames string = '' + @sys.description('AD domain name.') param avdIdentityDomainName string +param netBios string = '' + @sys.description('AD domain GUID. (Default: "")') param identityDomainGuid string = '' @@ -164,15 +168,37 @@ param vNetworkGatewayOnHub bool = false @sys.description('Deploy Fslogix setup. (Default: true)') param createAvdFslogixDeployment bool = true +@allowed([ + 'AzureStorageAccount' + 'AzureNetappFiles' +]) +@sys.description ('Fslogix Storage Solution. Default is Azure Storage Account.') +param fslogixStorageSolution string = 'AzureStorageAccount' + @sys.description('Deploy MSIX App Attach setup. (Default: false)') param createMsixDeployment bool = false +@allowed([ + 'AzureStorageAccount' + 'AzureNetappFiles' +]) +@sys.description ('App attach Storage Solution. Default is Azure Storage Account.') +param appAttachStorageSolution string = 'AzureStorageAccount' + + @sys.description('Fslogix file share size. (Default: 1)') param fslogixFileShareQuotaSize int = 1 @sys.description('MSIX file share size. (Default: 1)') param msixFileShareQuotaSize int = 1 +@allowed([ + 'AES256' + 'RC4' +]) +@sys.description('Kerberos Encryption. Default is AES256.') +param kerberosEncryption string = 'AES256' + @sys.description('Deploy new session hosts. (Default: true)') param avdDeploySessionHosts bool = true @@ -545,7 +571,7 @@ var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFsLogixScriptArguments = (avdIdentityServiceProvider == 'AAD') ? '-volumeshare ${varFslogixSharePath} -storageAccountName ${varFslogixStorageName} -identityDomainName ${avdIdentityDomainName}' : '-volumeshare ${varFslogixSharePath}' var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/moisesjgomez/avdaccelerator/set-ntfspermissions/workload/' var varFslogixScriptUri = (avdIdentityServiceProvider == 'AAD') ? '${varBaseScriptUri}scripts/Set-FSLogixRegKeysAAD.ps1' : '${varBaseScriptUri}scripts/Set-FSLogixRegKeys.ps1' var varFsLogixScript = (avdIdentityServiceProvider == 'AAD') ? './Set-FSLogixRegKeysAad.ps1' : './Set-FSLogixRegKeys.ps1' //var varCompRgDeploCleanScript = './cleanUpRgDeployments.ps1' @@ -723,6 +749,7 @@ var varMarketPlaceGalleryWindows = { var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip' //var varTempResourcesCleanUpDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/postDeploymentTempResourcesCleanUp.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' +var varStorageSetupScriptUri = '${varBaseScriptUri}scripts/Set-NTFSPermissions.ps1' //var varPostDeploymentTempResuorcesCleanUpScriptUri = '${varBaseScriptUri}scripts/postDeploymentTempResuorcesCleanUp.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' //var varPostDeploymentTempResuorcesCleanUpScript = './PostDeploymentTempResuorcesCleanUp.ps1' @@ -1129,13 +1156,17 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if name: 'Storage-FSLogix-${time}' params: { storagePurpose: 'fslogix' + storageSolution: fslogixStorageSolution fileShareName: varFslogixFileShareName fileShareMultichannel: (fslogixStoragePerformance == 'Premium') ? true : false storageSku: varFslogixStorageSku fileShareQuotaSize: fslogixFileShareQuotaSize storageAccountName: varFslogixStorageName - storageToDomainScript: varStorageToDomainScript - storageToDomainScriptUri: varStorageToDomainScriptUri + securityPrincipalNames: securityPrincipalNames + netBios: netBios + KerberosEncryption: kerberosEncryption + //storageToDomainScript: varStorageToDomainScript + //storageToDomainScriptUri: varStorageToDomainScriptUri identityServiceProvider: avdIdentityServiceProvider dscAgentPackageLocation: varStorageAzureFilesDscAgentPackageLocation storageCustomOuPath: varStorageCustomOuPath @@ -1173,13 +1204,17 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr name: 'Storage-MSIX-${time}' params: { storagePurpose: 'msix' + storageSolution: appAttachStorageSolution fileShareName: varMsixFileShareName fileShareMultichannel: (msixStoragePerformance == 'Premium') ? true : false storageSku: varMsixStorageSku fileShareQuotaSize: msixFileShareQuotaSize storageAccountName: varMsixStorageName - storageToDomainScript: varStorageToDomainScript - storageToDomainScriptUri: varStorageToDomainScriptUri + securityPrincipalNames: securityPrincipalNames + netBios: netBios + KerberosEncryption: kerberosEncryption + //storageToDomainScript: varStorageToDomainScript + //storageToDomainScriptUri: varStorageToDomainScriptUri identityServiceProvider: avdIdentityServiceProvider dscAgentPackageLocation: varStorageAzureFilesDscAgentPackageLocation storageCustomOuPath: varStorageCustomOuPath diff --git a/workload/bicep/modules/identity/deploy.bicep b/workload/bicep/modules/identity/deploy.bicep index bf0e18e3b..91bb146e3 100644 --- a/workload/bicep/modules/identity/deploy.bicep +++ b/workload/bicep/modules/identity/deploy.bicep @@ -62,6 +62,10 @@ var varStorageSmbShareContributorRole = { id: '0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb' name: 'Storage File Data SMB Share Contributor' } +var varDesktopVirtualizationVirtualMachineContributorRole = { + id:' a959dbd1-f747-45e3-8ba6-dd80f235f97c' + name: 'Desktop Virtualization Virtual Machine Contributor' +} var varDesktopVirtualizationPowerOnContributorRole = { id: '489581de-a3bd-480d-9518-53dea7416b33' name: 'Desktop Virtualization Power On Contributor' @@ -191,6 +195,16 @@ module storageSmbShareContributorRoleAssign '../../../../carml/1.3.0/Microsoft.A } }] +//Management VM Desktop Virtualization Virtual Machine Contributor Role assignment +module DesktopVirtualizationVirtualMachineContributorRoleAssign '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in appGroupIdentitiesIds: if (createStorageDeployment && (identityServiceProvider == 'AAD') && (!empty(appGroupIdentitiesIds))) { + name: 'Stora-VMCont-RolAssign-${take('${appGroupIdentitiesId}', 6)}-${time}' + scope: resourceGroup('${subscriptionId}', '${serviceObjectsRgName}') + params: { + roleDefinitionIdOrName: '/subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${varDesktopVirtualizationVirtualMachineContributorRole.id}' + principalId: appGroupIdentitiesId + } +}] + // VM AAD access roles compute RG module aadIdentityLoginRoleAssign '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in appGroupIdentitiesIds: if (identityServiceProvider == 'AAD' && !empty(appGroupIdentitiesIds)) { name: 'VM-Login-Comp-${take('${appGroupIdentitiesId}', 6)}-${time}' diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 745a8ad98..a23fe700b 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -56,11 +56,11 @@ param fileShareQuotaSize int @sys.description('Use Azure private DNS zones for private endpoints.') param vnetPrivateDnsZoneFilesId string -@sys.description('Script name for adding storage account to Active Directory.') -param storageToDomainScript string +//@sys.description('Script name for adding storage account to Active Directory.') +//param storageToDomainScript string -@sys.description('URI for the script for adding the storage account to Active Directory.') -param storageToDomainScriptUri string +//@sys.description('URI for the script for adding the storage account to Active Directory.') +//param storageToDomainScriptUri string @sys.description('Tags to be applied to resources') param tags object @@ -102,7 +102,7 @@ param createOuForStorageString string param managedIdentityClientId string @sys.description('Kerberos Encryption. Default is AES256.') -param KerberosEncryption string = 'AES256' +param KerberosEncryption string @sys.description('Location of script. Default is located in workload/scripts') param _artifactsLocation string = 'https://github.com/moisesjgomez/avdaccelerator/tree/ntfs-permissions/workload/scripts/' @@ -110,7 +110,7 @@ param _artifactsLocation string = 'https://github.com/moisesjgomez/avdaccelerato @description('SAS Token to access script.') param _artifactsLocationSasToken string = '' -param SecurityPrincipalNames string = '' +param securityPrincipalNames string = '' param storageSolution string = 'AzureStorageAccount' @@ -135,7 +135,7 @@ var varAvdFileShareMetricsDiagnostic = [ var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' var vardirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' -var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId}' +//var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId}' // =========== // // Deployments // // =========== // @@ -239,7 +239,7 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro params: { _artifactsLocation: _artifactsLocation _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -FileShareName "${fileShareName}" -Netbios ${netBios} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -FileShareName "${fileShareName}" -Netbios ${netBios} -OuPath "${storageCustomOuPath}" -securityPrincipalNames "${securityPrincipalNames}" -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' Location: sessionHostLocation ManagementVmName: managementVmName Timestamp: time From 9de634abc05d00224e433c3f918d31b1573805c0 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Fri, 18 Aug 2023 10:41:22 -0500 Subject: [PATCH 09/42] updates --- workload/arm/deploy-baseline.json | 3468 +++++++++++++++----------- workload/bicep/deploy-baseline.bicep | 4 +- 2 files changed, 2077 insertions(+), 1395 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 2c536190e..f6aa54392 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "18151368205047122438" + "version": "0.20.4.51522", + "templateHash": "844608885345243805" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -14,32 +14,32 @@ "deploymentPrefix": { "type": "string", "defaultValue": "AVD1", + "minLength": 2, + "maxLength": 4, "metadata": { "description": "The name of the resource group to deploy. (Default: AVD1)" - }, - "maxLength": 4, - "minLength": 2 + } }, "deploymentEnvironment": { "type": "string", "defaultValue": "Dev", - "metadata": { - "description": "The name of the resource group to deploy. (Default: Dev)" - }, "allowedValues": [ "Dev", "Test", "Prod" - ] + ], + "metadata": { + "description": "The name of the resource group to deploy. (Default: Dev)" + } }, "diskEncryptionKeyExpirationInDays": { "type": "int", "defaultValue": 60, + "minValue": 30, + "maxValue": 730, "metadata": { "description": "This value is used to set the expiration date on the disk encryption key. (Default: 60)" - }, - "minValue": 30, - "maxValue": 730 + } }, "avdSessionHostLocation": { "type": "string", @@ -84,14 +84,14 @@ "avdIdentityServiceProvider": { "type": "string", "defaultValue": "ADDS", - "metadata": { - "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" - }, "allowedValues": [ "ADDS", "AADDS", "AAD" - ] + ], + "metadata": { + "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" + } }, "createIntuneEnrollment": { "type": "bool", @@ -110,14 +110,18 @@ "avdApplicationGroupIdentityType": { "type": "string", "defaultValue": "Group", - "metadata": { - "description": "Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)" - }, "allowedValues": [ "Group", "ServicePrincipal", "User" - ] + ], + "metadata": { + "description": "Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)" + } + }, + "securityPrincipalNames": { + "type": "string", + "defaultValue": "myavdusers" }, "avdIdentityDomainName": { "type": "string", @@ -125,6 +129,10 @@ "description": "AD domain name." } }, + "netBios": { + "type": "string", + "defaultValue": "mngenvmcap88523" + }, "identityDomainGuid": { "type": "string", "defaultValue": "", @@ -156,13 +164,13 @@ "avdHostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "AVD host pool type. (Default: Pooled)" - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Pooled)" + } }, "hostPoolPreferredAppGroupType": { "type": "string", @@ -178,24 +186,24 @@ "avdPersonalAssignType": { "type": "string", "defaultValue": "Automatic", - "metadata": { - "description": "AVD host pool type. (Default: Automatic)" - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Automatic)" + } }, "avdHostPoolLoadBalancerType": { "type": "string", "defaultValue": "BreadthFirst", - "metadata": { - "description": "AVD host pool load balacing type. (Default: BreadthFirst)" - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type. (Default: BreadthFirst)" + } }, "avhHostPoolMaxSessions": { "type": "int", @@ -323,6 +331,17 @@ "description": "Deploy Fslogix setup. (Default: true)" } }, + "fslogixStorageSolution": { + "type": "string", + "defaultValue": "AzureStorageAccount", + "allowedValues": [ + "AzureStorageAccount", + "AzureNetappFiles" + ], + "metadata": { + "description": "Fslogix Storage Solution. Default is Azure Storage Account." + } + }, "createMsixDeployment": { "type": "bool", "defaultValue": false, @@ -330,6 +349,17 @@ "description": "Deploy MSIX App Attach setup. (Default: false)" } }, + "appAttachStorageSolution": { + "type": "string", + "defaultValue": "AzureStorageAccount", + "allowedValues": [ + "AzureStorageAccount", + "AzureNetappFiles" + ], + "metadata": { + "description": "App attach Storage Solution. Default is Azure Storage Account." + } + }, "fslogixFileShareQuotaSize": { "type": "int", "defaultValue": 1, @@ -344,6 +374,17 @@ "description": "MSIX file share size. (Default: 1)" } }, + "kerberosEncryption": { + "type": "string", + "defaultValue": "AES256", + "allowedValues": [ + "AES256", + "RC4" + ], + "metadata": { + "description": "Kerberos Encryption. Default is AES256." + } + }, "avdDeploySessionHosts": { "type": "bool", "defaultValue": true, @@ -396,11 +437,11 @@ "avdDeploySessionHostsCount": { "type": "int", "defaultValue": 1, + "minValue": 1, + "maxValue": 100, "metadata": { "description": "Quantity of session hosts to deploy. (Default: 1)" - }, - "maxValue": 100, - "minValue": 1 + } }, "avdSessionHostCountIndex": { "type": "int", @@ -440,24 +481,24 @@ "fslogixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" + } }, "msixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" + } }, "diskZeroTrust": { "type": "bool", @@ -490,14 +531,14 @@ "securityType": { "type": "string", "defaultValue": "TrustedLaunch", - "metadata": { - "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" - }, "allowedValues": [ "Standard", "TrustedLaunch", "ConfidentialVM" - ] + ], + "metadata": { + "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" + } }, "secureBootEnabled": { "type": "bool", @@ -516,9 +557,6 @@ "avdOsImage": { "type": "string", "defaultValue": "win11_22h2", - "metadata": { - "description": "AVD OS image SKU. (Default: win11-21h2)" - }, "allowedValues": [ "win10_21h2", "win10_21h2_office", @@ -528,7 +566,10 @@ "win11_21h2_office", "win11_22h2", "win11_22h2_office" - ] + ], + "metadata": { + "description": "AVD OS image SKU. (Default: win11-21h2)" + } }, "managementVmOsImage": { "type": "string", @@ -575,194 +616,194 @@ "avdServiceObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-service-objects", + "maxLength": 90, "metadata": { "description": "AVD service resources resource group custom name. (Default: rg-avd-app1-dev-use2-service-objects)" - }, - "maxLength": 90 + } }, "avdNetworkObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-network", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-network)" - }, - "maxLength": 90 + } }, "avdComputeObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-pool-compute", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-pool-compute)" - }, - "maxLength": 90 + } }, "avdStorageObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-storage", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-storage)" - }, - "maxLength": 90 + } }, "avdMonitoringRgCustomName": { "type": "string", "defaultValue": "rg-avd-dev-use2-monitoring", + "maxLength": 90, "metadata": { "description": "AVD monitoring resource group custom name. (Default: rg-avd-dev-use2-monitoring)" - }, - "maxLength": 90 + } }, "avdVnetworkCustomName": { "type": "string", "defaultValue": "vnet-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD virtual network custom name. (Default: vnet-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdAlaWorkspaceCustomName": { "type": "string", "defaultValue": "log-avd-app1-dev-use2", + "maxLength": 64, "metadata": { "description": "AVD Azure log analytics workspace custom name. (Default: log-avd-app1-dev-use2)" - }, - "maxLength": 64 + } }, "avdVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD virtual network subnet custom name. (Default: snet-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "private endpoints virtual network subnet custom name. (Default: snet-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD network security group custom name. (Default: nsg-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint network security group custom name. (Default: nsg-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdRouteTableCustomName": { "type": "string", "defaultValue": "route-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointRouteTableCustomName": { "type": "string", "defaultValue": "route-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdApplicationSecurityGroupCustomName": { "type": "string", "defaultValue": "asg-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD application security custom name. (Default: asg-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdWorkSpaceCustomName": { "type": "string", "defaultValue": "vdws-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom name. (Default: vdws-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdWorkSpaceCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom friendly (Display) name. (Default: App1 - Dev - East US 2 - 001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomName": { "type": "string", "defaultValue": "vdpool-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom name. (Default: vdpool-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom friendly (Display) name. (Default: App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdScalingPlanCustomName": { "type": "string", "defaultValue": "vdscaling-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD scaling plan custom name. (Default: vdscaling-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomName": { "type": "string", "defaultValue": "vdag-desktop-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom name. (Default: vdag-desktop-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomFriendlyName": { "type": "string", "defaultValue": "Desktops - App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom friendly (Display) name. (Default: Desktops - App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdSessionHostCustomNamePrefix": { "type": "string", "defaultValue": "vmapp1duse2", + "maxLength": 11, "metadata": { "description": "AVD session host prefix custom name. (Default: vmapp1duse2)" - }, - "maxLength": 11 + } }, "avsetCustomNamePrefix": { "type": "string", "defaultValue": "avail", + "maxLength": 9, "metadata": { "description": "AVD availability set custom name. (Default: avail)" - }, - "maxLength": 9 + } }, "storageAccountPrefixCustomName": { "type": "string", "defaultValue": "st", + "maxLength": 2, "metadata": { "description": "AVD FSLogix and MSIX app attach storage account prefix custom name. (Default: st)" - }, - "maxLength": 2 + } }, "fslogixFileShareCustomName": { "type": "string", @@ -781,34 +822,34 @@ "avdWrklKvPrefixCustomName": { "type": "string", "defaultValue": "kv", + "maxLength": 5, "metadata": { "description": "AVD keyvault prefix custom name. (Default: kv)" - }, - "maxLength": 5 + } }, "ztDiskEncryptionSetCustomNamePrefix": { "type": "string", "defaultValue": "des-zt", + "maxLength": 6, "metadata": { "description": "AVD disk encryption set custom name. (Default: des-zt)" - }, - "maxLength": 6 + } }, "ztManagedIdentityCustomName": { "type": "string", "defaultValue": "id-zt", + "maxLength": 5, "metadata": { "description": "AVD managed identity for zero trust to encrypt managed disks using a customer managed key. (Default: id-zt)" - }, - "maxLength": 5 + } }, "ztKvPrefixCustomName": { "type": "string", "defaultValue": "kv-zt", + "maxLength": 5, "metadata": { "description": "AVD key vault name custom name for zero trust (Default: kv-zt)" - }, - "maxLength": 5 + } }, "createResourceTags": { "type": "bool", @@ -827,29 +868,29 @@ "workloadTypeTag": { "type": "string", "defaultValue": "Light", - "metadata": { - "description": "Reference to the size of the VM for your workloads (Default: Light)" - }, "allowedValues": [ "Light", "Medium", "High", "Power" - ] + ], + "metadata": { + "description": "Reference to the size of the VM for your workloads (Default: Light)" + } }, "dataClassificationTag": { "type": "string", "defaultValue": "Non-business", - "metadata": { - "description": "Sensitivity of data hosted (Default: Non-business)" - }, "allowedValues": [ "Non-business", "Public", "General", "Confidential", "Highly-confidential" - ] + ], + "metadata": { + "description": "Sensitivity of data hosted (Default: Non-business)" + } }, "departmentTag": { "type": "string", @@ -861,16 +902,16 @@ "workloadCriticalityTag": { "type": "string", "defaultValue": "Low", - "metadata": { - "description": "Criticality of the workload. (Default: Low)" - }, "allowedValues": [ "Low", "Medium", "High", "Mission-critical", "Custom" - ] + ], + "metadata": { + "description": "Criticality of the workload. (Default: Low)" + } }, "workloadCriticalityCustomValueTag": { "type": "string", @@ -1259,7 +1300,7 @@ "varZtKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varZtKvName'))]", "varFsLogixScriptArguments": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), format('-volumeshare {0} -storageAccountName {1} -identityDomainName {2}', variables('varFslogixSharePath'), variables('varFslogixStorageName'), parameters('avdIdentityDomainName')), format('-volumeshare {0}', variables('varFslogixSharePath')))]", "varFslogixSharePath": "[format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName'))]", - "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/", + "varBaseScriptUri": "https://raw.githubusercontent.com/moisesjgomez/avdaccelerator/set-ntfspermissions/workload/", "varFslogixScriptUri": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), format('{0}scripts/Set-FSLogixRegKeysAAD.ps1', variables('varBaseScriptUri')), format('{0}scripts/Set-FSLogixRegKeys.ps1', variables('varBaseScriptUri')))]", "varFsLogixScript": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), './Set-FSLogixRegKeysAad.ps1', './Set-FSLogixRegKeys.ps1')]", "varAvdAgentPackageLocation": "[format('https://wvdportalstorageblob.blob.{0}/galleryartifacts/Configuration_09-08-2022.zip', environment().suffixes.storage)]", @@ -1426,6 +1467,7 @@ }, "varStorageAzureFilesDscAgentPackageLocation": "https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip", "varStorageToDomainScriptUri": "[format('{0}scripts/Manual-DSC-Storage-Scripts.ps1', variables('varBaseScriptUri'))]", + "varStorageSetupScriptUri": "[format('{0}scripts/Set-NTFSPermissions.ps1', variables('varBaseScriptUri'))]", "varStorageToDomainScript": "./Manual-DSC-Storage-Scripts.ps1", "varOuStgPath": "[if(not(empty(parameters('storageOuPath'))), format('\"{0}\"', parameters('storageOuPath')), format('\"{0}\"', variables('varDefaultStorageOuPath')))]", "varDefaultStorageOuPath": "[if(equals(parameters('avdIdentityServiceProvider'), 'AADDS'), 'AADDC Computers', 'Computers')]", @@ -1509,8 +1551,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4868927926622801511" + "version": "0.20.4.51522", + "templateHash": "13424900852533720203" } }, "parameters": { @@ -1530,14 +1572,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -1618,8 +1660,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9338790793667422174" + "version": "0.20.4.51522", + "templateHash": "1949461089888612708" } }, "parameters": { @@ -1632,13 +1674,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -1748,8 +1790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12586841471874813417" + "version": "0.20.4.51522", + "templateHash": "13758321727740315260" } }, "parameters": { @@ -2109,8 +2151,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4868927926622801511" + "version": "0.20.4.51522", + "templateHash": "13424900852533720203" } }, "parameters": { @@ -2130,14 +2172,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2218,8 +2260,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9338790793667422174" + "version": "0.20.4.51522", + "templateHash": "1949461089888612708" } }, "parameters": { @@ -2232,13 +2274,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2348,8 +2390,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12586841471874813417" + "version": "0.20.4.51522", + "templateHash": "13758321727740315260" } }, "parameters": { @@ -2704,8 +2746,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4868927926622801511" + "version": "0.20.4.51522", + "templateHash": "13424900852533720203" } }, "parameters": { @@ -2725,14 +2767,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2813,8 +2855,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9338790793667422174" + "version": "0.20.4.51522", + "templateHash": "1949461089888612708" } }, "parameters": { @@ -2827,13 +2869,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2943,8 +2985,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12586841471874813417" + "version": "0.20.4.51522", + "templateHash": "13758321727740315260" } }, "parameters": { @@ -3317,8 +3359,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7919978837888691656" + "version": "0.20.4.51522", + "templateHash": "13254490398188493758" } }, "parameters": { @@ -3441,8 +3483,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4868927926622801511" + "version": "0.20.4.51522", + "templateHash": "13424900852533720203" } }, "parameters": { @@ -3462,14 +3504,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -3550,8 +3592,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9338790793667422174" + "version": "0.20.4.51522", + "templateHash": "1949461089888612708" } }, "parameters": { @@ -3564,13 +3606,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -3680,8 +3722,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12586841471874813417" + "version": "0.20.4.51522", + "templateHash": "13758321727740315260" } }, "parameters": { @@ -4041,8 +4083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "13821744591720490222" + "version": "0.20.4.51522", + "templateHash": "16466569956202275233" } }, "parameters": { @@ -4131,8 +4173,8 @@ "dataRetention": { "type": "int", "defaultValue": 365, - "maxValue": 730, "minValue": 0, + "maxValue": 730, "metadata": { "description": "Optional. Number of days data will be retained for." } @@ -4191,8 +4233,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -4235,14 +4277,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -4435,8 +4477,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5892497567322793672" + "version": "0.20.4.51522", + "templateHash": "6244051756844983790" } }, "parameters": { @@ -4579,8 +4621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9104010996147858950" + "version": "0.20.4.51522", + "templateHash": "11523060429621908655" } }, "parameters": { @@ -4713,8 +4755,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4207477883724473600" + "version": "0.20.4.51522", + "templateHash": "18138448975461580741" } }, "parameters": { @@ -4848,8 +4890,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "18377173330328914128" + "version": "0.20.4.51522", + "templateHash": "14013632854529536959" } }, "parameters": { @@ -5020,15 +5062,15 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "1404193826490863720" + "version": "0.20.4.51522", + "templateHash": "7208410391413178270" } }, "parameters": { "name": { "type": "string", - "maxLength": 63, "minLength": 4, + "maxLength": 63, "metadata": { "description": "Required. The data export rule name." } @@ -5167,8 +5209,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14800885279121710904" + "version": "0.20.4.51522", + "templateHash": "1441295184563396187" } }, "parameters": { @@ -5394,8 +5436,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "174331240044920355" + "version": "0.20.4.51522", + "templateHash": "10832170881995198430" } }, "parameters": { @@ -5439,8 +5481,8 @@ "retentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 730, "minValue": -1, + "maxValue": 730, "metadata": { "description": "Optional. The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention." } @@ -5462,8 +5504,8 @@ "totalRetentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 2555, "minValue": -1, + "maxValue": 2555, "metadata": { "description": "Optional. The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention." } @@ -5563,8 +5605,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6203827990364745107" + "version": "0.20.4.51522", + "templateHash": "2843587707978411469" } }, "parameters": { @@ -5714,8 +5756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7475502990358761120" + "version": "0.20.4.51522", + "templateHash": "9516912265776834381" } }, "parameters": { @@ -5928,8 +5970,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5116894317712992016" + "version": "0.20.4.51522", + "templateHash": "13855427510225605048" } }, "parameters": { @@ -6070,14 +6112,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -6237,8 +6279,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7949543724046620304" + "version": "0.20.4.51522", + "templateHash": "15302323840134075513" } }, "parameters": { @@ -6569,8 +6611,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4872290154327272363" + "version": "0.20.4.51522", + "templateHash": "4452963820746554211" } }, "parameters": { @@ -6752,8 +6794,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "10195867857732116184" + "version": "0.20.4.51522", + "templateHash": "13076250381232532789" } }, "parameters": { @@ -6931,8 +6973,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "10829143557172841315" + "version": "0.20.4.51522", + "templateHash": "14734864167323382820" } }, "parameters": { @@ -7200,8 +7242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "16168950192958274411" + "version": "0.20.4.51522", + "templateHash": "6388442941679862584" } }, "parameters": { @@ -7281,8 +7323,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6515081992349263556" + "version": "0.20.4.51522", + "templateHash": "11981001948941619649" } }, "parameters": { @@ -7753,8 +7795,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14800885279121710904" + "version": "0.20.4.51522", + "templateHash": "1441295184563396187" } }, "parameters": { @@ -7986,8 +8028,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14800885279121710904" + "version": "0.20.4.51522", + "templateHash": "1441295184563396187" } }, "parameters": { @@ -8302,8 +8344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "1899955979931613442" + "version": "0.20.4.51522", + "templateHash": "6055794334432896498" } }, "parameters": { @@ -8653,8 +8695,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9101493170967044447" + "version": "0.20.4.51522", + "templateHash": "18312070779863286178" } }, "parameters": { @@ -8695,8 +8737,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -8725,14 +8767,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -8930,8 +8972,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11939435370198735476" + "version": "0.20.4.51522", + "templateHash": "17077330315011430282" } }, "parameters": { @@ -9175,8 +9217,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14760097731901350181" + "version": "0.20.4.51522", + "templateHash": "15810256612189281963" } }, "parameters": { @@ -9393,8 +9435,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9101493170967044447" + "version": "0.20.4.51522", + "templateHash": "18312070779863286178" } }, "parameters": { @@ -9435,8 +9477,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -9465,14 +9507,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -9670,8 +9712,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11939435370198735476" + "version": "0.20.4.51522", + "templateHash": "17077330315011430282" } }, "parameters": { @@ -9915,8 +9957,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14760097731901350181" + "version": "0.20.4.51522", + "templateHash": "15810256612189281963" } }, "parameters": { @@ -10121,8 +10163,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "17250594128284307013" + "version": "0.20.4.51522", + "templateHash": "15533129024835162443" } }, "parameters": { @@ -10142,358 +10184,358 @@ "lock": { "type": "string", "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], "metadata": { "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/applicationSecurityGroups", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": {} + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + ] + }, + { + "copy": { + "name": "applicationSecurityGroup_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-AppSecurityGroup-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.20.4.51522", + "templateHash": "2194807908259933046" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/applicationSecurityGroups', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the application security group was deployed into." }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the application security group." + }, + "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the application security group." + }, + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + } + }, + { + "condition": "[parameters('createVnet')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Route-Table-AVD-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('avdRouteTableName')]" + }, + "location": { + "value": "[parameters('sessionHostLocation')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')))), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.20.4.51522", + "templateHash": "9060023460609217515" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name given for the hub route table." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "routes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. An Array of Routes to be established within the hub route table." + } + }, + "disableBgpRoutePropagation": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Switch to disable BGP route propagation." + } + }, + "lock": { + "type": "string", + "defaultValue": "", "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] - }, - "roleAssignments": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Network/applicationSecurityGroups", - "apiVersion": "2022-07-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": {} - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - ] - }, - { - "copy": { - "name": "applicationSecurityGroup_roleAssignments", - "count": "[length(parameters('roleAssignments'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-AppSecurityGroup-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", - "principalIds": { - "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" - }, - "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", - "roleDefinitionIdOrName": { - "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" - }, - "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", - "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", - "resourceId": { - "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "15838105021656936169" - } - }, - "parameters": { - "principalIds": { - "type": "array", - "metadata": { - "description": "Required. The IDs of the principals to assign the role to." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the resource to apply the role assignment to." - } - }, - "principalType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "ServicePrincipal", - "Group", - "User", - "ForeignGroup", - "Device", - "" - ], - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Id of the delegated managed identity resource." - } - } - }, - "variables": { - "builtInRoleNames": { - "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", - "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", - "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", - "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", - "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", - "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", - "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", - "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", - "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", - "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", - "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", - "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", - "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", - "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", - "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", - "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", - "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", - "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", - "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", - "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", - "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", - "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", - "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", - "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" - } - }, - "resources": [ - { - "copy": { - "name": "roleAssignment", - "count": "[length(parameters('principalIds'))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', last(split(parameters('resourceId'), '/')))]", - "name": "[guid(resourceId('Microsoft.Network/applicationSecurityGroups', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", - "properties": { - "description": "[parameters('description')]", - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", - "principalId": "[parameters('principalIds')[copyIndex()]]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the application security group was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the application security group." - }, - "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the application security group." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name')), '2022-07-01', 'full').location]" - } - } - } - } - }, - { - "condition": "[parameters('createVnet')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Route-Table-AVD-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('avdRouteTableName')]" - }, - "location": { - "value": "[parameters('sessionHostLocation')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')))), createObject('value', createArray()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6267793583428414969" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name given for the hub route table." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "routes": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. An Array of Routes to be established within the hub route table." - } - }, - "disableBgpRoutePropagation": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Switch to disable BGP route propagation." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10591,8 +10633,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "16752813498867197745" + "version": "0.20.4.51522", + "templateHash": "15433672522856459960" } }, "parameters": { @@ -10800,8 +10842,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6267793583428414969" + "version": "0.20.4.51522", + "templateHash": "9060023460609217515" } }, "parameters": { @@ -10835,14 +10877,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10940,8 +10982,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "16752813498867197745" + "version": "0.20.4.51522", + "templateHash": "15433672522856459960" } }, "parameters": { @@ -11166,8 +11208,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "1931271665284885822" + "version": "0.20.4.51522", + "templateHash": "16391435070898772883" } }, "parameters": { @@ -11228,27 +11270,27 @@ "vnetEncryptionEnforcement": { "type": "string", "defaultValue": "AllowUnencrypted", - "metadata": { - "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." - }, "allowedValues": [ "AllowUnencrypted", "DropUnencrypted" - ] + ], + "metadata": { + "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." + } }, "flowTimeoutInMinutes": { "type": "int", "defaultValue": 0, + "maxValue": 30, "metadata": { "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." - }, - "maxValue": 30 + } }, "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -11284,14 +11326,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -11517,8 +11559,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5239437568291997506" + "version": "0.20.4.51522", + "templateHash": "15658666815760358482" } }, "parameters": { @@ -11710,8 +11752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "16022559382364910663" + "version": "0.20.4.51522", + "templateHash": "11765890115463110578" } }, "parameters": { @@ -11933,8 +11975,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "2278855343435905865" + "version": "0.20.4.51522", + "templateHash": "10093469174160917596" } }, "parameters": { @@ -12099,8 +12141,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "2278855343435905865" + "version": "0.20.4.51522", + "templateHash": "10093469174160917596" } }, "parameters": { @@ -12260,8 +12302,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5870660949078211536" + "version": "0.20.4.51522", + "templateHash": "17359386532940218799" } }, "parameters": { @@ -12497,8 +12539,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6787746441078250764" + "version": "0.20.4.51522", + "templateHash": "6566216791736784247" } }, "parameters": { @@ -12585,8 +12627,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6787746441078250764" + "version": "0.20.4.51522", + "templateHash": "6566216791736784247" } }, "parameters": { @@ -12673,8 +12715,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6787746441078250764" + "version": "0.20.4.51522", + "templateHash": "6566216791736784247" } }, "parameters": { @@ -12761,8 +12803,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6787746441078250764" + "version": "0.20.4.51522", + "templateHash": "6566216791736784247" } }, "parameters": { @@ -12943,8 +12985,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3580308259274263081" + "version": "0.20.4.51522", + "templateHash": "16887146126532845929" } }, "parameters": { @@ -13058,13 +13100,13 @@ }, "hostPoolType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "preferredAppGroupType": { "type": "string", @@ -13080,23 +13122,23 @@ }, "personalAssignType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "hostPoolLoadBalancerType": { "type": "string", - "metadata": { - "description": "AVD host pool load balacing type." - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type." + } }, "hostPoolMaxSessions": { "type": "int", @@ -13233,8 +13275,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7595954458147073254" + "version": "0.20.4.51522", + "templateHash": "13751111734870253294" } }, "parameters": { @@ -13346,8 +13388,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -13383,14 +13425,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -13637,8 +13679,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "10241186313653123794" + "version": "0.20.4.51522", + "templateHash": "18049817812681767445" } }, "parameters": { @@ -13858,8 +13900,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "13943230825932046821" + "version": "0.20.4.51522", + "templateHash": "7243327688954436435" } }, "parameters": { @@ -13917,8 +13959,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -13954,14 +13996,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -14124,8 +14166,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11389546711531681509" + "version": "0.20.4.51522", + "templateHash": "4893014638403786150" } }, "parameters": { @@ -14163,14 +14205,14 @@ "commandLineSetting": { "type": "string", "defaultValue": "DoNotAllow", - "metadata": { - "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." - }, "allowedValues": [ "Allow", "DoNotAllow", "Require" - ] + ], + "metadata": { + "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." + } }, "commandLineArguments": { "type": "string", @@ -14302,8 +14344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "15101328978713466551" + "version": "0.20.4.51522", + "templateHash": "1136039423442605560" } }, "parameters": { @@ -14512,8 +14554,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "16594809872211391702" + "version": "0.20.4.51522", + "templateHash": "7235970953761064746" } }, "parameters": { @@ -14554,8 +14596,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -14591,14 +14633,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -14754,8 +14796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "18072016089387616568" + "version": "0.20.4.51522", + "templateHash": "9018764467732457380" } }, "parameters": { @@ -14978,8 +15020,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5173129861115812391" + "version": "0.20.4.51522", + "templateHash": "379315209917035931" } }, "parameters": { @@ -15021,12 +15063,12 @@ "hostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "Optional. The type of hostpool where this scaling plan should be applied." - }, "allowedValues": [ "Pooled" - ] + ], + "metadata": { + "description": "Optional. The type of hostpool where this scaling plan should be applied." + } }, "exclusionTag": { "type": "string", @@ -15098,8 +15140,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -15259,8 +15301,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "15871536856748411551" + "version": "0.20.4.51522", + "templateHash": "3278048928000577121" } }, "parameters": { @@ -15496,8 +15538,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3386087530750285003" + "version": "0.20.4.51522", + "templateHash": "17312161537241247734" } }, "parameters": { @@ -15608,6 +15650,10 @@ "id": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb", "name": "Storage File Data SMB Share Contributor" }, + "varDesktopVirtualizationVirtualMachineContributorRole": { + "id": "\ta959dbd1-f747-45e3-8ba6-dd80f235f97c", + "name": "Desktop Virtualization Virtual Machine Contributor" + }, "varDesktopVirtualizationPowerOnContributorRole": { "id": "489581de-a3bd-480d-9518-53dea7416b33", "name": "Desktop Virtualization Power On Contributor" @@ -15673,8 +15719,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9041828126418230177" + "version": "0.20.4.51522", + "templateHash": "14285784396449865300" } }, "parameters": { @@ -15695,14 +15741,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -15796,8 +15842,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "944620176257250244" + "version": "0.20.4.51522", + "templateHash": "7489087194642478460" } }, "parameters": { @@ -15989,8 +16035,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9041828126418230177" + "version": "0.20.4.51522", + "templateHash": "14285784396449865300" } }, "parameters": { @@ -16011,14 +16057,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -16112,8 +16158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "944620176257250244" + "version": "0.20.4.51522", + "templateHash": "7489087194642478460" } }, "parameters": { @@ -16317,8 +16363,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5116894317712992016" + "version": "0.20.4.51522", + "templateHash": "13855427510225605048" } }, "parameters": { @@ -16459,14 +16505,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -16618,8 +16664,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -17198,8 +17244,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -17776,8 +17822,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -18360,8 +18406,588 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" + } + }, + "parameters": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity)." + } + }, + "resourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "Optional. Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment." + } + }, + "subscriptionId": { + "type": "string", + "defaultValue": "[subscription().subscriptionId]", + "metadata": { + "description": "Optional. Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. ID of the delegated managed identity resource." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition. Currently accepted value is \"2.0\"." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "variables": { + "builtInRoleNames": { + "Access Review Operator Service Role": "/providers/Microsoft.Authorization/roleDefinitions/76cc9ee4-d5d3-4a45-a930-26add3d73475", + "AcrDelete": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "AcrImageSigner": "/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f", + "AcrPull": "/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d", + "AcrPush": "/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec", + "AcrQuarantineReader": "/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04", + "AcrQuarantineWriter": "/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "AgFood Platform Sensor Partner Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6b77f0a0-0d89-41cc-acd1-579c22c17a67", + "AgFood Platform Service Admin": "/providers/Microsoft.Authorization/roleDefinitions/f8da80de-1ff9-4747-ad80-a19b7f6079e3", + "AgFood Platform Service Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8508508a-4469-4e45-963b-2518ee0bb728", + "AgFood Platform Service Reader": "/providers/Microsoft.Authorization/roleDefinitions/7ec7ccdc-f61e-41fe-9aaf-980df0a44eba", + "AnyBuild Builder": "/providers/Microsoft.Authorization/roleDefinitions/a2138dac-4907-4679-a376-736901ed8ad8", + "API Management Developer Portal Content Editor": "/providers/Microsoft.Authorization/roleDefinitions/c031e6a8-4391-4de0-8d69-4706a7ed3729", + "API Management Service Contributor": "/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c", + "API Management Service Operator Role": "/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61", + "API Management Service Reader Role": "/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d", + "App Configuration Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b", + "App Configuration Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071", + "Application Group Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ca6382a4-1721-4bcf-a114-ff0c70227b6b", + "Application Insights Component Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e", + "Application Insights Snapshot Debugger": "/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b", + "Attestation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e", + "Attestation Reader": "/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3", + "Automation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867", + "Automation Job Operator": "/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f", + "Automation Operator": "/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404", + "Automation Runbook Operator": "/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5", + "Autonomous Development Platform Data Contributor (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/b8b15564-4fa6-4a59-ab12-03e1d9594795", + "Autonomous Development Platform Data Owner (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/27f8b550-c507-4db9-86f2-f4b8e816d59d", + "Autonomous Development Platform Data Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/d63b75f7-47ea-4f27-92ac-e0d173aaf093", + "Avere Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a", + "Avere Operator": "/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9", + "Azure Arc Enabled Kubernetes Cluster User Role": "/providers/Microsoft.Authorization/roleDefinitions/00493d72-78f6-4148-b6c5-d3ce8e4799dd", + "Azure Arc Kubernetes Admin": "/providers/Microsoft.Authorization/roleDefinitions/dffb1e0c-446f-4dde-a09f-99eb5cc68b96", + "Azure Arc Kubernetes Cluster Admin": "/providers/Microsoft.Authorization/roleDefinitions/8393591c-06b9-48a2-a542-1bd6b377f6a2", + "Azure Arc Kubernetes Viewer": "/providers/Microsoft.Authorization/roleDefinitions/63f0a09d-1495-4db4-a681-037d84835eb4", + "Azure Arc Kubernetes Writer": "/providers/Microsoft.Authorization/roleDefinitions/5b999177-9696-4545-85c7-50de3797e5a1", + "Azure Arc ScVmm Administrator role": "/providers/Microsoft.Authorization/roleDefinitions/a92dfd61-77f9-4aec-a531-19858b406c87", + "Azure Arc ScVmm Private Cloud User": "/providers/Microsoft.Authorization/roleDefinitions/c0781e91-8102-4553-8951-97c6d4243cda", + "Azure Arc ScVmm Private Clouds Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9", + "Azure Arc ScVmm VM Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e582369a-e17b-42a5-b10c-874c387c530b", + "Azure Arc VMware Administrator role ": "/providers/Microsoft.Authorization/roleDefinitions/ddc140ed-e463-4246-9145-7c664192013f", + "Azure Arc VMware Private Cloud User": "/providers/Microsoft.Authorization/roleDefinitions/ce551c02-7c42-47e0-9deb-e3b6fc3a9a83", + "Azure Arc VMware Private Clouds Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/67d33e57-3129-45e6-bb0b-7cc522f762fa", + "Azure Arc VMware VM Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b748a06d-6150-4f8a-aaa9-ce3940cd96cb", + "Azure Center for SAP solutions administrator": "/providers/Microsoft.Authorization/roleDefinitions/7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7", + "Azure Center for SAP solutions Management role": "/providers/Microsoft.Authorization/roleDefinitions/6d949e1d-41e2-46e3-8920-c6e4f31a8310", + "Azure Center for SAP solutions reader": "/providers/Microsoft.Authorization/roleDefinitions/05352d14-a920-4328-a0de-4cbe7430e26b", + "Azure Center for SAP solutions service role": "/providers/Microsoft.Authorization/roleDefinitions/aabbc5dd-1af0-458b-a942-81af88f9c138", + "Azure Center for SAP solutions Service role for management": "/providers/Microsoft.Authorization/roleDefinitions/0105a6b0-4bb9-43d2-982a-12806f9faddb", + "Azure Connected Machine Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7", + "Azure Connected Machine Resource Administrator": "/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302", + "Azure Connected Machine Resource Manager": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c", + "Azure Connected SQL Server Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/e8113dce-c529-4d33-91fa-e9b972617508", + "Azure Digital Twins Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/bcd981a7-7f74-457b-83e1-cceb9e632ffe", + "Azure Digital Twins Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/d57506d4-4c8d-48b1-8587-93c323f6a5a3", + "Azure Event Hubs Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec", + "Azure Event Hubs Data Receiver": "/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde", + "Azure Event Hubs Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975", + "Azure Extension for SQL Server Deployment": "/providers/Microsoft.Authorization/roleDefinitions/7392c568-9289-4bde-aaaa-b7131215889d", + "Azure Front Door Domain Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0ab34830-df19-4f8c-b84e-aa85b8afa6e8", + "Azure Front Door Domain Reader": "/providers/Microsoft.Authorization/roleDefinitions/0f99d363-226e-4dca-9920-b807cf8e1a5f", + "Azure Front Door Secret Contributor": "/providers/Microsoft.Authorization/roleDefinitions/3f2eb865-5811-4578-b90a-6fc6fa0df8e5", + "Azure Front Door Secret Reader": "/providers/Microsoft.Authorization/roleDefinitions/0db238c4-885e-4c4f-a933-aa2cef684fca", + "Azure Kubernetes Fleet Manager Contributor Role": "/providers/Microsoft.Authorization/roleDefinitions/63bb64ad-9799-4770-b5c3-24ed299a07bf", + "Azure Kubernetes Fleet Manager RBAC Admin": "/providers/Microsoft.Authorization/roleDefinitions/434fb43a-c01c-447e-9f67-c3ad923cfaba", + "Azure Kubernetes Fleet Manager RBAC Cluster Admin": "/providers/Microsoft.Authorization/roleDefinitions/18ab4d3d-a1bf-4477-8ad9-8359bc988f69", + "Azure Kubernetes Fleet Manager RBAC Reader": "/providers/Microsoft.Authorization/roleDefinitions/30b27cfc-9c84-438e-b0ce-70e35255df80", + "Azure Kubernetes Fleet Manager RBAC Writer": "/providers/Microsoft.Authorization/roleDefinitions/5af6afb3-c06c-4fa4-8848-71a8aee05683", + "Azure Kubernetes Service Cluster Admin Role": "/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8", + "Azure Kubernetes Service Cluster Monitoring User": "/providers/Microsoft.Authorization/roleDefinitions/1afdec4b-e479-420e-99e7-f82237c7c5e6", + "Azure Kubernetes Service Cluster User Role": "/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f", + "Azure Kubernetes Service Contributor Role": "/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8", + "Azure Kubernetes Service Policy Add-on Deployment": "/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064", + "Azure Kubernetes Service RBAC Admin": "/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7", + "Azure Kubernetes Service RBAC Cluster Admin": "/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b", + "Azure Kubernetes Service RBAC Reader": "/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db", + "Azure Kubernetes Service RBAC Writer": "/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb", + "Azure Maps Contributor": "/providers/Microsoft.Authorization/roleDefinitions/dba33070-676a-4fb0-87fa-064dc56ff7fb", + "Azure Maps Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204", + "Azure Maps Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa", + "Azure Maps Search and Render Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/6be48352-4f82-47c9-ad5e-0acacefdb005", + "Azure Relay Listener": "/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d", + "Azure Relay Owner": "/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38", + "Azure Relay Sender": "/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d", + "Azure Service Bus Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419", + "Azure Service Bus Data Receiver": "/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0", + "Azure Service Bus Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39", + "Azure Spring Apps Connect Role": "/providers/Microsoft.Authorization/roleDefinitions/80558df3-64f9-4c0f-b32d-e5094b036b0b", + "Azure Spring Apps Remote Debugging Role": "/providers/Microsoft.Authorization/roleDefinitions/a99b0159-1064-4c22-a57b-c9b3caa1c054", + "Azure Spring Cloud Config Server Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b", + "Azure Spring Cloud Config Server Reader": "/providers/Microsoft.Authorization/roleDefinitions/d04c6db6-4947-4782-9e91-30a88feb7be7", + "Azure Spring Cloud Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/b5537268-8956-4941-a8f0-646150406f0c", + "Azure Spring Cloud Service Registry Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f5880b48-c26d-48be-b172-7927bfa1c8f1", + "Azure Spring Cloud Service Registry Reader": "/providers/Microsoft.Authorization/roleDefinitions/cff1b556-2399-4e7e-856d-a8f754be7b65", + "Azure Stack HCI registration role": "/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06", + "Azure Stack Registration Owner": "/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a", + "Azure Traffic Controller Configuration Manager": "/providers/Microsoft.Authorization/roleDefinitions/fbc52c3f-28ad-4303-a892-8a056630b8f1", + "Azure Usage Billing Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/f0310ce6-e953-4cf8-b892-fb1c87eaf7f6", + "Azure VM Managed identities restore Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6ae96244-5829-4925-a7d3-5975537d91dd", + "AzureML Compute Operator": "/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815", + "AzureML Data Scientist": "/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121", + "AzureML Metrics Writer (preview)": "/providers/Microsoft.Authorization/roleDefinitions/635dd51f-9968-44d3-b7fb-6d9a6bd613ae", + "AzureML Registry User": "/providers/Microsoft.Authorization/roleDefinitions/1823dd4f-9b8c-4ab6-ab4e-7397a3684615", + "Backup Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b", + "Backup Operator": "/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324", + "Backup Reader": "/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912", + "Bayer Ag Powered Services CWUM Solution User Role": "/providers/Microsoft.Authorization/roleDefinitions/a9b99099-ead7-47db-8fcf-072597a61dfa", + "Bayer Ag Powered Services GDU Solution": "/providers/Microsoft.Authorization/roleDefinitions/c4bc862a-3b64-4a35-a021-a380c159b042", + "Bayer Ag Powered Services Imagery Solution": "/providers/Microsoft.Authorization/roleDefinitions/ef29765d-0d37-4119-a4f8-f9f9902c9588", + "Billing Reader": "/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64", + "BizTalk Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342", + "Blockchain Member Node Access (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24", + "Blueprint Contributor": "/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4", + "Blueprint Operator": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090", + "CDN Endpoint Contributor": "/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45", + "CDN Endpoint Reader": "/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd", + "CDN Profile Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432", + "CDN Profile Reader": "/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af", + "Chamber Admin": "/providers/Microsoft.Authorization/roleDefinitions/4e9b8407-af2e-495b-ae54-bb60a55b1b5a", + "Chamber User": "/providers/Microsoft.Authorization/roleDefinitions/4447db05-44ed-4da3-ae60-6cbece780e32", + "Classic Network Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f", + "Classic Storage Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25", + "Classic Storage Account Key Operator Service Role": "/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d", + "Classic Virtual Machine Contributor": "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb", + "ClearDB MySQL DB Contributor": "/providers/Microsoft.Authorization/roleDefinitions/9106cda0-8a86-4e81-b686-29a22c54effe", + "Code Signing Certificate Profile Signer": "/providers/Microsoft.Authorization/roleDefinitions/2837e146-70d7-4cfd-ad55-7efa6464f958", + "Code Signing Identity Verifier": "/providers/Microsoft.Authorization/roleDefinitions/4339b7cf-9826-4e41-b4ed-c7f4505dac08", + "Cognitive Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68", + "Cognitive Services Custom Vision Contributor": "/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3", + "Cognitive Services Custom Vision Deployment": "/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f", + "Cognitive Services Custom Vision Labeler": "/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c", + "Cognitive Services Custom Vision Reader": "/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73", + "Cognitive Services Custom Vision Trainer": "/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b", + "Cognitive Services Data Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c", + "Cognitive Services Face Recognizer": "/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7", + "Cognitive Services Immersive Reader User": "/providers/Microsoft.Authorization/roleDefinitions/b2de6794-95db-4659-8781-7e080d3f2b9d", + "Cognitive Services Language Owner": "/providers/Microsoft.Authorization/roleDefinitions/f07febfe-79bc-46b1-8b37-790e26e6e498", + "Cognitive Services Language Reader": "/providers/Microsoft.Authorization/roleDefinitions/7628b7b8-a8b2-4cdc-b46f-e9b35248918e", + "Cognitive Services Language Writer": "/providers/Microsoft.Authorization/roleDefinitions/f2310ca1-dc64-4889-bb49-c8e0fa3d47a8", + "Cognitive Services LUIS Owner": "/providers/Microsoft.Authorization/roleDefinitions/f72c8140-2111-481c-87ff-72b910f6e3f8", + "Cognitive Services LUIS Reader": "/providers/Microsoft.Authorization/roleDefinitions/18e81cdc-4e98-4e29-a639-e7d10c5a6226", + "Cognitive Services LUIS Writer": "/providers/Microsoft.Authorization/roleDefinitions/6322a993-d5c9-4bed-b113-e49bbea25b27", + "Cognitive Services Metrics Advisor Administrator": "/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a", + "Cognitive Services Metrics Advisor User": "/providers/Microsoft.Authorization/roleDefinitions/3b20f47b-3825-43cb-8114-4bd2201156a8", + "Cognitive Services OpenAI Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442", + "Cognitive Services OpenAI User": "/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd", + "Cognitive Services QnA Maker Editor": "/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025", + "Cognitive Services QnA Maker Reader": "/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126", + "Cognitive Services Speech Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0e75ca1e-0464-4b4d-8b93-68208a576181", + "Cognitive Services Speech User": "/providers/Microsoft.Authorization/roleDefinitions/f2dc8367-1007-4938-bd23-fe263f013447", + "Cognitive Services User": "/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908", + "Collaborative Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/daa9e50b-21df-454c-94a6-a8050adab352", + "Collaborative Runtime Operator": "/providers/Microsoft.Authorization/roleDefinitions/7a6f0e70-c033-4fb1-828c-08514e5f4102", + "Compute Gallery Sharing Admin": "/providers/Microsoft.Authorization/roleDefinitions/1ef6a3be-d0ac-425d-8c01-acb62866290b", + "ContainerApp Reader": "/providers/Microsoft.Authorization/roleDefinitions/ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b", + "Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "Cosmos DB Account Reader Role": "/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8", + "Cosmos DB Operator": "/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa", + "CosmosBackupOperator": "/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb", + "CosmosRestoreOperator": "/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f", + "Cost Management Contributor": "/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430", + "Cost Management Reader": "/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3", + "Data Box Contributor": "/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5", + "Data Box Reader": "/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027", + "Data Factory Contributor": "/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5", + "Data Labeling - Labeler": "/providers/Microsoft.Authorization/roleDefinitions/c6decf44-fd0a-444c-a844-d653c394e7ab", + "Data Lake Analytics Developer": "/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88", + "Data Operator for Managed Disks": "/providers/Microsoft.Authorization/roleDefinitions/959f8984-c045-4866-89c7-12bf9737be2e", + "Data Purger": "/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90", + "Deployment Environments User": "/providers/Microsoft.Authorization/roleDefinitions/18e40d4e-8d2e-438d-97e1-9528336e149c", + "Desktop Virtualization Application Group Contributor": "/providers/Microsoft.Authorization/roleDefinitions/86240b0e-9422-4c43-887b-b61143f32ba8", + "Desktop Virtualization Application Group Reader": "/providers/Microsoft.Authorization/roleDefinitions/aebf23d0-b568-4e86-b8f9-fe83a2c6ab55", + "Desktop Virtualization Contributor": "/providers/Microsoft.Authorization/roleDefinitions/082f0a83-3be5-4ba1-904c-961cca79b387", + "Desktop Virtualization Host Pool Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e307426c-f9b6-4e81-87de-d99efb3c32bc", + "Desktop Virtualization Host Pool Reader": "/providers/Microsoft.Authorization/roleDefinitions/ceadfde2-b300-400a-ab7b-6143895aa822", + "Desktop Virtualization Power On Contributor": "/providers/Microsoft.Authorization/roleDefinitions/489581de-a3bd-480d-9518-53dea7416b33", + "Desktop Virtualization Power On Off Contributor": "/providers/Microsoft.Authorization/roleDefinitions/40c5ff49-9181-41f8-ae61-143b0e78555e", + "Desktop Virtualization Reader": "/providers/Microsoft.Authorization/roleDefinitions/49a72310-ab8d-41df-bbb0-79b649203868", + "Desktop Virtualization Session Host Operator": "/providers/Microsoft.Authorization/roleDefinitions/2ad6aaab-ead9-4eaa-8ac5-da422f562408", + "Desktop Virtualization User": "/providers/Microsoft.Authorization/roleDefinitions/1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63", + "Desktop Virtualization User Session Operator": "/providers/Microsoft.Authorization/roleDefinitions/ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6", + "Desktop Virtualization Virtual Machine Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a959dbd1-f747-45e3-8ba6-dd80f235f97c", + "Desktop Virtualization Workspace Contributor": "/providers/Microsoft.Authorization/roleDefinitions/21efdde3-836f-432b-bf3d-3e8e734d4b2b", + "Desktop Virtualization Workspace Reader": "/providers/Microsoft.Authorization/roleDefinitions/0fa44ee9-7a7d-466b-9bb2-2bf446b1204d", + "DevCenter Dev Box User": "/providers/Microsoft.Authorization/roleDefinitions/45d50f46-0b78-4001-a660-4198cbe8cd05", + "DevCenter Project Admin": "/providers/Microsoft.Authorization/roleDefinitions/331c37c6-af14-46d9-b9f4-e1909e1b95a0", + "Device Provisioning Service Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/dfce44e4-17b7-4bd1-a6d1-04996ec95633", + "Device Provisioning Service Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/10745317-c249-44a1-a5ce-3a4353c0bbd8", + "Device Update Administrator": "/providers/Microsoft.Authorization/roleDefinitions/02ca0879-e8e4-47a5-a61e-5c618b76e64a", + "Device Update Content Administrator": "/providers/Microsoft.Authorization/roleDefinitions/0378884a-3af5-44ab-8323-f5b22f9f3c98", + "Device Update Content Reader": "/providers/Microsoft.Authorization/roleDefinitions/d1ee9a80-8b14-47f0-bdc2-f4a351625a7b", + "Device Update Deployments Administrator": "/providers/Microsoft.Authorization/roleDefinitions/e4237640-0e3d-4a46-8fda-70bc94856432", + "Device Update Deployments Reader": "/providers/Microsoft.Authorization/roleDefinitions/49e2f5d2-7741-4835-8efa-19e1fe35e47f", + "Device Update Reader": "/providers/Microsoft.Authorization/roleDefinitions/e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f", + "DevTest Labs User": "/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64", + "DICOM Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/58a3b984-7adf-4c20-983a-32417c86fbc8", + "DICOM Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a", + "Disk Backup Reader": "/providers/Microsoft.Authorization/roleDefinitions/3e5e47e6-65f7-47ef-90b5-e5dd4d455f24", + "Disk Pool Operator": "/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840", + "Disk Restore Operator": "/providers/Microsoft.Authorization/roleDefinitions/b50d9833-a0cb-478e-945f-707fcc997c13", + "Disk Snapshot Contributor": "/providers/Microsoft.Authorization/roleDefinitions/7efff54f-a5b4-42b5-a1c5-5411624893ce", + "DNS Resolver Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d", + "DNS Zone Contributor": "/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314", + "DocumentDB Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450", + "Domain Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/eeaeda52-9324-47f6-8069-5d5bade478b2", + "Domain Services Reader": "/providers/Microsoft.Authorization/roleDefinitions/361898ef-9ed1-48c2-849c-a832951106bb", + "Elastic SAN Owner": "/providers/Microsoft.Authorization/roleDefinitions/80dcbedb-47ef-405d-95bd-188a1b4ac406", + "Elastic SAN Reader": "/providers/Microsoft.Authorization/roleDefinitions/af6a70f8-3c9f-4105-acf1-d719e9fca4ca", + "Elastic SAN Volume Group Owner": "/providers/Microsoft.Authorization/roleDefinitions/a8281131-f312-4f34-8d98-ae12be9f0d23", + "EventGrid Contributor": "/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de", + "EventGrid Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7", + "EventGrid EventSubscription Contributor": "/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443", + "EventGrid EventSubscription Reader": "/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405", + "Experimentation Administrator": "/providers/Microsoft.Authorization/roleDefinitions/7f646f1b-fa08-80eb-a33b-edd6ce5c915c", + "Experimentation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/7f646f1b-fa08-80eb-a22b-edd6ce5c915c", + "Experimentation Metric Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6188b7c9-7d01-4f99-a59f-c88b630326c0", + "Experimentation Reader": "/providers/Microsoft.Authorization/roleDefinitions/49632ef5-d9ac-41f4-b8e7-bbe587fa74a1", + "FHIR Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd", + "FHIR Data Converter": "/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "FHIR Data Exporter": "/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843", + "FHIR Data Importer": "/providers/Microsoft.Authorization/roleDefinitions/4465e953-8ced-4406-a58e-0f6e3f3b530b", + "FHIR Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508", + "FHIR Data Writer": "/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913", + "FHIR SMART User": "/providers/Microsoft.Authorization/roleDefinitions/4ba50f17-9666-485c-a643-ff00808643f0", + "Grafana Admin": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41", + "Grafana Editor": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f", + "Grafana Viewer": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769", + "Graph Owner": "/providers/Microsoft.Authorization/roleDefinitions/b60367af-1334-4454-b71e-769d9a4f83d9", + "Guest Configuration Resource Contributor": "/providers/Microsoft.Authorization/roleDefinitions/088ab73d-1256-47ae-bea9-9de8e7131f31", + "HDInsight Cluster Operator": "/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a", + "HDInsight Domain Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c", + "Hierarchy Settings Administrator": "/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d", + "Hybrid Server Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb", + "Hybrid Server Resource Administrator": "/providers/Microsoft.Authorization/roleDefinitions/48b40c6e-82e0-4eb3-90d5-19e40f49b624", + "Impact Reader": "/providers/Microsoft.Authorization/roleDefinitions/68ff5d27-c7f5-4fa9-a21c-785d0df7bd9e", + "Impact Reporter": "/providers/Microsoft.Authorization/roleDefinitions/36e80216-a7e8-4f42-a7e1-f12c98cbaf8a", + "Integration Service Environment Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8", + "Integration Service Environment Developer": "/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec", + "Intelligent Systems Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e", + "IoT Hub Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4fc6c259-987e-4a07-842e-c321cc9d413f", + "IoT Hub Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/b447c946-2db7-41ec-983d-d8bf3b1c77e3", + "IoT Hub Registry Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4ea46cd5-c1b2-4a8e-910b-273211f9ce47", + "IoT Hub Twin Contributor": "/providers/Microsoft.Authorization/roleDefinitions/494bdba2-168f-4f31-a0a1-191d2f7c028c", + "Key Vault Administrator": "/providers/Microsoft.Authorization/roleDefinitions/00482a5a-887f-4fb3-b363-3b7fe8e74483", + "Key Vault Certificates Officer": "/providers/Microsoft.Authorization/roleDefinitions/a4417e6f-fecd-4de8-b567-7b0420556985", + "Key Vault Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395", + "Key Vault Crypto Officer": "/providers/Microsoft.Authorization/roleDefinitions/14b46e9e-c2b7-41b4-b07b-48a6ebf60603", + "Key Vault Crypto Service Encryption User": "/providers/Microsoft.Authorization/roleDefinitions/e147488a-f6f5-4113-8e2d-b22465e65bf6", + "Key Vault Crypto User": "/providers/Microsoft.Authorization/roleDefinitions/12338af0-0e69-4776-bea7-57ae8d297424", + "Key Vault Reader": "/providers/Microsoft.Authorization/roleDefinitions/21090545-7ca7-4776-b22c-e363652d74d2", + "Key Vault Secrets Officer": "/providers/Microsoft.Authorization/roleDefinitions/b86a8fe4-44ce-4948-aee5-eccb2c155cd7", + "Key Vault Secrets User": "/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6", + "Knowledge Consumer": "/providers/Microsoft.Authorization/roleDefinitions/ee361c5d-f7b5-4119-b4b6-892157c8f64c", + "Kubernetes Agentless Operator": "/providers/Microsoft.Authorization/roleDefinitions/d5a2ae44-610b-4500-93be-660a0c5f5ca6", + "Kubernetes Cluster - Azure Arc Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/34e09817-6cbe-4d01-b1a2-e0eac5743d41", + "Kubernetes Extension Contributor": "/providers/Microsoft.Authorization/roleDefinitions/85cb6faf-e071-4c9b-8136-154b5a04f717", + "Kubernetes Namespace User": "/providers/Microsoft.Authorization/roleDefinitions/ba79058c-0414-4a34-9e42-c3399d80cd5a", + "Lab Assistant": "/providers/Microsoft.Authorization/roleDefinitions/ce40b423-cede-4313-a93f-9b28290b72e1", + "Lab Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5daaa2af-1fe8-407c-9122-bba179798270", + "Lab Creator": "/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead", + "Lab Operator": "/providers/Microsoft.Authorization/roleDefinitions/a36e6959-b6be-4b12-8e9f-ef4b474d304d", + "Lab Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f69b8690-cc87-41d6-b77a-a4bc3c0a966f", + "Lab Services Reader": "/providers/Microsoft.Authorization/roleDefinitions/2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc", + "Load Test Contributor": "/providers/Microsoft.Authorization/roleDefinitions/749a398d-560b-491b-bb21-08924219302e", + "Load Test Owner": "/providers/Microsoft.Authorization/roleDefinitions/45bb0b16-2f0c-4e78-afaa-a07599b003f6", + "Load Test Reader": "/providers/Microsoft.Authorization/roleDefinitions/3ae3fb29-0000-4ccd-bf80-542e7b26e081", + "LocalNGFirewallAdministrator role": "/providers/Microsoft.Authorization/roleDefinitions/a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2", + "LocalRulestacksAdministrator role": "/providers/Microsoft.Authorization/roleDefinitions/bfc3b73d-c6ff-45eb-9a5f-40298295bf20", + "Log Analytics Contributor": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293", + "Log Analytics Reader": "/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893", + "Logic App Contributor": "/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e", + "Logic App Operator": "/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe", + "Managed Application Contributor Role": "/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e", + "Managed Application Operator Role": "/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae", + "Managed Applications Reader": "/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44", + "Managed HSM contributor": "/providers/Microsoft.Authorization/roleDefinitions/18500a29-7fe2-46b2-a342-b16a415e101d", + "Managed Identity Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59", + "Managed Identity Operator": "/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830", + "Managed Services Registration assignment Delete Role": "/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46", + "Management Group Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c", + "Management Group Reader": "/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d", + "Media Services Account Administrator": "/providers/Microsoft.Authorization/roleDefinitions/054126f8-9a2b-4f1c-a9ad-eca461f08466", + "Media Services Live Events Administrator": "/providers/Microsoft.Authorization/roleDefinitions/532bc159-b25e-42c0-969e-a1d439f60d77", + "Media Services Media Operator": "/providers/Microsoft.Authorization/roleDefinitions/e4395492-1534-4db2-bedf-88c14621589c", + "Media Services Policy Administrator": "/providers/Microsoft.Authorization/roleDefinitions/c4bba371-dacd-4a26-b320-7250bca963ae", + "Media Services Streaming Endpoints Administrator": "/providers/Microsoft.Authorization/roleDefinitions/99dba123-b5fe-44d5-874c-ced7199a5804", + "Microsoft Sentinel Automation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f4c81013-99ee-4d62-a7ee-b3f1f648599a", + "Microsoft Sentinel Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade", + "Microsoft Sentinel Playbook Operator": "/providers/Microsoft.Authorization/roleDefinitions/51d6186e-6489-4900-b93f-92e23144cca5", + "Microsoft Sentinel Reader": "/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb", + "Microsoft Sentinel Responder": "/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056", + "Microsoft.Kubernetes connected cluster role": "/providers/Microsoft.Authorization/roleDefinitions/5548b2cf-c94c-4228-90ba-30851930a12f", + "Monitoring Contributor": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa", + "Monitoring Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/b0d8363b-8ddd-447d-831f-62ca05bff136", + "Monitoring Metrics Publisher": "/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb", + "Monitoring Reader": "/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05", + "MySQL Backup And Export Operator": "/providers/Microsoft.Authorization/roleDefinitions/d18ad5f3-1baf-4119-b49b-d944edb1f9d0", + "Network Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7", + "New Relic APM Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237", + "Object Anchors Account Owner": "/providers/Microsoft.Authorization/roleDefinitions/ca0835dd-bacc-42dd-8ed2-ed5e7230d15b", + "Object Anchors Account Reader": "/providers/Microsoft.Authorization/roleDefinitions/4a167cdf-cb95-4554-9203-2347fe489bd9", + "Object Understanding Account Owner": "/providers/Microsoft.Authorization/roleDefinitions/4dd61c23-6743-42fe-a388-d8bdd41cb745", + "Object Understanding Account Reader": "/providers/Microsoft.Authorization/roleDefinitions/d18777c0-1514-4662-8490-608db7d334b6", + "Owner": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635", + "PlayFab Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0c8b84dc-067c-4039-9615-fa1a4b77c726", + "PlayFab Reader": "/providers/Microsoft.Authorization/roleDefinitions/a9a19cc5-31f4-447c-901f-56c0bb18fcaf", + "Policy Insights Data Writer (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84", + "Private DNS Zone Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f", + "Project Babylon Data Curator": "/providers/Microsoft.Authorization/roleDefinitions/9ef4ef9c-a049-46b0-82ab-dd8ac094c889", + "Project Babylon Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/c8d896ba-346d-4f50-bc1d-7d1c84130446", + "Project Babylon Data Source Administrator": "/providers/Microsoft.Authorization/roleDefinitions/05b7651b-dc44-475e-b74d-df3db49fae0f", + "Purview role 1 (Deprecated)": "/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347", + "Purview role 2 (Deprecated)": "/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803", + "Purview role 3 (Deprecated)": "/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db", + "Quota Request Operator": "/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125", + "Reader": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", + "Reader and Data Access": "/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349", + "Redis Cache Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17", + "Remote Rendering Administrator": "/providers/Microsoft.Authorization/roleDefinitions/3df8b902-2a6f-47c7-8cc5-360e9b272a7e", + "Remote Rendering Client": "/providers/Microsoft.Authorization/roleDefinitions/d39065c4-c120-43c9-ab0a-63eed9795f0a", + "Reservation Purchaser": "/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689", + "Resource Policy Contributor": "/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608", + "Role Based Access Control Administrator (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168", + "Scheduled Patching Contributor": "/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6", + "Scheduler Job Collections Contributor": "/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94", + "Schema Registry Contributor (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25", + "Schema Registry Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2", + "Search Index Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7", + "Search Index Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f", + "Search Service Contributor": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0", + "Security Admin": "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd", + "Security Assessment Contributor": "/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5", + "Security Detonation Chamber Publisher": "/providers/Microsoft.Authorization/roleDefinitions/352470b3-6a9c-4686-b503-35deb827e500", + "Security Detonation Chamber Reader": "/providers/Microsoft.Authorization/roleDefinitions/28241645-39f8-410b-ad48-87863e2951d5", + "Security Detonation Chamber Submission Manager": "/providers/Microsoft.Authorization/roleDefinitions/a37b566d-3efa-4beb-a2f2-698963fa42ce", + "Security Detonation Chamber Submitter": "/providers/Microsoft.Authorization/roleDefinitions/0b555d9b-b4a7-4f43-b330-627f0e5be8f0", + "Security Manager (Legacy)": "/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10", + "Security Reader": "/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4", + "Services Hub Operator": "/providers/Microsoft.Authorization/roleDefinitions/82200a5b-e217-47a5-b665-6d8765ee745b", + "SignalR AccessKey Reader": "/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e", + "SignalR App Server": "/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7", + "SignalR REST API Owner": "/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521", + "SignalR REST API Reader": "/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035", + "SignalR Service Owner": "/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3", + "SignalR/Web PubSub Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761", + "Site Recovery Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567", + "Site Recovery Operator": "/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca", + "Site Recovery Reader": "/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149", + "Spatial Anchors Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827", + "Spatial Anchors Account Owner": "/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c", + "Spatial Anchors Account Reader": "/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413", + "SQL DB Contributor": "/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec", + "SQL Managed Instance Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d", + "SQL Security Manager": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3", + "SQL Server Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437", + "SqlDb Migration Role": "/providers/Microsoft.Authorization/roleDefinitions/189207d4-bb67-4208-a635-b06afe8b2c57", + "SqlMI Migration Role": "/providers/Microsoft.Authorization/roleDefinitions/1d335eef-eee1-47fe-a9e0-53214eba8872", + "SqlVM Migration Role": "/providers/Microsoft.Authorization/roleDefinitions/ae8036db-e102-405b-a1b9-bae082ea436d", + "Storage Account Backup Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1", + "Storage Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab", + "Storage Account Key Operator Service Role": "/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12", + "Storage Blob Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe", + "Storage Blob Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b", + "Storage Blob Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1", + "Storage Blob Delegator": "/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a", + "Storage File Data SMB Share Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb", + "Storage File Data SMB Share Elevated Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7", + "Storage File Data SMB Share Reader": "/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314", + "Storage Queue Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88", + "Storage Queue Data Message Processor": "/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed", + "Storage Queue Data Message Sender": "/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a", + "Storage Queue Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925", + "Storage Table Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3", + "Storage Table Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/76199698-9eea-4c19-bc75-cec21354c6b6", + "Stream Analytics Query Tester": "/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf", + "Support Request Contributor": "/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e", + "Tag Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f", + "Template Spec Contributor": "/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b", + "Template Spec Reader": "/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e", + "Test Base Reader": "/providers/Microsoft.Authorization/roleDefinitions/15e0f5a1-3450-4248-8e25-e2afe88a9e85", + "Traffic Manager Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7", + "User Access Administrator": "/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9", + "Video Indexer Restricted Viewer": "/providers/Microsoft.Authorization/roleDefinitions/a2c4a527-7dc0-4ee3-897b-403ade70fafb", + "Virtual Machine Administrator Login": "/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4", + "Virtual Machine Contributor": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c", + "Virtual Machine Local User Login": "/providers/Microsoft.Authorization/roleDefinitions/602da2ba-a5c2-41da-b01d-5360126ab525", + "Virtual Machine User Login": "/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52", + "VM Scanner Operator": "/providers/Microsoft.Authorization/roleDefinitions/d24ecba3-c1f4-40fa-a7bb-4588a071e8fd", + "Web Plan Contributor": "/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b", + "Web PubSub Service Owner (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/12cf5a90-567b-43ae-8102-96cf46c7d9b4", + "Web PubSub Service Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf", + "Website Contributor": "/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772", + "Windows Admin Center Administrator Login": "/providers/Microsoft.Authorization/roleDefinitions/a6333a3e-0164-44c3-b281-7a577aff287f", + "Workbook Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad", + "Workbook Reader": "/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d", + "WorkloadBuilder Migration Agent Role": "/providers/Microsoft.Authorization/roleDefinitions/d17ce0a2-0697-43bc-aac5-9113337ab61c" + }, + "roleDefinitionIdVar": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]" + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(parameters('subscriptionId'), parameters('resourceGroupName'), variables('roleDefinitionIdVar'), parameters('principalId'))]", + "properties": { + "roleDefinitionId": "[variables('roleDefinitionIdVar')]", + "principalId": "[parameters('principalId')]", + "description": "[if(not(empty(parameters('description'))), parameters('description'), null())]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The GUID of the Role Assignment." + }, + "value": "[guid(parameters('subscriptionId'), parameters('resourceGroupName'), variables('roleDefinitionIdVar'), parameters('principalId'))]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Role Assignment." + }, + "value": "[resourceId('Microsoft.Authorization/roleAssignments', guid(parameters('subscriptionId'), parameters('resourceGroupName'), variables('roleDefinitionIdVar'), parameters('principalId')))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the role assignment was applied at." + }, + "value": "[resourceGroup().name]" + }, + "scope": { + "type": "string", + "metadata": { + "description": "The scope this Role Assignment applies to." + }, + "value": "[resourceGroup().id]" + } + } + } + } + }, + { + "copy": { + "name": "DesktopVirtualizationVirtualMachineContributorRoleAssign", + "count": "[length(parameters('appGroupIdentitiesIds'))]" + }, + "condition": "[and(and(parameters('createStorageDeployment'), equals(parameters('identityServiceProvider'), 'AAD')), not(empty(parameters('appGroupIdentitiesIds'))))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Stora-VMCont-RolAssign-{0}-{1}', take(format('{0}', parameters('appGroupIdentitiesIds')[copyIndex()]), 6), parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", + "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "roleDefinitionIdOrName": { + "value": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/{1}', parameters('subscriptionId'), variables('varDesktopVirtualizationVirtualMachineContributorRole').id)]" + }, + "principalId": { + "value": "[parameters('appGroupIdentitiesIds')[copyIndex()]]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -18940,8 +19566,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -19520,8 +20146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -20094,8 +20720,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -20734,8 +21360,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5631218280098410226" + "version": "0.20.4.51522", + "templateHash": "4419098572865202916" } }, "parameters": { @@ -20895,8 +21521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4872290154327272363" + "version": "0.20.4.51522", + "templateHash": "4452963820746554211" } }, "parameters": { @@ -21084,8 +21710,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "10829143557172841315" + "version": "0.20.4.51522", + "templateHash": "14734864167323382820" } }, "parameters": { @@ -21354,8 +21980,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "16168950192958274411" + "version": "0.20.4.51522", + "templateHash": "6388442941679862584" } }, "parameters": { @@ -21448,8 +22074,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "10829143557172841315" + "version": "0.20.4.51522", + "templateHash": "14734864167323382820" } }, "parameters": { @@ -21718,8 +22344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "16168950192958274411" + "version": "0.20.4.51522", + "templateHash": "6388442941679862584" } }, "parameters": { @@ -21788,8 +22414,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -22372,8 +22998,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -22953,8 +23579,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9041828126418230177" + "version": "0.20.4.51522", + "templateHash": "14285784396449865300" } }, "parameters": { @@ -22975,14 +23601,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -23076,8 +23702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "944620176257250244" + "version": "0.20.4.51522", + "templateHash": "7489087194642478460" } }, "parameters": { @@ -23280,8 +23906,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5116894317712992016" + "version": "0.20.4.51522", + "templateHash": "13855427510225605048" } }, "parameters": { @@ -23422,14 +24048,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -23577,8 +24203,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11819315313212174566" + "version": "0.20.4.51522", + "templateHash": "11988167751495063235" } }, "parameters": { @@ -24187,8 +24813,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5687330676931807872" + "version": "0.20.4.51522", + "templateHash": "4336683637724916675" } }, "parameters": { @@ -24328,8 +24954,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "18218818109781943931" + "version": "0.20.4.51522", + "templateHash": "15278159916904409392" } }, "parameters": { @@ -24457,8 +25083,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -24494,14 +25120,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -24706,8 +25332,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5956155025819321457" + "version": "0.20.4.51522", + "templateHash": "3475838612797695045" } }, "parameters": { @@ -24838,8 +25464,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11848774348676575570" + "version": "0.20.4.51522", + "templateHash": "3575334071183911619" } }, "parameters": { @@ -24975,8 +25601,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9154475470956985352" + "version": "0.20.4.51522", + "templateHash": "4251680927905962776" } }, "parameters": { @@ -25170,8 +25796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7585019690208379133" + "version": "0.20.4.51522", + "templateHash": "3502508382555568849" } }, "parameters": { @@ -25353,8 +25979,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3354496057078802382" + "version": "0.20.4.51522", + "templateHash": "3968881335142586299" } }, "parameters": { @@ -25556,8 +26182,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11825715538543749879" + "version": "0.20.4.51522", + "templateHash": "14223673717204993341" } }, "parameters": { @@ -25623,14 +26249,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -25753,8 +26379,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12684511314187066258" + "version": "0.20.4.51522", + "templateHash": "15469970921150490766" } }, "parameters": { @@ -25766,8 +26392,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -25888,8 +26514,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "18055161250379920591" + "version": "0.20.4.51522", + "templateHash": "11548486149222715894" } }, "parameters": { @@ -26102,8 +26728,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3806203937606389856" + "version": "0.20.4.51522", + "templateHash": "18089760146236492183" } }, "parameters": { @@ -26333,8 +26959,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7585019690208379133" + "version": "0.20.4.51522", + "templateHash": "3502508382555568849" } }, "parameters": { @@ -26516,8 +27142,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3354496057078802382" + "version": "0.20.4.51522", + "templateHash": "3968881335142586299" } }, "parameters": { @@ -26719,8 +27345,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14191127801422618951" + "version": "0.20.4.51522", + "templateHash": "4293782236966149999" } }, "parameters": { @@ -26747,14 +27373,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "keyVaultResourceId": { "type": "string", @@ -26930,8 +27556,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5266650210800919607" + "version": "0.20.4.51522", + "templateHash": "5913399027157330378" } }, "parameters": { @@ -27006,8 +27632,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "15248304540243541293" + "version": "0.20.4.51522", + "templateHash": "10065918419981417666" } }, "parameters": { @@ -27078,8 +27704,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5956155025819321457" + "version": "0.20.4.51522", + "templateHash": "3475838612797695045" } }, "parameters": { @@ -27209,8 +27835,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4632454948156980307" + "version": "0.20.4.51522", + "templateHash": "14948408905344933172" } }, "parameters": { @@ -27477,8 +28103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "18218818109781943931" + "version": "0.20.4.51522", + "templateHash": "15278159916904409392" } }, "parameters": { @@ -27606,8 +28232,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -27643,14 +28269,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -27855,8 +28481,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5956155025819321457" + "version": "0.20.4.51522", + "templateHash": "3475838612797695045" } }, "parameters": { @@ -27987,8 +28613,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11848774348676575570" + "version": "0.20.4.51522", + "templateHash": "3575334071183911619" } }, "parameters": { @@ -28124,8 +28750,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9154475470956985352" + "version": "0.20.4.51522", + "templateHash": "4251680927905962776" } }, "parameters": { @@ -28319,8 +28945,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7585019690208379133" + "version": "0.20.4.51522", + "templateHash": "3502508382555568849" } }, "parameters": { @@ -28502,8 +29128,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3354496057078802382" + "version": "0.20.4.51522", + "templateHash": "3968881335142586299" } }, "parameters": { @@ -28705,8 +29331,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11825715538543749879" + "version": "0.20.4.51522", + "templateHash": "14223673717204993341" } }, "parameters": { @@ -28772,14 +29398,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -28902,8 +29528,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12684511314187066258" + "version": "0.20.4.51522", + "templateHash": "15469970921150490766" } }, "parameters": { @@ -28915,8 +29541,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -29037,8 +29663,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "18055161250379920591" + "version": "0.20.4.51522", + "templateHash": "11548486149222715894" } }, "parameters": { @@ -29251,8 +29877,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3806203937606389856" + "version": "0.20.4.51522", + "templateHash": "18089760146236492183" } }, "parameters": { @@ -29503,8 +30129,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7754941784063673392" + "version": "0.20.4.51522", + "templateHash": "12318171305825941715" } }, "parameters": { @@ -29784,8 +30410,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4246964059709335904" + "version": "0.20.4.51522", + "templateHash": "1253319411655473766" } }, "parameters": { @@ -30210,8 +30836,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -30247,14 +30873,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -30632,8 +31258,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14151158611245790705" + "version": "0.20.4.51522", + "templateHash": "14647474702270197476" } }, "parameters": { @@ -30793,8 +31419,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6334341016892720558" + "version": "0.20.4.51522", + "templateHash": "18395782528227461356" } }, "parameters": { @@ -30865,8 +31491,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -30923,14 +31549,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -31126,8 +31752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7927074872480917952" + "version": "0.20.4.51522", + "templateHash": "11249227806125160411" } }, "parameters": { @@ -31381,8 +32007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4998852968640897249" + "version": "0.20.4.51522", + "templateHash": "17418930732786956710" } }, "parameters": { @@ -31444,14 +32070,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -31469,14 +32095,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -31488,8 +32114,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -31679,8 +32305,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11217191875210502826" + "version": "0.20.4.51522", + "templateHash": "12768288729117926344" } }, "parameters": { @@ -31895,8 +32521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -32098,8 +32724,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -32296,8 +32922,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -32499,8 +33125,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -32692,8 +33318,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -32885,8 +33511,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -33082,8 +33708,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -33287,8 +33913,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -33485,8 +34111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -33686,8 +34312,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9148923827539718769" + "version": "0.20.4.51522", + "templateHash": "10936395871082409190" } }, "parameters": { @@ -33718,9 +34344,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -33732,7 +34355,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -33852,8 +34478,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "8683447033120970865" + "version": "0.20.4.51522", + "templateHash": "5187922792757343332" } }, "parameters": { @@ -34069,8 +34695,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5116894317712992016" + "version": "0.20.4.51522", + "templateHash": "13855427510225605048" } }, "parameters": { @@ -34211,14 +34837,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -34365,6 +34991,9 @@ "storagePurpose": { "value": "fslogix" }, + "storageSolution": { + "value": "[parameters('fslogixStorageSolution')]" + }, "fileShareName": { "value": "[variables('varFslogixFileShareName')]" }, @@ -34378,11 +35007,14 @@ "storageAccountName": { "value": "[variables('varFslogixStorageName')]" }, - "storageToDomainScript": { - "value": "[variables('varStorageToDomainScript')]" + "securityPrincipalNames": { + "value": "[parameters('securityPrincipalNames')]" + }, + "netBios": { + "value": "[parameters('netBios')]" }, - "storageToDomainScriptUri": { - "value": "[variables('varStorageToDomainScriptUri')]" + "KerberosEncryption": { + "value": "[parameters('kerberosEncryption')]" }, "identityServiceProvider": { "value": "[parameters('avdIdentityServiceProvider')]" @@ -34409,6 +35041,9 @@ "domainJoinUserName": { "value": "[parameters('avdDomainJoinUserName')]" }, + "domainJoinUserPassword": { + "value": "[parameters('avdDomainJoinUserPassword')]" + }, "wrklKvName": { "value": "[variables('varWrklKvName')]" }, @@ -34444,8 +35079,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "2169659678978584201" + "version": "0.20.4.51522", + "templateHash": "8421855814376641161" } }, "parameters": { @@ -34527,6 +35162,12 @@ "description": "AVD session host domain join credentials." } }, + "domainJoinUserPassword": { + "type": "securestring", + "metadata": { + "description": "AVD session host domain join credentials." + } + }, "storageSku": { "type": "string", "metadata": { @@ -34545,18 +35186,6 @@ "description": "Use Azure private DNS zones for private endpoints." } }, - "storageToDomainScript": { - "type": "string", - "metadata": { - "description": "Script name for adding storage account to Active Directory." - } - }, - "storageToDomainScriptUri": { - "type": "string", - "metadata": { - "description": "URI for the script for adding the storage account to Active Directory." - } - }, "tags": { "type": "object", "metadata": { @@ -34600,6 +35229,13 @@ "description": "Sets purpose of the storage account." } }, + "ActiveDirectorySolution": { + "type": "string", + "defaultValue": "ActiveDirectoryDomainServices", + "metadata": { + "description": "ActiveDirectorySolution. " + } + }, "dscAgentPackageLocation": { "type": "string", "metadata": { @@ -34629,6 +35265,46 @@ "metadata": { "description": "Managed Identity Client ID" } + }, + "KerberosEncryption": { + "type": "string", + "metadata": { + "description": "Kerberos Encryption. Default is AES256." + } + }, + "_artifactsLocation": { + "type": "string", + "defaultValue": "https://github.com/moisesjgomez/avdaccelerator/tree/ntfs-permissions/workload/scripts/", + "metadata": { + "description": "Location of script. Default is located in workload/scripts" + } + }, + "_artifactsLocationSasToken": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "SAS Token to access script." + } + }, + "securityPrincipalNames": { + "type": "string", + "defaultValue": "" + }, + "storageSolution": { + "type": "string", + "defaultValue": "AzureStorageAccount" + }, + "storageCount": { + "type": "int", + "defaultValue": 1 + }, + "storageIndex": { + "type": "int", + "defaultValue": 0 + }, + "netBios": { + "type": "string", + "defaultValue": "" } }, "variables": { @@ -34641,8 +35317,7 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", - "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -CreateNewOU {11} -ShareName {12} -ClientId {13}', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('createOuForStorageString'), parameters('fileShareName'), parameters('managedIdentityClientId'))]" + "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]" }, "resources": [ { @@ -34712,17 +35387,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "345355747748121291" + "version": "0.20.4.51522", + "templateHash": "13495975469470590842" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -34755,23 +35430,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -34781,30 +35453,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -34926,14 +35601,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -34973,8 +35648,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -35010,14 +35685,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -35273,8 +35948,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "17697200063463062331" + "version": "0.20.4.51522", + "templateHash": "12642833522973709137" } }, "parameters": { @@ -35468,8 +36143,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11825715538543749879" + "version": "0.20.4.51522", + "templateHash": "14223673717204993341" } }, "parameters": { @@ -35535,14 +36210,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -35665,8 +36340,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12684511314187066258" + "version": "0.20.4.51522", + "templateHash": "15469970921150490766" } }, "parameters": { @@ -35678,8 +36353,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -35800,8 +36475,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "18055161250379920591" + "version": "0.20.4.51522", + "templateHash": "11548486149222715894" } }, "parameters": { @@ -36007,17 +36682,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7454408641260922049" + "version": "0.20.4.51522", + "templateHash": "8978422488445485344" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -36131,17 +36806,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12172582011221745114" + "version": "0.20.4.51522", + "templateHash": "2330136999068913944" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -36289,17 +36964,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12138021326707972445" + "version": "0.20.4.51522", + "templateHash": "7449133026505545668" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -36332,8 +37007,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -36518,17 +37193,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "15241099227381470891" + "version": "0.20.4.51522", + "templateHash": "4064255398341808902" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -36546,14 +37221,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -36632,17 +37307,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "1035017070839188570" + "version": "0.20.4.51522", + "templateHash": "15443293367642845531" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -36760,8 +37435,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3590948593540174307" + "version": "0.20.4.51522", + "templateHash": "8600687658951622621" } }, "parameters": { @@ -36998,17 +37673,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14356202051768725778" + "version": "0.20.4.51522", + "templateHash": "6459501732950302720" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -37037,8 +37712,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -37230,17 +37905,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "1554379355329393561" + "version": "0.20.4.51522", + "templateHash": "5400935325886589806" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -37265,25 +37940,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -37359,8 +38034,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "2300763779336807238" + "version": "0.20.4.51522", + "templateHash": "17068545632348399169" } }, "parameters": { @@ -37598,17 +38273,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12408012821940385557" + "version": "0.20.4.51522", + "templateHash": "3413157219428562304" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -37620,8 +38295,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -37799,17 +38474,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7151911553853543662" + "version": "0.20.4.51522", + "templateHash": "9552083555094216543" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -37896,8 +38571,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "332423713047288228" + "version": "0.20.4.51522", + "templateHash": "16848435230262465953" } }, "parameters": { @@ -38132,17 +38807,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "8238369083748877529" + "version": "0.20.4.51522", + "templateHash": "1170033636184107564" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -38154,8 +38829,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -38331,17 +39006,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "10978796725407723500" + "version": "0.20.4.51522", + "templateHash": "7313526175877847342" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -38483,39 +39158,35 @@ } }, { + "condition": "[contains(parameters('identityServiceProvider'), 'ADDS')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Add-{0}-Storage-Setup-{1}', parameters('storagePurpose'), parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", + "name": "[format('FslogixNtfsPermissions_{0}', parameters('time'))]", + "subscriptionId": "[parameters('workloadSubsId')]", + "resourceGroup": "[parameters('serviceObjectsRgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "location": { - "value": "[parameters('sessionHostLocation')]" + "_artifactsLocation": { + "value": "[parameters('_artifactsLocation')]" }, - "name": { - "value": "[parameters('managementVmName')]" + "_artifactsLocationSasToken": { + "value": "[parameters('_artifactsLocationSasToken')]" }, - "file": { - "value": "[parameters('storageToDomainScript')]" + "CommandToExecute": { + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution \"{3}\" -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName \"{7}\" -Netbios {8} -OuPath \"{9}\" -securityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('storageCustomOuPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, - "scriptArguments": { - "value": "[variables('varStorageToDomainScriptArgs')]" + "Location": { + "value": "[parameters('sessionHostLocation')]" }, - "domainJoinUserPassword": { - "reference": { - "keyVault": { - "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))]" - }, - "secretName": "domainJoinUserPassword" - } + "ManagementVmName": { + "value": "[parameters('managementVmName')]" }, - "baseScriptUri": { - "value": "[parameters('storageToDomainScriptUri')]" + "Timestamp": { + "value": "[parameters('time')]" } }, "template": { @@ -38524,72 +39195,55 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14238973789074081917" + "version": "0.20.4.51522", + "templateHash": "13139569657588595151" } }, "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Extension deployment name." - } + "_artifactsLocation": { + "type": "string" }, - "location": { - "type": "string", - "metadata": { - "description": "Location where to deploy compute services." - } + "_artifactsLocationSasToken": { + "type": "securestring" }, - "baseScriptUri": { - "type": "string", - "metadata": { - "description": "Location for the AVD agent installation package." - } + "CommandToExecute": { + "type": "securestring" }, - "file": { + "Location": { "type": "string" }, - "scriptArguments": { - "type": "string", - "metadata": { - "description": "Arguments for domain join script." - } + "ManagementVmName": { + "type": "string" }, - "domainJoinUserPassword": { - "type": "securestring", - "metadata": { - "description": "Domain join user password." - } + "Timestamp": { + "type": "string" } }, - "variables": { - "varscriptArgumentsWithPassword": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('domainJoinUserPassword'))]" - }, "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[format('{0}/AzureFilesDomainJoin', parameters('name'))]", - "location": "[parameters('location')]", + "apiVersion": "2020-12-01", + "name": "[format('{0}/CustomScriptExtension', parameters('ManagementVmName'))]", + "location": "[parameters('Location')]", "properties": { "publisher": "Microsoft.Compute", "type": "CustomScriptExtension", "typeHandlerVersion": "1.10", "autoUpgradeMinorVersion": true, - "settings": {}, + "settings": { + "fileUris": [ + "[format('{0}Set-NtfsPermissions.ps1{1}', parameters('_artifactsLocation'), parameters('_artifactsLocationSasToken'))]" + ], + "timestamp": "[parameters('Timestamp')]" + }, "protectedSettings": { - "fileUris": "[array(parameters('baseScriptUri'))]", - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('file'), variables('varscriptArgumentsWithPassword'))]" + "commandToExecute": "[parameters('CommandToExecute')]" } } } ] } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('storageObjectsRgName'))), 'Microsoft.Resources/deployments', format('Storage-{0}-{1}', parameters('storagePurpose'), parameters('time')))]" - ] + } } ] } @@ -38618,6 +39272,9 @@ "storagePurpose": { "value": "msix" }, + "storageSolution": { + "value": "[parameters('appAttachStorageSolution')]" + }, "fileShareName": { "value": "[variables('varMsixFileShareName')]" }, @@ -38631,11 +39288,14 @@ "storageAccountName": { "value": "[variables('varMsixStorageName')]" }, - "storageToDomainScript": { - "value": "[variables('varStorageToDomainScript')]" + "securityPrincipalNames": { + "value": "[parameters('securityPrincipalNames')]" }, - "storageToDomainScriptUri": { - "value": "[variables('varStorageToDomainScriptUri')]" + "netBios": { + "value": "[parameters('netBios')]" + }, + "KerberosEncryption": { + "value": "[parameters('kerberosEncryption')]" }, "identityServiceProvider": { "value": "[parameters('avdIdentityServiceProvider')]" @@ -38662,6 +39322,9 @@ "domainJoinUserName": { "value": "[parameters('avdDomainJoinUserName')]" }, + "domainJoinUserPassword": { + "value": "[parameters('avdDomainJoinUserPassword')]" + }, "wrklKvName": { "value": "[variables('varWrklKvName')]" }, @@ -38697,8 +39360,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "2169659678978584201" + "version": "0.20.4.51522", + "templateHash": "8421855814376641161" } }, "parameters": { @@ -38780,6 +39443,12 @@ "description": "AVD session host domain join credentials." } }, + "domainJoinUserPassword": { + "type": "securestring", + "metadata": { + "description": "AVD session host domain join credentials." + } + }, "storageSku": { "type": "string", "metadata": { @@ -38798,18 +39467,6 @@ "description": "Use Azure private DNS zones for private endpoints." } }, - "storageToDomainScript": { - "type": "string", - "metadata": { - "description": "Script name for adding storage account to Active Directory." - } - }, - "storageToDomainScriptUri": { - "type": "string", - "metadata": { - "description": "URI for the script for adding the storage account to Active Directory." - } - }, "tags": { "type": "object", "metadata": { @@ -38853,6 +39510,13 @@ "description": "Sets purpose of the storage account." } }, + "ActiveDirectorySolution": { + "type": "string", + "defaultValue": "ActiveDirectoryDomainServices", + "metadata": { + "description": "ActiveDirectorySolution. " + } + }, "dscAgentPackageLocation": { "type": "string", "metadata": { @@ -38882,6 +39546,46 @@ "metadata": { "description": "Managed Identity Client ID" } + }, + "KerberosEncryption": { + "type": "string", + "metadata": { + "description": "Kerberos Encryption. Default is AES256." + } + }, + "_artifactsLocation": { + "type": "string", + "defaultValue": "https://github.com/moisesjgomez/avdaccelerator/tree/ntfs-permissions/workload/scripts/", + "metadata": { + "description": "Location of script. Default is located in workload/scripts" + } + }, + "_artifactsLocationSasToken": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "SAS Token to access script." + } + }, + "securityPrincipalNames": { + "type": "string", + "defaultValue": "" + }, + "storageSolution": { + "type": "string", + "defaultValue": "AzureStorageAccount" + }, + "storageCount": { + "type": "int", + "defaultValue": 1 + }, + "storageIndex": { + "type": "int", + "defaultValue": 0 + }, + "netBios": { + "type": "string", + "defaultValue": "" } }, "variables": { @@ -38894,8 +39598,7 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", - "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -CreateNewOU {11} -ShareName {12} -ClientId {13}', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('createOuForStorageString'), parameters('fileShareName'), parameters('managedIdentityClientId'))]" + "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]" }, "resources": [ { @@ -38965,17 +39668,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "345355747748121291" + "version": "0.20.4.51522", + "templateHash": "13495975469470590842" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -39008,23 +39711,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -39034,30 +39734,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -39179,14 +39882,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -39226,8 +39929,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39263,14 +39966,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -39526,8 +40229,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "17697200063463062331" + "version": "0.20.4.51522", + "templateHash": "12642833522973709137" } }, "parameters": { @@ -39721,8 +40424,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11825715538543749879" + "version": "0.20.4.51522", + "templateHash": "14223673717204993341" } }, "parameters": { @@ -39788,14 +40491,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -39918,8 +40621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12684511314187066258" + "version": "0.20.4.51522", + "templateHash": "15469970921150490766" } }, "parameters": { @@ -39931,8 +40634,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -40053,8 +40756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "18055161250379920591" + "version": "0.20.4.51522", + "templateHash": "11548486149222715894" } }, "parameters": { @@ -40260,17 +40963,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7454408641260922049" + "version": "0.20.4.51522", + "templateHash": "8978422488445485344" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -40384,17 +41087,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12172582011221745114" + "version": "0.20.4.51522", + "templateHash": "2330136999068913944" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -40542,17 +41245,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12138021326707972445" + "version": "0.20.4.51522", + "templateHash": "7449133026505545668" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -40585,8 +41288,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -40771,17 +41474,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "15241099227381470891" + "version": "0.20.4.51522", + "templateHash": "4064255398341808902" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -40799,14 +41502,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -40885,17 +41588,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "1035017070839188570" + "version": "0.20.4.51522", + "templateHash": "15443293367642845531" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -41013,8 +41716,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3590948593540174307" + "version": "0.20.4.51522", + "templateHash": "8600687658951622621" } }, "parameters": { @@ -41251,17 +41954,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14356202051768725778" + "version": "0.20.4.51522", + "templateHash": "6459501732950302720" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -41290,8 +41993,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -41483,17 +42186,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "1554379355329393561" + "version": "0.20.4.51522", + "templateHash": "5400935325886589806" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -41518,25 +42221,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -41612,8 +42315,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "2300763779336807238" + "version": "0.20.4.51522", + "templateHash": "17068545632348399169" } }, "parameters": { @@ -41851,17 +42554,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "12408012821940385557" + "version": "0.20.4.51522", + "templateHash": "3413157219428562304" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -41873,8 +42576,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -42052,17 +42755,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7151911553853543662" + "version": "0.20.4.51522", + "templateHash": "9552083555094216543" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -42149,8 +42852,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "332423713047288228" + "version": "0.20.4.51522", + "templateHash": "16848435230262465953" } }, "parameters": { @@ -42385,17 +43088,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "8238369083748877529" + "version": "0.20.4.51522", + "templateHash": "1170033636184107564" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -42407,8 +43110,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -42584,17 +43287,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "10978796725407723500" + "version": "0.20.4.51522", + "templateHash": "7313526175877847342" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -42736,39 +43439,35 @@ } }, { + "condition": "[contains(parameters('identityServiceProvider'), 'ADDS')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Add-{0}-Storage-Setup-{1}', parameters('storagePurpose'), parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", + "name": "[format('FslogixNtfsPermissions_{0}', parameters('time'))]", + "subscriptionId": "[parameters('workloadSubsId')]", + "resourceGroup": "[parameters('serviceObjectsRgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "location": { - "value": "[parameters('sessionHostLocation')]" + "_artifactsLocation": { + "value": "[parameters('_artifactsLocation')]" }, - "name": { - "value": "[parameters('managementVmName')]" + "_artifactsLocationSasToken": { + "value": "[parameters('_artifactsLocationSasToken')]" }, - "file": { - "value": "[parameters('storageToDomainScript')]" + "CommandToExecute": { + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution \"{3}\" -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName \"{7}\" -Netbios {8} -OuPath \"{9}\" -securityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('storageCustomOuPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, - "scriptArguments": { - "value": "[variables('varStorageToDomainScriptArgs')]" + "Location": { + "value": "[parameters('sessionHostLocation')]" }, - "domainJoinUserPassword": { - "reference": { - "keyVault": { - "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))]" - }, - "secretName": "domainJoinUserPassword" - } + "ManagementVmName": { + "value": "[parameters('managementVmName')]" }, - "baseScriptUri": { - "value": "[parameters('storageToDomainScriptUri')]" + "Timestamp": { + "value": "[parameters('time')]" } }, "template": { @@ -42777,72 +43476,55 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14238973789074081917" + "version": "0.20.4.51522", + "templateHash": "13139569657588595151" } }, "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Extension deployment name." - } + "_artifactsLocation": { + "type": "string" }, - "location": { - "type": "string", - "metadata": { - "description": "Location where to deploy compute services." - } + "_artifactsLocationSasToken": { + "type": "securestring" }, - "baseScriptUri": { - "type": "string", - "metadata": { - "description": "Location for the AVD agent installation package." - } + "CommandToExecute": { + "type": "securestring" }, - "file": { + "Location": { "type": "string" }, - "scriptArguments": { - "type": "string", - "metadata": { - "description": "Arguments for domain join script." - } + "ManagementVmName": { + "type": "string" }, - "domainJoinUserPassword": { - "type": "securestring", - "metadata": { - "description": "Domain join user password." - } + "Timestamp": { + "type": "string" } }, - "variables": { - "varscriptArgumentsWithPassword": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('domainJoinUserPassword'))]" - }, "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[format('{0}/AzureFilesDomainJoin', parameters('name'))]", - "location": "[parameters('location')]", + "apiVersion": "2020-12-01", + "name": "[format('{0}/CustomScriptExtension', parameters('ManagementVmName'))]", + "location": "[parameters('Location')]", "properties": { "publisher": "Microsoft.Compute", "type": "CustomScriptExtension", "typeHandlerVersion": "1.10", "autoUpgradeMinorVersion": true, - "settings": {}, + "settings": { + "fileUris": [ + "[format('{0}Set-NtfsPermissions.ps1{1}', parameters('_artifactsLocation'), parameters('_artifactsLocationSasToken'))]" + ], + "timestamp": "[parameters('Timestamp')]" + }, "protectedSettings": { - "fileUris": "[array(parameters('baseScriptUri'))]", - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('file'), variables('varscriptArgumentsWithPassword'))]" + "commandToExecute": "[parameters('CommandToExecute')]" } } } ] } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('storageObjectsRgName'))), 'Microsoft.Resources/deployments', format('Storage-{0}-{1}', parameters('storagePurpose'), parameters('time')))]" - ] + } } ] } @@ -42893,8 +43575,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4003619345462590608" + "version": "0.20.4.51522", + "templateHash": "5831184865109646282" } }, "parameters": { @@ -42972,8 +43654,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6589456204328331770" + "version": "0.20.4.51522", + "templateHash": "13801170412739028614" } }, "parameters": { @@ -43021,14 +43703,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -43130,8 +43812,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "13414727736673410356" + "version": "0.20.4.51522", + "templateHash": "2845847199363525157" } }, "parameters": { @@ -43447,8 +44129,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6504313185566318500" + "version": "0.20.4.51522", + "templateHash": "15175254568957323524" } }, "parameters": { @@ -43853,8 +44535,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4246964059709335904" + "version": "0.20.4.51522", + "templateHash": "1253319411655473766" } }, "parameters": { @@ -44279,8 +44961,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -44316,14 +44998,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -44701,8 +45383,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14151158611245790705" + "version": "0.20.4.51522", + "templateHash": "14647474702270197476" } }, "parameters": { @@ -44862,8 +45544,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "6334341016892720558" + "version": "0.20.4.51522", + "templateHash": "18395782528227461356" } }, "parameters": { @@ -44934,8 +45616,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -44992,14 +45674,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -45195,8 +45877,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "7927074872480917952" + "version": "0.20.4.51522", + "templateHash": "11249227806125160411" } }, "parameters": { @@ -45450,8 +46132,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4998852968640897249" + "version": "0.20.4.51522", + "templateHash": "17418930732786956710" } }, "parameters": { @@ -45513,14 +46195,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -45538,14 +46220,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -45557,8 +46239,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -45748,8 +46430,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "11217191875210502826" + "version": "0.20.4.51522", + "templateHash": "12768288729117926344" } }, "parameters": { @@ -45964,8 +46646,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -46167,8 +46849,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -46365,8 +47047,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -46568,8 +47250,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -46761,8 +47443,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -46954,8 +47636,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -47151,8 +47833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -47356,8 +48038,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -47554,8 +48236,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -47755,8 +48437,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "9148923827539718769" + "version": "0.20.4.51522", + "templateHash": "10936395871082409190" } }, "parameters": { @@ -47787,9 +48469,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -47801,7 +48480,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -47921,8 +48603,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "8683447033120970865" + "version": "0.20.4.51522", + "templateHash": "5187922792757343332" } }, "parameters": { @@ -48138,8 +48820,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5116894317712992016" + "version": "0.20.4.51522", + "templateHash": "13855427510225605048" } }, "parameters": { @@ -48280,14 +48962,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -48471,8 +49153,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -48670,8 +49352,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5116894317712992016" + "version": "0.20.4.51522", + "templateHash": "13855427510225605048" } }, "parameters": { @@ -48812,14 +49494,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -49001,8 +49683,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "3018691389759549519" + "version": "0.20.4.51522", + "templateHash": "13430172728355935351" } }, "parameters": { @@ -49201,8 +49883,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5116894317712992016" + "version": "0.20.4.51522", + "templateHash": "13855427510225605048" } }, "parameters": { @@ -49343,14 +50025,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -49510,8 +50192,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "14552250596555087478" + "version": "0.20.4.51522", + "templateHash": "15404259888082344964" } }, "parameters": { @@ -49610,8 +50292,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "16200578597975877387" + "version": "0.20.4.51522", + "templateHash": "7632917119886354766" } }, "parameters": { @@ -49726,8 +50408,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "5371222129609827663" + "version": "0.20.4.51522", + "templateHash": "489773717856929481" } }, "parameters": { @@ -49819,8 +50501,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "4872290154327272363" + "version": "0.20.4.51522", + "templateHash": "4452963820746554211" } }, "parameters": { @@ -49994,8 +50676,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "10829143557172841315" + "version": "0.20.4.51522", + "templateHash": "14734864167323382820" } }, "parameters": { @@ -50263,8 +50945,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.19.5.34762", - "templateHash": "16168950192958274411" + "version": "0.20.4.51522", + "templateHash": "6388442941679862584" } }, "parameters": { diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 4fb5623cb..c3fb65f99 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -66,12 +66,12 @@ param avdApplicationGroupIdentitiesIds array = [] @sys.description('Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)') param avdApplicationGroupIdentityType string = 'Group' -param securityPrincipalNames string = '' +param securityPrincipalNames string = 'myavdusers' //testing @sys.description('AD domain name.') param avdIdentityDomainName string -param netBios string = '' +param netBios string = 'mngenvmcap88523' //testing @sys.description('AD domain GUID. (Default: "")') param identityDomainGuid string = '' From 2d06feeca8818751baf2602f44966758cb7633e7 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Fri, 18 Aug 2023 11:56:38 -0500 Subject: [PATCH 10/42] Update deploy.bicep --- workload/bicep/modules/storageAzureFiles/deploy.bicep | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index a23fe700b..3e946cb85 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -110,9 +110,9 @@ param _artifactsLocation string = 'https://github.com/moisesjgomez/avdaccelerato @description('SAS Token to access script.') param _artifactsLocationSasToken string = '' -param securityPrincipalNames string = '' +param securityPrincipalNames string -param storageSolution string = 'AzureStorageAccount' +param storageSolution string param storageCount int = 1 @@ -239,7 +239,7 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro params: { _artifactsLocation: _artifactsLocation _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -FileShareName "${fileShareName}" -Netbios ${netBios} -OuPath "${storageCustomOuPath}" -securityPrincipalNames "${securityPrincipalNames}" -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -FileShareName "${fileShareName}" -Netbios ${netBios} -OuPath "${ouStgPath}" -SecurityPrincipalNames "${securityPrincipalNames}" -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' Location: sessionHostLocation ManagementVmName: managementVmName Timestamp: time From 1917e34d883c0ea21b984a58d6db2d2ac60b4511 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Fri, 18 Aug 2023 11:57:10 -0500 Subject: [PATCH 11/42] Update deploy-baseline.json --- workload/arm/deploy-baseline.json | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index f6aa54392..b6b479ed6 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.20.4.51522", - "templateHash": "844608885345243805" + "templateHash": "14133596970882382271" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -35080,7 +35080,7 @@ "_generator": { "name": "bicep", "version": "0.20.4.51522", - "templateHash": "8421855814376641161" + "templateHash": "16414992328187639528" } }, "parameters": { @@ -35287,12 +35287,10 @@ } }, "securityPrincipalNames": { - "type": "string", - "defaultValue": "" + "type": "string" }, "storageSolution": { - "type": "string", - "defaultValue": "AzureStorageAccount" + "type": "string" }, "storageCount": { "type": "int", @@ -39177,7 +39175,7 @@ "value": "[parameters('_artifactsLocationSasToken')]" }, "CommandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution \"{3}\" -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName \"{7}\" -Netbios {8} -OuPath \"{9}\" -securityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('storageCustomOuPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution \"{3}\" -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName \"{7}\" -Netbios {8} -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, "Location": { "value": "[parameters('sessionHostLocation')]" @@ -39361,7 +39359,7 @@ "_generator": { "name": "bicep", "version": "0.20.4.51522", - "templateHash": "8421855814376641161" + "templateHash": "16414992328187639528" } }, "parameters": { @@ -39568,12 +39566,10 @@ } }, "securityPrincipalNames": { - "type": "string", - "defaultValue": "" + "type": "string" }, "storageSolution": { - "type": "string", - "defaultValue": "AzureStorageAccount" + "type": "string" }, "storageCount": { "type": "int", @@ -43458,7 +43454,7 @@ "value": "[parameters('_artifactsLocationSasToken')]" }, "CommandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution \"{3}\" -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName \"{7}\" -Netbios {8} -OuPath \"{9}\" -securityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('storageCustomOuPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution \"{3}\" -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName \"{7}\" -Netbios {8} -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, "Location": { "value": "[parameters('sessionHostLocation')]" From dfa5521249c889afe34690c7b59d9a45c7ec350e Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Thu, 24 Aug 2023 00:43:38 -0500 Subject: [PATCH 12/42] Update deploy.bicep --- .../modules/storageAzureFiles/deploy.bicep | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 3e946cb85..71a0dfe0a 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -232,7 +232,7 @@ module addShareToDomainScript './.bicep/azureFilesDomainJoin.bicep' = { ] } */ - +/* module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { name: 'FslogixNtfsPermissions_${time}' scope: resourceGroup(workloadSubsId, serviceObjectsRgName) @@ -246,6 +246,21 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro } //... } +*/ + +module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { + name: 'FslogixNtfsPermissions_${time}' + scope: resourceGroup(workloadSubsId, serviceObjectsRgName) + params: { + _artifactsLocation: _artifactsLocation + _artifactsLocationSasToken: _artifactsLocationSasToken + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "2e21756f-35e3-42f5-b7a5-60154837dc03" -DomainJoinPassword "Admin1234567890!" -DomainJoinUserPrincipalName "admin01@mngenvmcap885230.onmicrosoft.com" -ActiveDirectorySolution "ActiveDirectoryDomainServices" -Environment "AzureCloud" -FslogixSolution "ProfileContainer" -KerberosEncryptionType "AES256" -StorageAccountFullName "stfslnf59d7br" -Netbios "mngenvmcap88523" -OuPath "OU=AVD,OU=Azure,DC=mngenvmcap885230,DC=onmicrosoft,DC=com" -SecurityPrincipalNames "AVD Users" -StorageAccountPrefix "stfslnf59d7br" -StorageAccountResourceGroupName "rg-avd-nf59-dev-use-storage" -StorageCount 1 -StorageIndex 1 -StorageSolution "AzureStorageAccount" -StorageSuffix "core.windows.net" -SubscriptionId "f6d0875c-f868-4019-94d2-bd7c10b761c8" -TenantId "2a3287e8-8fd5-4965-8a7d-2efacfbde54e"' + Location: sessionHostLocation + ManagementVmName: managementVmName + Timestamp: time + } + //... + } /* module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { From 1b1dce08cbdab88d6c6f19720dc23ac74d5361de Mon Sep 17 00:00:00 2001 From: danycontre Date: Mon, 28 Aug 2023 14:43:33 -0500 Subject: [PATCH 13/42] updates --- workload/bicep/deploy-baseline.bicep | 11 +++- .../modules/storageAzureFiles/deploy.bicep | 5 +- workload/scripts/DSCStorageScripts.zip | Bin 77892 -> 78493 bytes .../DSCStorageScripts/Configuration.ps1 | 10 ++- .../script-domainjoinstorage.ps1 | 59 ++++++++++++++++-- .../scripts/Manual-DSC-Storage-Scripts.ps1 | 6 +- 6 files changed, 80 insertions(+), 11 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index b7642b1d7..5e4402d55 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -55,9 +55,12 @@ param avdIdentityServiceProvider string = 'ADDS' @sys.description('Required, Eronll session hosts on Intune. (Default: false)') param createIntuneEnrollment bool = false -@sys.description('Optional, Identity ID array to grant RBAC role to access AVD application group. (Default: "")') +@sys.description('Optional, Identity ID array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') param avdApplicationGroupIdentitiesIds array = [] +@sys.description('Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') +param avdApplicationGroupIdentitiesNames array = [] + @allowed([ 'Group' 'ServicePrincipal' @@ -545,7 +548,7 @@ var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFsLogixScriptArguments = (avdIdentityServiceProvider == 'AAD') ? '-volumeshare ${varFslogixSharePath} -storageAccountName ${varFslogixStorageName} -identityDomainName ${avdIdentityDomainName}' : '-volumeshare ${varFslogixSharePath}' var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/ntfs-update/workload/' var varFslogixScriptUri = (avdIdentityServiceProvider == 'AAD') ? '${varBaseScriptUri}scripts/Set-FSLogixRegKeysAAD.ps1' : '${varBaseScriptUri}scripts/Set-FSLogixRegKeys.ps1' var varFsLogixScript = (avdIdentityServiceProvider == 'AAD') ? './Set-FSLogixRegKeysAad.ps1' : './Set-FSLogixRegKeys.ps1' //var varCompRgDeploCleanScript = './cleanUpRgDeployments.ps1' @@ -763,7 +766,7 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip' +var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/ntfs-update/workload/scripts/DSCStorageScripts.zip' //var varTempResourcesCleanUpDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/postDeploymentTempResourcesCleanUp.zip' var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' //var varPostDeploymentTempResuorcesCleanUpScriptUri = '${varBaseScriptUri}scripts/postDeploymentTempResuorcesCleanUp.ps1' @@ -1183,6 +1186,7 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if fileShareName: varFslogixFileShareName fileShareMultichannel: (fslogixStoragePerformance == 'Premium') ? true : false storageSku: varFslogixStorageSku + SecurityPrincipalNames: avdApplicationGroupIdentitiesNames fileShareQuotaSize: fslogixFileShareQuotaSize storageAccountName: varFslogixStorageName storageToDomainScript: varStorageToDomainScript @@ -1226,6 +1230,7 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr fileShareName: varMsixFileShareName fileShareMultichannel: (msixStoragePerformance == 'Premium') ? true : false storageSku: varMsixStorageSku + SecurityPrincipalNames: avdApplicationGroupIdentitiesNames fileShareQuotaSize: msixFileShareQuotaSize storageAccountName: varMsixStorageName storageToDomainScript: varStorageToDomainScript diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 9974bc884..78bcf4827 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -16,6 +16,9 @@ param identityServiceProvider string @sys.description('Resource Group Name for management VM.') param serviceObjectsRgName string +@sys.description('Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') +param SecurityPrincipalNames array = [] + @sys.description('Storage account name.') param storageAccountName string @@ -108,7 +111,7 @@ var varAvdFileShareMetricsDiagnostic = [ ] var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' var vardirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' -var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId}' +var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalNames ${SecurityPrincipalNames}' // =========== // // Deployments // // =========== // diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index ee50a90673322c3e898d0291cc4a14c98002f891..060f38b2f1d5ae7f1e941f25ddc08e5e8ca58304 100644 GIT binary patch delta 4689 zcmZvgWl$6h*M?as=}zfRDMgS@Dd}Fid+8LGkPcnCQ<_~?QVGeWVHZhhq+uzg1cCQ? zzL{^{`DVWJo_qU=?3j6imc>aQ7%(45aEEglOMjsn4@76- z8NEvG&mc2)`_T#z7hsVnADYEWyWE4sVz|_P@x-`8Y99jr!o=knR3)BY(@-+AuoEqwU=KIWPFkQk?2< z-*7|YsQF`~8XT<9%YG{Q?hKp6#HE`H80g=KlrG+bm}Ec{HtexlYfDz<^DLtwv|)uS z^A4=MJTqzyUmN%d!}0G7i$RX2U8T650cxJ`#*t=QI=bbK*Qw+%+U=HWQkiYxVblbdOSQx`(_zbRGgU((>u zruQXar*gVF(T*&%!$jodNT3|XrVk60_3 zGb1EO6TEwvRM-*kQ?Y_c;Wh;Qq9!J&OGj!NE=lC=F!YTV4wDFlxV&<*NrQN4iMsnf zW_`s+ry6?94Nwhxl=@B|y)hNAKMgeq`?yL~2JDFCoGPgto&81`o%~I+qbhnb&xRE? ziR~|ZH_zyIz8q*FSEIOfLsQ%RD+H7(6STLt0M;V%!L!uBZ(8=O0KIGNS1ywrRlO?J zG(;rLh-W&s}n=2B6As~%edR}$DU-AzKktv@^u3XXiu(Cta4C8JbfP|DJobM*4qqNn)F zBe<_|E-}4~F?OSdN_`wu-#BxMkGVx_EEi#OWtLC#$$m7)F)~ z+e4iF5j_%+m+AMuXLA0Cxp;&5Yveh4Ebb)*zqK5WM%6x4`0X4Ah32p0JFgt@5l@g= z0AI}rIFo=c$RO;!(X$5}WoBj4qZlCrp8hHIPXa`g$XMsHF+skN4dV+oAsF}T4 z+39e?YzT!vFk8TTa}a-zj56WiKyVE&84RGP(*L11DT`Dk*oLk*$6da?!+699cG$q@ z;f6QX()hGz456W4L_dIc_k!DBD6uy&{QBxn8!D5IxEv2+cOq!vySG&w7ue1ld0$r1 zgA4HGhcA|(6z7}MyldwA#4bY;3;8O2bx;r8)#If2#vn75#aWls>s#>GpwZeqmBU;P z-zNeYYrAj<4PeJ`Gh?x1o6Nav``m0=YC?J0i+d9YdeqpBsw~t0@pLTMYV;wDQBIOK zaFdAmG*E9bXDEE%ZqF%8N5k-EV{TFVr5u*e*qy^4$iR%Fg1*VClIsZfAT=&oR!$;y zzd)aZu4Ugv)%a-~@C5ke{m@*~wiWpsS{;%Fu4R2YdbzXXg+x=vE48A7$UjjY-9|8>l3JxFJaX0`>Pbfsa8B7ieg+y=&FfiV6 zVqh>}VC0Yq0~o<`|B^?7`~i*ehXfNLA+?~kOf3i>u_QiQQb%?ViVIY)c31JxCI)`V zQi1Xy0+#+>7qIdI+jfQ~cOyF^TpS>UbW`I4&NV&E=+imr$9605Mo{=WSip8>BJG;S zUnJ6DjElisf#tWvfNlP&@SZ|(l80<>NtBwYa+t18X=O`%AV+Xvz(94@;obtDno2qzo!nRSvuxjIliZZc zQzG`&_wRa}3RXFeOl2s?WB+<3L=4&7N_SHMm_Pk8elNZHb`Dk`jQD#obzm*qJrOwO zN?dX&)M|4K;|}-=MJg0?>C1e+gmy~r9INeaf?eP7>(l8-0(Mz>YfGwXwSWM}N0uG? z;$IRQH3)@d^7yJ?6vtoy?=ni)lK=LHWKIU2PPcNmcMJSF0b>QxzEL>(LjG7--LY7n zjh$?QRcFLBR-ZdDB(7vg0@5fLfmBva_G##K6;$xX&U^2!e8{07{Iu*3c@^7~-ae}a z_);v}3C8SG9GRTJv8CIWoP$*Vn-r~AJoHIEZTQS;u&j`mHaQb%N*N-b9=v-M9O$%e zi=Cn}*eA%O^^2*GrAM{%48-T?>STS{R^PwGD1#cF1u>2WqA{y0@wqcby(4@Km!-Qh*r0d z*vC`*HR+e}ix#zM?XpXrxi-|yE?L_cj6JN~lf2o$z#-#~rW#LS#_SsrJhhp|qOVU^ ziC&V3)E%iVmxKek*yjE>$)B5-sncD(jI)2LHSeqHaVG7i! zVmvOz#P+XFRNgS>|Jbyv;x-Fpl$zW=Im|b5lqf1cu=BS0JcR`l-v)!Xb5p$5y&3A3bfdiOtDf;&4MP8p8Hmz0vY=MR3y?$m^Bc_0*cdR=pouxl-XM#iUg@i zVaeS)38NB2?`9L&$Y|`fvPj<}cG!}It#DEJ=Qm%QLzD>}`p(;Q<-7?b@4}3A%;W(N z8%rju-ao>i;JifctWo~&n02!nkRR^dS-VD%X=5e@Seqy)e3gV*lM_>F{56}@g4F#O zUrJdiSN1nAf89Y==6Mjqvrv2W`KHCc9@;s}upFusi?HqCW3zlvLInD zc?_+Rq|O_r3@#KCwsK3ksmpum2oeVM%g1ErNA5zpUn1ib4c`l>{fUW7Ykt}V_RrMn z&Z_YA;sxAAz=Pl3+v*H4=;+kvjA+C=PLx<3X_5?5VT~LyylK~=|EV|JBNjpLb6D4( zE{xmq6}+qAHDJ-PUtqt@`UTSOPdPUv=W$8GSJ$hIm3ExWKhf`fOm6gggYT@yszH*q z`IUzKaDMO?+LRwlK+fe??aeJCGx0G_&DfET(K1SEm30)Pn}K|giT3OjtE$D1)lV@q zA4zph9UPW|!^ur&&;f~nwa-c0%I`ie0#9u;r@%-N>RelH)J-Z6Hl!VTRPA>3(>fVZ zDQt~e1*%fa_ z?>Mq2ty*ZlvTZIL7Z1pnsuE;^p+KNki_K!|yhjT}B z;AL7$+&+EknUOb_9~Td9xm*fRbOvx&uGhiuJqJzvrj4oEe?G5HFv)Vi$ccpWg>nQa z=oTpZ;(o(xK5#bH9}!$_iu$0jC6G_Cm>{u-E%s9M!1`X_w$ou!vE`O`czw7d1;*Fl zKffpoeI6Ll#Wulv0B?Li9BAu-Y#7B{!29YpTizAp{agf<&(zA|&|)P$-Y4xXS`xt) zZ9(BZhDxQ)%xpjv32;Tzh3JHvJV^20omckSXvU;MSO2uzUJoYq9<%&@o#3w5+Iu$6 zSlEQFgv}BaBu4dm6|lNyE6MO>vDvj{kO}(jojC3*Z1{$viv0MeAa+}t@SRLMu-$77 za|bo~0>?!~&rEzrL5bG^2lUuQ(t>W>X7!8>8Bn7pE>b1%E$2r5a#;3BZem4&;gt6Z zdB#L0Nb)-fJza-h;A$C&@G95bSpwL+Wt|=?y;~jF!fp0jCUHnc1-$uen8yVYI_p#u-jBS;?N$~LP@%_ zyIHnK1$TMkwrW`+np!*lo0lg2@m9UOkIR)Eh!(#aueIF>hj$HI-H#xeN44%#`| zv!g9+L&@^p?9mG+l(aNIEY{HfyT!rtPG44Nt#2}!QsAYkv#fw*Tv{{}*fNNeOBc>r zOYr$p2a!Ls377L&YydJm+vzgU)OfWiqQfifFqS@ZAjJ9dleGVcHmTOZXv^Ic{rvv; zex#QJ$8J~yoob3a8<99)Dw!4J=NcQLTY{fQW#;pd0s$(h%*~rA!#F$XVO;aLRJJ#M=U=FPK=kaun^~P z>T-$#vjJ7;VH)dQ^EgrMHm1KmVZ(q PheQ}4gcBtK_-FYK>ip|N delta 4092 zcmVOrEQJJLY}_D%-$f7w(F&9n(p_tnoQAmOvj5hNd>4&>-N7YvwT$`s$CT%t8wNPVr$SHT zFr3M&%~tRF`MlB+J^ct>$M`xlu1-<#%go;<72V!6rDp9)-k=-fUBdZCP|d(ox|lr;PJT>4*>>aL)wOa#gdOg5&KusLm)-8LG2Cca^ib)74e!){Dzc_ z!T>#gXiWUrU z$+dQCR4OTk`)ADe*H~PVWYlgw8JTG+r=M0jKh@$>tS(!AB(;AlrB<46P~}0&Z%$W5 z`fpBIWhrP*-E(E3InBpQM00v;%0+Vu4@yUWbE@{rNOOv+N=kFuYRXG<3XhhWZ>F{= zJH&QwzRc$tOg38~HRv^mjqqb^YV_LG)a+=Kp^^zIM z0P+&%YRpxDJ&B{y>QbFE>${43PGWFo9{P=Z4_xYnU=H{2S{sI1hky;$Jj9s=|D=I` zT?@1#m2R!T7$eyjWNdc-JNGm=JEi$%fIE)SKn|{Gxk)((Hoj6 zotW7uX)_Vs@_T{dh|(s@DaSqYv(PQ`m1U7~|uBeS6Pf!Ie(AvCUT4#7pd^aX%qgLV$x@$CAdei^gNd*pI+};r5cU z#G8E1qRV}~L`E{ae(K?Mi9_9^i0F|YHrL*xbF%ny5X1^2^Wu0Y*rYM(R0t({F9XdP zE{6`i13BE|!p8B@7a`ESGgch{%TBfC@1S$w$gk!nJ1`^h4A`OYdbRu9w>QMa*ySX#LtPOtyRv)Y&>`kDuQiOwlvsg1zD4uhV zp~y^bHLqSv@dzK%;&t`O<4NRUp@{fnzvBoz3r@ucgonkGsvhppGq?64)7g2M`BI3k zNEOEumX%)%`U(l_>!vKrN^i}*KPX#a{y#ZkL7>XgQr-Qn0kBHRNk6)8RfmIxt; z@WAr|Uo8R6>a$4bLezPGo!dldmFZqn{iCv*_?Y-612^zcr-Un8c-FcyWNUY&zoab4N{o^raq=Hx#D-%9A6} zN>t-Y#qj?wjTf2hzvuB6FUmvM!C`L~M?+=xLzf4gRk0`)iC+mi@0$P1aLMa*`w_!a zv!H0GU#xq*cRIwA+>i=F(403ey;pk%J7_TK5RZ9JXtkCVeM#bBvcUL6{avAGZ$awa zdFoxoyIKT7cB3;>cC`!HCR8HR(=h4tXmlTkT4=KdXP$&GzZ6@Zget4?WF?X;VaSR$ zyz=$R0cRcp^)C?$+-@QEJ#-gc6acv6ulskFM0)!RG~I68X8H(uVt4f4QE>ec z;olIwlL(&Xz4&cW!+&C|BPFt2$n?#zr%Z9@=Qo7y6qrl1K`~_c^kv9^f8PQ(-GF30#ge|kTch2DE?J+xwlMJ5^ZVa$-*PFWBRnD+bnbdD= zefzOcypzZx?xy!b$#lkv%8p4%v#XR;?TE5}sQ82{o<dtU)3^91$0Klx=9J zsTK3wxRkfIT=|(kZ5Xi6O61(bx6rtdDnjjWt7MTuCKC}YpvcHrji|SoeTH`v6yzI= zKQocjV*FMzs6h~1LoQ*A9GYcF1~D9+!AztDf*vDkm@}1oVZwO^UdSVv#u`q~z9;xK z1*1Zxq(Dw4@PApPv7Bp|2*u|tNqitAo_l?sU$}Qz0TYpM@X809yeBX$#%LG*uf#oV z$LpqSoSlnUbhF1dWbWlv&j~5sr{ny1sVUMzJY2%tqWgpfK19QGsp=+3pj?5M#ISlDrS*d$} zfNhk6{ijz);1Grhr`9KxIsX7eBlkSOqKOPwWy=J0aR8yQ(@7Skh42X+6a$!B#xsdx6R54Z;gN+VFe;&k>>RvN|kdW07DEK;v4o+~2_V zgMZMw3_^cI0cb22Q^IgnLN>?|UOVs%Q-!o^Dw*2-GJ_v49c6b69@5!Z5|!>f(e`_K zy~ngf{F6-|>ymab82^SS%gSxp-<^bMZBiJEVwT~dp&Bjt7kr-Lq35|ZU!nP{Z;KTL zYdU6la&G;mDbC9khAP>!?EdSZu{v0St$#+ms16Q1_KnvRN2jLF5oEzyUt(*MT7%ZM zawBKRF@S-(WvO^H3N6@i8OslP>udz?ak6M1~xLko|-Z<7QpT2|ENzgfO;e&%Ql7EH| z>lXMLX9m+<9i1K<5e&hOO{Qd2xh*d<3~fEume!*UCO>T4DtB<9Mfq%iOj>yi<8N9X%Qz%;#*S>DewT)E;Rz|Vy5;UhW zZgy=s5?i|<=~Bx_QesqZDMHt58(3$wXE*9zjTRZ!P|0%cWedFR1PugrB)5gYGb!$` z<>~;Ld`_P1K3JiWSl7wLyW(1tPa9zoVK=8I*zRl)m^l?+;(JV*$aoZx(SOQfp)cg| zC*asr|G#+lf5MqDpRgjyYrW}6=kO59DlVlnu4Y2h6rlkHn(qB@`I_d#zDzluo=z_{ zD*?+{I2)Tw59Adj$Z>&RcMDzPQOCdWy_;~Fs^SV*1B|)$vTVy-x`JC^;u^CsTz@Z#Djje&eAF!0oRisGrSZa=c)l2{*~VKH+qbu~vdA}w zgXv~V0{;m za*J_hWhQNX`O^BX*8SM1_;ml^N7(lGbK7(KDbI1i>ar1Gx7X4TN*&B=P;uAI$TkQg z92PKxD3Q;Be$e$u*`&}BUQ*(&)G_*T5KuY1fB(b!Z4AOew8CPB`KTT;CvI+nc7e{B zhHW#^!6O_azS@hnx_`KpcR6Le>Re;)=;ONR5$du*J)$Oe7}_w~d1ftzyvi*bgs3#l zlLe8DNDE$erWTX_nl~E9C1)10)w=?Je=ueArN+v}Mz>F^%Uyj~18Y=txL1GUbf;)G zu*n(p=}lumOni z?LI`@H1NLbX@9KXXsYBKzq{_EzDD)x2Ak$;UiTqW+$!`O{7TQ3x$VxS2DG{HI!C{1 zm;afA{|!(}0Rj{N6aWAK004QHj8;-C#pHV(0RVd)0hgRH0X7bKmyA}8Yh&aT1^@sy z9+%)T0WlzXmyA}%0h{Xo0RRAs0{{RD000000000103ZMW0P`c4F){%dArhC3R;2Y1 u&eRA10Nxw`02}}S000000096X0000QCIOdTCIKCnhcW>W1}HB90002A#qj?C diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index 3b019318e..76bfd176f 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -20,6 +20,10 @@ param [ValidateNotNullOrEmpty()] [string] $ShareName, + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [String]$SecurityPrincipalNames, + [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $DomainName, @@ -82,6 +86,10 @@ Configuration DomainJoinFileShare [ValidateNotNullOrEmpty()] [string] $ShareName, + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [String]$SecurityPrincipalNames, + [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $DomainName, @@ -208,4 +216,4 @@ $config = @{ ) } -DomainJoinFileShare -ConfigurationData $config -StorageAccountName $StorageAccountName -StorageAccountRG $StorageAccountRG -SubscriptionId $SubscriptionId -ShareName $ShareName -DomainName $DomainName -IdentityServiceProvider $IdentityServiceProvider -AzureCloudEnvironment $AzureCloudEnvironment -CustomOuPath $CustomOuPath -OUName $OUName -CreateNewOU $CreateNewOU -DomainAdminUserName $DomainAdminUserName -DomainAdminUserPassword $DomainAdminUserPassword -ClientId $ClientId -StoragePurpose $StoragePurpose -Verbose; \ No newline at end of file +DomainJoinFileShare -ConfigurationData $config -StorageAccountName $StorageAccountName -StorageAccountRG $StorageAccountRG -SubscriptionId $SubscriptionId -ShareName $ShareName -DomainName $DomainName -IdentityServiceProvider $IdentityServiceProvider -AzureCloudEnvironment $AzureCloudEnvironment -CustomOuPath $CustomOuPath -OUName $OUName -CreateNewOU $CreateNewOU -DomainAdminUserName $DomainAdminUserName -DomainAdminUserPassword $DomainAdminUserPassword -ClientId $ClientId -SecurityPrincipalNames $SecurityPrincipalNames -StoragePurpose $StoragePurpose -Verbose; \ No newline at end of file diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index 7a367f682..b6a1ecd16 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -14,6 +14,10 @@ param( [ValidateNotNullOrEmpty()] [string] $StorageAccountRG, + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [String]$SecurityPrincipalNames, + [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $ClientId, @@ -168,7 +172,7 @@ Try { Write-Log "Storage key: $StorageKey" Write-Log "File Share location: $FileShareLocation" net use ${DriveLetter}: $FileShareLocation $UserStorage $StorageKey.Value - #New-PSDrive -Name $DriveLetter -PSProvider FileSystem -Root $FileShareLocation -Persist + #New-PSDrive -Name $DriveLetter -PSProvider 'FileSystem' -Root $FileShareLocation -Persist #-Credential $Credential } else { Write-Log "Drive $DriveLetter already mounted." @@ -180,11 +184,56 @@ Catch { Throw $_ } +try { + Write-Log "Getting security principals" + # Convert Security Principal Names from a JSON array to a PowerShell array + [array]$SecurityPrincipalNames = $SecurityPrincipalNames.Replace("'",'"') | ConvertFrom-Json + Write-Log -Message "Security Principal Names:" -Type 'INFO' + #$SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force + + # Determine Principal for assignment + #$SecurityPrincipalName = $SecurityPrincipalNames[$i] + #$Group = $Netbios + '\' + $SecurityPrincipalName + #Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' +} +catch { + Write-Log -Message $_ -Type 'ERROR' +} + + Try { - Write-Log "setting up NTFS permission for FSLogix" - $Commands = "icacls ${DriveLetter}: /remove ('BUILTIN\Administrators')" - Invoke-Expression -Command $Commands - Write-Log "ACLs set" + Write-Log "setting up general NTFS permission" + + $acl = get-acl -path "${DriveLetter}:" + $creatorowner = new-object system.security.principal.ntaccount ("creator owner") + $acl.purgeaccessrules($creatorowner) + $administrator = new-object system.security.principal.ntaccount ("BUILTIN\Administrators") + $acl.purgeaccessrules($administrator) + $authenticatedusers = new-object system.security.principal.ntaccount ("authenticated users") + $acl.purgeaccessrules($authenticatedusers) + $users = new-object system.security.principal.ntaccount ("users") + $acl.purgeaccessrules($users) + $creatorowner = new-object system.security.accesscontrol.filesystemaccessrule("creator owner","modify","containerinherit,objectinherit","inheritonly","allow") + $acl.addaccessrule($creatorowner) + $acl | set-acl -path "${DriveLetter}:" + + for($i = 0; $i -lt $StorageCount; $i++) { + # Determine Principal for assignment + $SecurityPrincipalName = $SecurityPrincipalNames[$i] + $Group = $Netbios + '\' + $SecurityPrincipalName + Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' + + Write-Log "setting up provided identities NTFS permission" + $aclProvidedGroups = get-acl -path "${DriveLetter}:" + $domainusers = new-object system.security.accesscontrol.filesystemaccessrule("$group","modify","none","none","allow") + $aclProvidedGroups.setaccessrule($domainusers) + $acl | set-acl -path "${DriveLetter}:" + } + + # Unmount file share + Remove-PSDrive -Name $DriveLetter -PSProvider 'FileSystem' -Force + Start-Sleep -Seconds 5 + Write-Log -Message "Unmounting the Azure file share, $FileShareLocation, succeeded" -Type 'INFO' } Catch { Write-Log -Err "Error while setting up NTFS permission for FSLogix" diff --git a/workload/scripts/Manual-DSC-Storage-Scripts.ps1 b/workload/scripts/Manual-DSC-Storage-Scripts.ps1 index cb43c9443..0184169c5 100644 --- a/workload/scripts/Manual-DSC-Storage-Scripts.ps1 +++ b/workload/scripts/Manual-DSC-Storage-Scripts.ps1 @@ -18,6 +18,10 @@ param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $ClientId, + + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [String]$SecurityPrincipalNames, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -81,7 +85,7 @@ Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force Install-Module 'PSDscResources' -Force -$DscCompileCommand="./Configuration.ps1 -StorageAccountName " + $StorageAccountName + " -StorageAccountRG " + $StorageAccountRG+ " -StoragePurpose " + $StoragePurpose +" -ShareName " + $ShareName + " -SubscriptionId " + $SubscriptionId + " -ClientId " + $ClientId +" -DomainName " + $DomainName + " -IdentityServiceProvider " + $IdentityServiceProvider + " -AzureCloudEnvironment " + $AzureCloudEnvironment + " -CustomOuPath " + $CustomOuPath + " -OUName """ + $OUName + """ -CreateNewOU " + $CreateNewOU + " -DomainAdminUserName " + $DomainAdminUserName + " -DomainAdminUserPassword " + $DomainAdminUserPassword + " -Verbose" +$DscCompileCommand="./Configuration.ps1 -StorageAccountName " + $StorageAccountName + " -StorageAccountRG " + $StorageAccountRG+ " -StoragePurpose " + $StoragePurpose +" -ShareName " + $ShareName + " -SubscriptionId " + $SubscriptionId + " -ClientId " + $ClientId + " -SecurityPrincipalNames " + $SecurityPrincipalNames + " -DomainName " + $DomainName + " -IdentityServiceProvider " + $IdentityServiceProvider + " -AzureCloudEnvironment " + $AzureCloudEnvironment + " -CustomOuPath " + $CustomOuPath + " -OUName """ + $OUName + """ -CreateNewOU " + $CreateNewOU + " -DomainAdminUserName " + $DomainAdminUserName + " -DomainAdminUserPassword " + $DomainAdminUserPassword + " -Verbose" Write-Host "Executing the commmand $DscCompileCommand" Invoke-Expression -Command $DscCompileCommand From 894b56a8845253a5395700db4eacca0e78c8f04b Mon Sep 17 00:00:00 2001 From: danycontre Date: Thu, 31 Aug 2023 07:53:25 -0500 Subject: [PATCH 14/42] updates --- .../DSCStorageScripts/Configuration.ps1 | 4 +- .../script-domainjoinstorage.ps1 | 66 ++++++++++--------- 2 files changed, 36 insertions(+), 34 deletions(-) diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index 76bfd176f..2ececc00b 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -22,7 +22,7 @@ param [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [String]$SecurityPrincipalNames, + [String] $SecurityPrincipalNames, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -88,7 +88,7 @@ Configuration DomainJoinFileShare [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [String]$SecurityPrincipalNames, + [String] $SecurityPrincipalNames, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index b6a1ecd16..e2cec6385 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -16,7 +16,7 @@ param( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [String]$SecurityPrincipalNames, + [String] $SecurityPrincipalNames, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -35,8 +35,8 @@ param( [string] $CustomOuPath, [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $IdentityServiceProvider, + [ValidateNotNullOrEmpty()] + [string] $IdentityServiceProvider, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -50,9 +50,9 @@ param( [ValidateNotNullOrEmpty()] [string] $CreateNewOU, - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $StoragePurpose, + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $StoragePurpose, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -133,7 +133,8 @@ if ($IdentityServiceProvider -eq 'ADDS') { if ( $CustomOuPath -eq 'true') { Join-AzStorageAccountForAuth -ResourceGroupName $StorageAccountRG -StorageAccountName $StorageAccountName -DomainAccountType 'ComputerAccount' -OrganizationalUnitDistinguishedName $OUName -OverwriteExistingADObject Write-Log -Message "Successfully domain joined the storage account $StorageAccountName to custom OU path $OUName" - } else { + } + else { Join-AzStorageAccountForAuth -ResourceGroupName $StorageAccountRG -StorageAccountName $StorageAccountName -DomainAccountType 'ComputerAccount' -OrganizationalUnitName $OUName -OverwriteExistingADObject Write-Log -Message "Successfully domain joined the storage account $StorageAccountName to default OU path $OUName" } @@ -152,55 +153,56 @@ $account.AzureFilesIdentityBasedAuth if ($StoragePurpose -eq 'fslogix') { $DriveLetter = 'Y' - } +} if ($StoragePurpose -eq 'msix') { $DriveLetter = 'X' - } +} Write-Log "Mounting $StoragePurpose storage account on Drive $DriveLetter" -$FileShareLocation = '\\'+ $StorageAccountName + '.file.core.windows.net\'+$ShareName +$FileShareLocation = '\\' + $StorageAccountName + '.file.core.windows.net\' + $ShareName $StorageAccountNameFull = $StorageAccountName + '.file.core.windows.net' $connectTestResult = Test-NetConnection -ComputerName $StorageAccountNameFull -Port 445 Write-Log "Test connection access to port 445 for $StorageAccountNameFull was $connectTestResult" Try { - Write-Log "Mounting Profile storage $StorageAccountName as a drive $DriveLetter" - if (-not (Get-PSDrive -Name $DriveLetter -ErrorAction SilentlyContinue)) { + Write-Log "Mounting Profile storage $StorageAccountName as a drive $DriveLetter" + if (-not (Get-PSDrive -Name $DriveLetter -ErrorAction SilentlyContinue)) { - $UserStorage = "/user:Azure\$StorageAccountName" + $UserStorage = "/user:Azure\$StorageAccountName" Write-Log "User storage: $UserStorage" - $StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountRG -AccountName $StorageAccountName) | Where-Object {$_.KeyName -eq "key1"} + $StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountRG -AccountName $StorageAccountName) | Where-Object { $_.KeyName -eq "key1" } Write-Log "Storage key: $StorageKey" Write-Log "File Share location: $FileShareLocation" net use ${DriveLetter}: $FileShareLocation $UserStorage $StorageKey.Value #New-PSDrive -Name $DriveLetter -PSProvider 'FileSystem' -Root $FileShareLocation -Persist #-Credential $Credential } - else { - Write-Log "Drive $DriveLetter already mounted." - } + else { + Write-Log "Drive $DriveLetter already mounted." + } } Catch { - Write-Log -Err "Error while mounting profile storage as drive $DriveLetter" - Write-Log -Err $_.Exception.Message - Throw $_ + Write-Log -Err "Error while mounting profile storage as drive $DriveLetter" + Write-Log -Err $_.Exception.Message + Throw $_ } +<# try { Write-Log "Getting security principals" # Convert Security Principal Names from a JSON array to a PowerShell array [array]$SecurityPrincipalNames = $SecurityPrincipalNames.Replace("'",'"') | ConvertFrom-Json Write-Log -Message "Security Principal Names:" -Type 'INFO' - #$SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force + $SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force # Determine Principal for assignment - #$SecurityPrincipalName = $SecurityPrincipalNames[$i] - #$Group = $Netbios + '\' + $SecurityPrincipalName - #Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' + $SecurityPrincipalName = $SecurityPrincipalNames[$i] + $Group = $Netbios + '\' + $SecurityPrincipalName + Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' } catch { Write-Log -Message $_ -Type 'ERROR' + Throw $_ } - - +#> Try { Write-Log "setting up general NTFS permission" @@ -213,10 +215,10 @@ Try { $acl.purgeaccessrules($authenticatedusers) $users = new-object system.security.principal.ntaccount ("users") $acl.purgeaccessrules($users) - $creatorowner = new-object system.security.accesscontrol.filesystemaccessrule("creator owner","modify","containerinherit,objectinherit","inheritonly","allow") + $creatorowner = new-object system.security.accesscontrol.filesystemaccessrule("creator owner", "modify", "containerinherit,objectinherit", "inheritonly", "allow") $acl.addaccessrule($creatorowner) $acl | set-acl -path "${DriveLetter}:" - + <# for($i = 0; $i -lt $StorageCount; $i++) { # Determine Principal for assignment $SecurityPrincipalName = $SecurityPrincipalNames[$i] @@ -229,14 +231,14 @@ Try { $aclProvidedGroups.setaccessrule($domainusers) $acl | set-acl -path "${DriveLetter}:" } - +#> # Unmount file share Remove-PSDrive -Name $DriveLetter -PSProvider 'FileSystem' -Force Start-Sleep -Seconds 5 Write-Log -Message "Unmounting the Azure file share, $FileShareLocation, succeeded" -Type 'INFO' } Catch { - Write-Log -Err "Error while setting up NTFS permission for FSLogix" - Write-Log -Err $_.Exception.Message - Throw $_ + Write-Log -Err "Error while setting up NTFS permission for FSLogix" + Write-Log -Err $_.Exception.Message + Throw $_ } From b89228204cc656e13bbc8ce6ee812c35680d244b Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 14 Sep 2023 15:10:11 +0000 Subject: [PATCH 15/42] Generate Parameter Markdowns [danycontre/451d9685] --- .../docs/autoGenerated/deploy-baseline.bicep.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/workload/docs/autoGenerated/deploy-baseline.bicep.md b/workload/docs/autoGenerated/deploy-baseline.bicep.md index 427f287fb..f6905ce1d 100644 --- a/workload/docs/autoGenerated/deploy-baseline.bicep.md +++ b/workload/docs/autoGenerated/deploy-baseline.bicep.md @@ -17,7 +17,8 @@ avdVmLocalUserName | Yes | AVD session host local username. avdVmLocalUserPassword | Yes | AVD session host local password. avdIdentityServiceProvider | No | Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS) createIntuneEnrollment | No | Required, Eronll session hosts on Intune. (Default: false) -avdApplicationGroupIdentitiesIds | No | Optional, Identity ID array to grant RBAC role to access AVD application group. (Default: "") +avdApplicationGroupIdentitiesIds | No | Optional, Identity ID array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") +avdApplicationGroupIdentitiesNames | No | Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") avdApplicationGroupIdentityType | No | Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group) avdIdentityDomainName | Yes | AD domain name. identityDomainGuid | No | AD domain GUID. (Default: "") @@ -211,7 +212,13 @@ Required, Eronll session hosts on Intune. (Default: false) ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Optional, Identity ID array to grant RBAC role to access AVD application group. (Default: "") +Optional, Identity ID array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") + +### avdApplicationGroupIdentitiesNames + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") ### avdApplicationGroupIdentityType @@ -1101,6 +1108,9 @@ Enable usage and telemetry feedback to Microsoft. "avdApplicationGroupIdentitiesIds": { "value": [] }, + "avdApplicationGroupIdentitiesNames": { + "value": [] + }, "avdApplicationGroupIdentityType": { "value": "Group" }, From ff98c67b88c6963d30a9f4547e738edda0614143 Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Thu, 14 Sep 2023 12:07:08 -0500 Subject: [PATCH 16/42] updates --- workload/arm/deploy-baseline.json | 10 +++++----- workload/bicep/modules/storageAzureFiles/deploy.bicep | 3 ++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index b6b479ed6..efbe14e7e 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.20.4.51522", - "templateHash": "14133596970882382271" + "templateHash": "8991385264236532554" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -35080,7 +35080,7 @@ "_generator": { "name": "bicep", "version": "0.20.4.51522", - "templateHash": "16414992328187639528" + "templateHash": "14952724665705198985" } }, "parameters": { @@ -39175,7 +39175,7 @@ "value": "[parameters('_artifactsLocationSasToken')]" }, "CommandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution \"{3}\" -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName \"{7}\" -Netbios {8} -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution {3} -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName {7} -Netbios {8} -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, "Location": { "value": "[parameters('sessionHostLocation')]" @@ -39359,7 +39359,7 @@ "_generator": { "name": "bicep", "version": "0.20.4.51522", - "templateHash": "16414992328187639528" + "templateHash": "14952724665705198985" } }, "parameters": { @@ -43454,7 +43454,7 @@ "value": "[parameters('_artifactsLocationSasToken')]" }, "CommandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution \"{3}\" -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName \"{7}\" -Netbios {8} -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution {3} -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName {7} -Netbios {8} -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, "Location": { "value": "[parameters('sessionHostLocation')]" diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 71a0dfe0a..ce2eea775 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -254,7 +254,8 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro params: { _artifactsLocation: _artifactsLocation _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "2e21756f-35e3-42f5-b7a5-60154837dc03" -DomainJoinPassword "Admin1234567890!" -DomainJoinUserPrincipalName "admin01@mngenvmcap885230.onmicrosoft.com" -ActiveDirectorySolution "ActiveDirectoryDomainServices" -Environment "AzureCloud" -FslogixSolution "ProfileContainer" -KerberosEncryptionType "AES256" -StorageAccountFullName "stfslnf59d7br" -Netbios "mngenvmcap88523" -OuPath "OU=AVD,OU=Azure,DC=mngenvmcap885230,DC=onmicrosoft,DC=com" -SecurityPrincipalNames "AVD Users" -StorageAccountPrefix "stfslnf59d7br" -StorageAccountResourceGroupName "rg-avd-nf59-dev-use-storage" -StorageCount 1 -StorageIndex 1 -StorageSolution "AzureStorageAccount" -StorageSuffix "core.windows.net" -SubscriptionId "f6d0875c-f868-4019-94d2-bd7c10b761c8" -TenantId "2a3287e8-8fd5-4965-8a7d-2efacfbde54e"' + //CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "2e21756f-35e3-42f5-b7a5-60154837dc03" -DomainJoinPassword "Admin1234567890!" -DomainJoinUserPrincipalName "admin01@mngenvmcap885230.onmicrosoft.com" -ActiveDirectorySolution "ActiveDirectoryDomainServices" -Environment "AzureCloud" -FslogixSolution "ProfileContainer" -KerberosEncryptionType "AES256" -StorageAccountFullName "stfslnf59d7br" -Netbios "mngenvmcap88523" -OuPath "OU=AVD,OU=Azure,DC=mngenvmcap885230,DC=onmicrosoft,DC=com" -SecurityPrincipalNames "AVD Users" -StorageAccountPrefix "stfslnf59d7br" -StorageAccountResourceGroupName "rg-avd-nf59-dev-use-storage" -StorageCount 1 -StorageIndex 1 -StorageSolution "AzureStorageAccount" -StorageSuffix "core.windows.net" -SubscriptionId "f6d0875c-f868-4019-94d2-bd7c10b761c8" -TenantId "2a3287e8-8fd5-4965-8a7d-2efacfbde54e"' + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution ${ActiveDirectorySolution} -Environment ${environment().name} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -FileShareName ${fileShareName} -Netbios ${netBios} -OuPath "${ouStgPath}" -SecurityPrincipalNames "${securityPrincipalNames}" -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' Location: sessionHostLocation ManagementVmName: managementVmName Timestamp: time From a02ea226a7444cfde1d12a734cbf054c3cabfae5 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 10:22:19 -0500 Subject: [PATCH 17/42] updates --- workload/scripts/DSCStorageScripts-v1.zip | Bin 0 -> 78493 bytes workload/scripts/DSCStorageScripts.zip | Bin 78493 -> 78498 bytes .../DSCStorageScripts/Configuration.ps1 | 4 +- .../script-domainjoinstorage.ps1 | 68 +++++++++--------- 4 files changed, 35 insertions(+), 37 deletions(-) create mode 100644 workload/scripts/DSCStorageScripts-v1.zip diff --git a/workload/scripts/DSCStorageScripts-v1.zip b/workload/scripts/DSCStorageScripts-v1.zip new file mode 100644 index 0000000000000000000000000000000000000000..060f38b2f1d5ae7f1e941f25ddc08e5e8ca58304 GIT binary patch literal 78493 zcmZ^pQ(Pqu@aSu6H`}&to$NN-cAZXbwryJ*ce7oaZR=#)uKWAndtdIuozG|ZnR%Ug zn6L6rC}>QG{}CEfLM>Is!F_KcNQnPYod0T~UQ#yp7S1xBroU{=jaZr4nK_xgY#f#U z_Yf=uEQDxGnEL;o{=WwGKQ9h)^i&5at0|kfSTj31vo&RFHSDd`ZEb0kTsc-(6BnDx zN*F_&-}Z}5k+MS?36rAnp^+wCTsfe6-||rq{TWkhvYHMMF&p&%YWKdG2D0$XPLj+S zeGaqu$DQ5uY{p#lRm5y9e>yZ;aK9fYeSIkTf8@`6z3!3J|JU*o-;?1a{0{Wr-@6j_ zue(|9`MmAg7M25i#FFfuYPG!A8*!&|e}<0bIq`B%AEbZXMZe;ImUfQa#`{0_ z_`mm)eARA}u<77|Vs|T=Jsqy>N}p|tope+`x3BVjGd|z^10O!N^7MkNus?jg(ZPrk zPCc3N-H#R=4`nrz&!2@~uXjd5JvUb*N-H-F(^;=IUk_#ZkFQ#wXU{AD&5SKBc=LJY zt+khV(8GgL&wK1zR@&lcE!Q&-_@U!my=QpJ|I_sPoaO5U0gXoI<7YnAdRL9r`%h(V zlbcWN!<^ zkjM*dwr`K!avfIuZWSQ9gx?Om7?YXdsPQ2RYzVmx3`$dEUW4GH2D*U}PiM9^0LXtR z!k8Hr5Ou}k^*@Z|SZ(yO8ATGH-971PYMJH6XJ6Kb3?hjvL@UP|%22WL=Ft@d@Ab0} zoK2W1W!sigD4ClcGTZgJ$48fX)D2st5|>0vz}z$35mra^!5{I)msi~UOWRN>bJjsQ zjHJ$Gnfieulu-&0%g`mjv39_0R>yiRS8Q3?<0UwC$bHInV3$P)2BWFV`z@xZY~-5I z7dF9}?5r#j>diGV4>-8xb={0sFm}AC`sG*XfQTInX)ehwo&EGlO{*)~X$JK6Q@W&eEn`Kjq;yeTKZ zyec2eEdvA*{8S18RyERLa3UB-Q^V;rqFFwy-X0Xb;_f$62hV@vv5n_wtV(Wg*R&wT zuN~%R2<82>Sa%r%R9fbuOi;&q?7)p+N7Lz3+Qj0I?L zessZ3WD8P(iYmXeTKHc&cV0M{J-^eKqN=);=8C?A4rDHG(#lIu|L-V|l5Cfg;@3DY zyTrPG`alE+NivZe@HE_tEW=zO*MfRe!mlq9j9&|Kpc%l&a=}-e}V)0b%%j0B8gc12W#(N?%>{+aeodJ^gaQie>yr0VEyJ5U=qYb~)75Ekp$Ml&k(tz9j% zt#QK1mR3mgpvvpgDh!+?XPNAQkvYXmPS+pv?jQn(5{T9ys5IeJ(gFsyy!X0}6t*Hc zk$$IF0q=Ydo^Dni-$>PV9+Nw{1-d5Y7-b*Nn|W|ef5QdUQQJ}7gNA&*#STB`Acv|q zw1}^*p)nopbioK;^rS~`2Zx|f18Wp_f{xZ#MAxsj?8mD|&#DEtn!hLYR)0t9YT9c( zd7*B`DDgcDwvL>ENTtkwtg`M1mqh%&o=4Ie93w}TYZR{!>~L(<(1<;!GTJUbT}+O` z`jhOI9UNz06Y40e+SP(o340(KTq#a5MRQI`$x0YTQy-8aNpqo#n)F2sFc@=QBHFcfy^+RX^air57a|Pn?>Ko3V52wV4jE`MZ!xp_%tU zd~hjqQi68bX&BmlmZ4!>9=dm^ppB0U$0UP1gMS!uL+f#2&S((uSJ`=&`vxP%RCW6_ z1b~>`65atM`0PIFoN$oFG$A;}W%|cU{Zmiq9-+U;OX06VQ`%2!mr3|4XiqbCRmBVS z4wnbffECWwbx~Lf2Fo)S-t@yF>Woqh!N9r2hilV6=p?1ltV?b%fJ9&Zy~J|^Va0bn zAG5rF+?LnPb=t{e8Q+h8gbo;z#-U83)lD~WnoJa7h2D`{)@vv4CO_fDdgTSW`;t0M z)i3M?WS*^uWkp^$KS(c%awM026bT!HPiFefHRcN-@G#~0oFrw);uy8RePI46rl4RS z^mYrr@*`odp=m;;o2tP;|?n5h!M5LbIvEdTjEG?E|_RSfHti2@8WQrdKBy9pemVi$`?zO%u* ztM*>!eVcet%sUgv+=tZBe|b~?1N_^GDK~nLEPev0>9^w&{_Zv}!8|3K6Kr$U0FIs8laQQX1Lx#M_TK30aICBZR&HAl;jflV9xKIlz+bFx7 zI3+NcJ_x)aq9*b&(>FtDTzIeTfk+QL{DtbL50W2xoylp5WswhrpMOlgT+8Tr;#%42 zm=$}=C9w)&6WRJ)HEi~-Xo*$8Xg;cx=vYtac{x{5o8GD$dDPSCm7Rj@ycvE8mfTQU zJ~kMBJmYinxEtx|Cx7$s>8JQYkH#IPq%_KKP-`?eN&{&ZUnA~TdDie8-5`qE{8(uM zWg8_;_e^cA4-FGKoFl5EQ{sATiBs=Bg796WPti+BQ}`E<+T)6CV7+3=>rJl2f4)r# zr@Vn%1}-J`Bb87 z3L?Ovi7nhg)z&ghF?W@C-+ieh*ohpD!)S)f-q5Q-#&6qa;1^ihOtC%FD1^avwYqJL zm)=J~3PXZwZZ;``N%-`krnkFa&k8b|RoZ|fAdTQeIc1`zUg&n#u)%dz_?{jjwbwtT zipfumd^<1O+uyiZ`e*$>;yN9Y-b_Lg=3+v1!t-eQJ4Z-SdRl{eww!Pi;H<5_(a#c^nw7^tA6OB7?*tn8MzY}jo5yrQ zholIWpuRd5)H*dk*oK1N(u z^N?Q6b{Ku8%a}tZj)fU@E$qCJU15=qpDkt0Q&KF3UW=seLpOX*1c zg^FHm--s%X%-*D>t?eV5%@neVAZO(7AOfKIzYW3W1#MfwwqnrJeIJR%-OiitKm|PW z6Bg};gDw7rE1RyEUQk7{k49qZyYe%w20?(IQirt=|aW`IOXkYJC3%eKgq zBzVFz*SE4;NDOh#GG79~ z+|6UW-XIm-(!?SDL%afI?2i_Q>9m1*(zb=-D?BqB{wO>tXU{jO`3?L}8F5ER(|uc^ zOPe@T6V~2>&yvi{lOxR*YcN)|%ik_Y0orVwW)&2PJ% zjx7V?k%5+P9S_FE&Zj?~;8Hhz<>5|VXZn<}7VXaQhPwf;CkC+k1mDeov(J^yx!v()+)m7=1O*P0)~mO{NA=)t5U$R5mDOmtT%q`$)BBC#5Zb2eXNr zLyf&E*N;L{vSG;#^R{+5eEej7TxJ*5w|_ox#jPCG_26bJ`<`|{=(6hyX*Jwya>CeA zdxfsA%KhaFC5HknVMt5wZvqs5%VS1ZPJZ6ArS+kH_;J0{?WC2vBSO{#1{ZDL;rGQ$R5%!f}idDMwSG220-J8P^FX9^s7R9x;m70ah-P$1!66 zQpC6Q*GSuHb?vm76JZppQu=^J!{x#4z7AMPdHNleK!gb9HcA7j1{YQFnu> z`qHkeSu$5Gl5k{`dJ97bxka)`6WZryuah}y1T_<~_>Fq!+c`}}2Ny&h(R7(R7uowP zo^J*SJ>#3nl(jr0T|PH9-;k`myz^$j&OpVh&Xbd_r=IEg6XMK~fgz}#IuOJpgIO}; z1zjI~qtl4_2}rdx4qO7LVtEFi^QA1uG=cGVN?Qg64NHyQ@tL^N{q7{El;FRkt|Bg9 z5Y?v8B-ry{^g^KnVkjd=a$k}i%|>fqY>+?mZD!YpgvWcoH0g_t<4mrgh|b{jir}X^M~ff%worZZK`V#-bw3am z=eLo&tv{tNF?_0BCw_fayJ9Ar-sam9-FoNdcI%JJnvV8dZ4qC6Ns)Y|e)?9%8$I2G zf2Ok2`R|ik^1Tb;^!iL(7+4#GD9WeM3LjDRJ)E`LPfK!VmqOartY>5_iLqk4v>&HP zpHg-0tUHR1|DEHP(DIQut$s5D;t*zB(NmO%~o)xeMNqGGkP z<(dYJRjG;YO8Mbl#yU298CrEs)MPia-+0K8I`t&5qZH9HG!1`}-{7mPdvYARy!0c? zi<6Fflf2dOcEa=K4suVa$o==J*A;?;YT1rk;YkBG2)B}pc%w2;@z{C9(0>7O@|TuIAP3N&8Yy-XpH zwN{=k(~5kh&oQiPW>lPjd0{FIrH{y~#=C@Pd!FBKFL1z`BS7Ump(N@OuHJa`Wb+}= z$%fLPt+85KWzv_=)nKIlX8lLaJ%6D$uRVRb>d$vr3cIfvrx_8OE=$-ov(7wQGP$K7 z(C~xIV$mQiv5=caRQa9Z&%bQNUHP^rP2b`>bCK-^YcG*fCN1FXI0g*Pt2=9BBR1IWy|;a*1$TIFp|IPtQ^a~_z0(?0_Tv@aQ&gfx1Tq>=+iE*UBt{;KCUSPP#aPfPOx zlcPGg0{a)68tqVJF1g&c1e9Ey!@O04{fPzM79@al=3l|4cP#~dBM$)8A4hJa+@B*i)%At4W5VNye z4ojskEvzoq3$Vgo>{UA%JGZ$;pqr0)o@Jda`e0%l%kc=lJ=tb&73qkjsx{OiHaNA7 zAU3~!Jbi2wcd+j%Hp}25iPu}EilMHVf9!usdg6u76u=(`w+wi>Ms@ z>@@IZItg!Xy8_%izUfV3G_(1>HP(EdZ!WnjF6s*1B7;g{V(l@7t0-nkUUHKl<|U|& z)?4Wos?CHeI3S03*DtB6#9|Im;fIETO>DOzkR#!wS?~=E<&d-l1agekP7N!nWROFG zuwrVoj)#Qo-&PCet;Ug_U7NiKtm?o%;9y#WWA= zb`}iWB=2x`luXx~-6*%o#N{d9wG0KuGKoQ1#hjekevuFs`*?BXm}7U$hC|-4pT;aK;3671=;jeCaEI+e9vh(f{^6?xjDpAP{@md zvcF+-Iz{Z&b<-rcD|8~O=d?Kja!`~pQ|=rg%K#}6X+|)9J)PX&#i`hHR4G~Z<2)%Z z&pf$Css<^@GRb68JWH1A22h#G@~}wSJ(DB)FUb_H!Op}5)s?sKWdDY1WZ@62Fyc_vwUqAW{+kRwBLgd(`0Q;{Cun!%ORDUjtQV+?+)3j9ijZl zhlYtKIxlaVTyOwXpAbrv-DqX$xQRc))3aQZaM(zgg^rvSYkv`qFVd217@c11 zH(M+YpdTLDQ}G3$psHf|o*Tz1Iv4ceynn(L3I2d@x^qSR_7zGLkoK~Ioe(zGl`Fa_ zvp`AcQX8VaI%FNw`X_$*DZL}CS$})v4maYx`-m8!qWesK2m2?g+e6!w`Pda|Mk|Na zK31?BD*Z*##z4l_upf#3^R%7fS46xJ@9`7IHfS+h$Yw{litnQn3@v2(z;a~7{ev^v zVo$`wst?PjyZLhY*SEJSulZ`xuick)k~0NwzYmh7oDJFMU!UJUv95ZWZuTnsrrtoC zirkxd2k!FeH^R39H?ms}-V^DZ`_-<0+w7F}Dj)vc&_!yl28Bx!iqN0S9kO+Y4BWHw zTWJ=t;$Xc61_*!&Sm+6YcWZ$g53tj3dD)2&Oh5}a!@geH{BWFu#Xkp!Df_gXVMV`C zI5icL!{_ng%nN|dmLGJDtP@g>%j>I$CDf&jl3*lpq& zHx{6pGj(1y9Sy!+;xBjxPtVhQ;@ z#A@YW9jg)N!@1NvoYIf=`^Fc|<-kr_Om37Fcbck`x2dc;@?8OiLQ} zRk9D)vF&7MPz`gTmUnDr59bt?^Bm8qGHL;*aKK>(AF#s^x#P~GZ!&g%qS1tn1+bc< zQCcgRb^V|^DQXBU#p=5HK(#w7?F36sQ7N^Zhl%Uo@k9ZNJ7FotWJbU5-iXgc2o0`Z ziytC(Vah*Qs9D|K?;O=GT3`vTqk3-iStDP;Fy-W;wQ&UbEtiPEw$FZhq)K4Q?f7Z- zNgJEla{2uSEA{D9R#{M}o^>*znUitYY?Rvb>CsU#h9=irrO|P1UWb|+UUwef?(e5e ziUH`M4#oRk)_hw@d99)K`n<>D=~`{$$#2wPStzv;z#_`bx!;ugO9Vpf);XG!W)$G|)u z&fkEb@M&$Nv~HcWCi@bYrRuXF86nsm1Fev3F>}t9gks>oENgB^9R(UT?)OkQO!}dX z0ST1`vnGMcek^S3oGjJjE0Yzxp1zjV9s2@R1c#w~m9?%koCN~4|FT~hFd^hZ$A zpj^+p@wr+y5x;>|>t*lnX(15%n@ZhON+3-SRW&}oc9~)LO z*P+O+fnVFG)XMcQaw&2yv7Em!E`We*ie-u>^ul-@5 zx2qUCZo@Q9x85`8e~>es$MT-L@xXDo_H;32V02qK7w@S#88}``@4QUvKxXGZ_C0@j zy0ZBQ;pxbD+$s~?F&;TdORcnCn%UB*3fpL|Q{fO6Y~M~Z_@4Cym4EB^mhs8h^0Jh2 z@sT%uwC_D3GJ-Bu^UEOulSd^Zkgea=N*+5#}xA`R4`?Z!XBm50iDz6?hQuu zhnvq+_d9{U-6!hRmw^5o)BI(($C0&(iy zh!x}`pH;0*4>uiy@VI9yts{pdW~}ZmZ{SekZWgj&^HF$xlN`5m$ve3v{Fgac0SR(j!11a~eQO z%j(wwmQ~1pk@#7UT^bXpJ$TgB{m;JU&K~9G!$R(%NPkCH^CPM{PL>y9Vl*VXYq23$L6x6%s$Ax(EmnhQZPbLL!zOxoPTmhU**BBNn_A;fd2eMN% zsuJ4F+%jP(k*hnpWWZ$f=I_2xXI*V1l;Dqz=hT#xfkjw>5m~gNx596}y{j)|!SOw= z%n{o>ZWIfI%)uCV^WL#a&_g4RQx_Ry6o0YI4xxMH6{$=pCD`Kn6G}K5f#ex&>|T)e z9n_H&Boi3$JP2MJJr$4M}o9@M{ghOVTXu8CuLIKV2I-0E0Ww|QndM^Ul79;s#c>ByqVva%*}5)7`CtrKpx2oj4Jh5s zN-wiH@|Wz!!u`V`|MtEaK{cROggCGPRmyNDwCSt_y@r+sd zTOs~)`V~RsIqz*Ezt?$^s7Ao(Tq;Z|}wl;-2!0z=}gNA+%A?IYt$bJv1rHpXEsfmkfXrb}jrTfJkNFH|UT4lyR<# zN2P^reNirv_K8y)mb$0<><;|~+)9&-Ze8`e1ttpb!wfqmtB(mjmL_u(Kiv_~>I1|oR^lM=okk$FZ2C~`o3V4f5O0W)9>qK zkV8OZ@PHrDuFo1Tgrw?YxYNY_ywhZZ=#{Kz;hVAjRo^JX= z$$flxD}RPB?B5rwdHY+<*MF>w-TN2D`^$Lp;iA)GHzEv-+g{(F@N|SD+|Oy7ths0! zSKkdOB_JkG&61zLwd#1iZ{D!K&!DNBEr=;naMjk-%4!GhAk zi_S^$j?RJjW;EqOl+SQCOE(3Hx{ZNG>Vx%$XwgS&Xy4=>vCd)Y{E!3odn?q#yHuL% z^}2ALUr`V>aQw98>6Q2Nk6l4?v(IVN^W68VP{K?g7$KIA#$tq_MMsgky zZL-m2r~GVm?30$119;wxswj->FZZ?8ZT%?vQkZ&)yu=YLe*uBF@})p;JEfCaJF)q>j1J*tf0=6>N2RwuJu9E4`)`D-arVfkItZBu`xKet3F8muTTM)Uv4d>V0C-{`VN$(*Le6;t1 z35a73skeXrJcY7g_nFpL>9JCL~}#c%|AsZc5L1Er+7Nu`jWPUfO%az z6*usL4B31g{nG^-x7TEVRFynN{yaSI)bKitG4ipv`%}$d6&if{VxC!AhF{(nI9m|h zz1P=vFg=2ggNigf8me=`zc<=8^c_0-QcS(8}u^DZcp&Oo@-zNP9i}P9F^1 z*!dH{2pN|kyyYzvFb!Sw=NpUAaB_SX8QR@&{&H^~Oairru+K4#*FD~{ah}<@xu#?G z1pl(dr(4ojMqG_ReGPs2^qx8bis8d}*>8JkF^E4(hu(@8JW7f?Jsa1-i~*#qim-8p zC|?;8xw~{D47ejX?QW#r8J38GcK6l4eURKhh+dCbT51nTez@=_@C1!ptzlC^XEME< zt@z5jE&hN!Tz@};+^$c-LY3G`BK9((vZt53X{Y_Nqt-BbXBy^b^dItHcUCv@%{J2xN90P+Z(B_ChJz{hZqZx-fQ^ahju0Q zk5nYN>dA$nvdPy*5&R@v=JQFS$8Y^1D6v%_v;YZMp0pBp);x!j2Y|Np;ONWif8iDl z(Qx=NjA;CO8n$@#>6vJC5TFU>WfOz;QARjT1b(`_`*_D{t0Q&ai&mcM1@nkp~%yL;{x_(=VpXD63kdJg1+pAd)i( zopa6}^+(}$)+uS{JetLC}@S0=_3j%zX`K z{jW~U-}@a&3jzlyX}p530`w#U&+b@paUZGe;zaQSXK-Rc9EzPmkUJ-QRHlwe}SGgT#kPwY<uOdoP2@y&|& zD|r8cjH?6xh_5IA&WBbToF*QE=g*~nI#-$yM`aD2cUmjIa&u@@go4n;{`kDy;dlZR zF(1JgLtShN6JPi;M%>c5En%Xavc2m)ArJP2k8!>cQx@9o3=;YXVY*G>{TTkwKZ-Y@ zhmpS@0|l_m4Hvas`F=Iz-;)q8e--#eq_MfMN7zxQ;gA2zKYSC;+b_7Uajig2BTJF9 zcuPX||ChxgAw2)Qr5q6!fwJf`5Z>||GzcdARI>QGZ45T-#X3T-hJ5-HC@dirnO`BR z?&#KT&zK5*^vn$$)piUn{Nou1H$x#T6?&z_?gGe|5++akGL&A9L6}z12n9{&hJnIQ zz)vXsN%4imJpT2UJzIXbiB~L2_``i=a2Z5cN(zM7YSqvCmL=(mA9!&L^u~8$p1Z#* zXdnkEetIy?%O)AkQ7Ru3xWb^LS(>DT4alO|pw9h=h*F`YJ(LH-+TgDcBG=4Qt>4EX zC)|Lu&jMxED35I*0)C%!f2>*73(D3w8m=`IA@8(y6TnMDT<@fR<3S^3v`MV|k%4#* z-#7{ZEn6Etu~>dtfZQjG>)IH898tBnS90begu$0nEL*~#Ky6YGC!Ul7yf?8{bDUbR z{mvEc=$GgbE|oYWUn)i9aqxr3jw$FQe7UTy38BJ?S&@!Y^zjF(do+P33;<1z8q%J~ zyp;K`sS?9ualbld++{_PZ;IToF1Ap|g#^|;CLsZMeYUG6m$AvU&Vv4Lv>#0A**9Mf zs^O$CmGJ1F%W8!o@XbU3H-Q!DreAe~3I!scxLOPDu)3?f{tval%Vg*SQ`;dnRoA|> z#bSylvEVe=xLq%mvNwZ$SyQp6dgLD}C|8b$U0eoxLv}68c5s0aa`W;0G8Xl*CEj4p z%SL8&P6Xv(YB&{Ew!_O>9rwP)itL#vSnPShUFyr24S55*^;mvI%nkqF{s5fFQU{C3 zbkG&En;5TdyVrN8hhIOODxGo-mxEuS&LE$XT1S1stpY_NYm5<4q<#9?fRFOx_Zfpx?31De99`v&wywmVQtURX0WL za1k%ES`zqo3~3s*>@Lyd=fz)3xPDwxwnKMee*3z9!~-)8jlBiJ!^zNSi7{f=iKVKO zEe?Evr%+O(7H=l_P~(DNJ6cQFK=yR5*i}d;^o-O5$u=U8EdF46gx0Z?4Wks1TZ#4H z9|?P9UeUt2h0lrFpvz$8kfU^kz67crPl_ox-gv)`dBm)efQKNI`EHSz8BrNj6JA3z z*ukQIM9;~c^#z&AZ1rkQExgkLX*@ENy*a9z5PG3H64A-|Sw++35ppv!HC5_{#a-)$ zFb{i`ocu~X0t}t$*|9(-wK(u&83jo!zYljudnoRy{Sv=4SFoR5WXSEcjYi0k#JOY? zaY#pyth*VV8jCY}8DA{FnApLF{xqWFLjO!$oyy&1~Ib-0B< zUhmP}^6EsG@7i!1B(Zf7|1{ORw9>PSn)K%=ULzD@pVyWs;mfII(ogcNssgV!(Z&@Mdz#vr zHE0Mq=8zohTV4Z6q) zl()LX%wEJAUP;P&gPJ+qQMRyh9dvBfP570$)zCZ7d_dHOu^$*I%f?P&;Yw!-=#$zp zhv_xaA?to>uqe$(2%=-@i!4)r5jxYRUvK`1>cKwzo&(+7T(OPfutFWS`+%<$B!^Rt#3VqA=;Sms^xs)D&<~qif0_yl#D-ftq4AZ zP7}-^L#4my^*k!)8#&z9CT-a4l-XIV6M}GW9^vYSWQ4AfTu`#W>9RiuB%%Z|54baH zm5o^TQ?|}Vdxx1KiM@)c<6coMs;fBNI!ZZ+##s%fGpKU4EPaAS+DR$s>f{Q+iZ_zs z4FMLlfL+bUy==vF1<%RkSXajQoU*iW_j zCthWkqbcyHnKP@~%<{)IC|%L122U-5=Vetr&fYce7zYLn5)vp);K+{2rs3Km`&Y)~ zMEhXgATX}vSXA&E)`HKB@R;z`ZF*?WY@SfR_*inz_UQT9ngvAct zscS79lD!5#kyW1sNH$0ztB|o-2}0ZkvQp+PC$wj+_TbPA2+Z5~gW%|u>E&a%;nFiW zHiDNC;eN@|2akT~PfVQIzC08oJ|c-mxT7#0eM&)_fe6pdkvrb70!$?N6_}^={Unk% zo>Px=vi&I$YSC86B1Am+>n+aKi9e}0kRbnF;L|TM8+_6BiU83yZ_VF_yA$;%=LCHg zqLhW=GcTu|XoCjP+fzeJtd18JD!gc1gQMM|teE2D(dzJwK=4dh>oWSNaXriPoIBqrsB+lsDbqdYCPseN$bOEt~Pl zQXtRM7=s3m${Bx(PF0{#=#Le z$|~3#*Lmjg-}u@wFm`iIM;DXcZ*osywP%map$Bb0}+MG$$ zgQ|J5X}r5m27!C<%bbyxGNFMVy(yDXag-M_qpaY36;F)-opD=s!HK3tOe5^LM#&?= zKG?gEWj8G}2_c(29rmHiVlAI%FW35WMCT-JCnID$taPZd#_NKMN&uDcPESP$C`;Ic;Ek<2-jSWKF2khV$PAw@ zH7uzsw{+XRO;m+LswhW8kByN+2`}tZtt3O< zltWWJ_+RvW!t^yhiVK-{11Gd6h|Wzg`DWN8&xFeam}LIj&ie@Y1Z^8G4n4chYXZzq z(ib8UalVEEBH=VOC`$0}C0mzHFqf2Q;NJJaW*Z~Sc<8^r{&rhej*|~mogb2CM z?OGz|;7Fo{*(gqr24X@wRXNh3e=sg6its8BX+M}rr;K3&)-jNb=l|Otf_2anKRg5j zW7vgA+5eI6aS*N08Kb!RXhH?NP{9>|BlXf0)5b&4$}Pg}DfT&GncEr{L#gcA$h58U zjZ^`WITH#kWlPb-TNTy583xIovfKw=3r>Hc-&_1~VW=Wc={3+B9V64Sluf()gPh#bY#C`aH^yHPRYm14;^p9{wP(j#Rz0R6 zY`D2{nl@Fc{g%>mqP46a9nTj#0&~FcM3=-+xhX}c?YXtZN!WJ@KYOp<8p`F_VZ1rF znO~bdh!BnIo|GPbnMp;As)Qkii zWx6(Uhqy;yWSV7mk(1@)_=sD)AoJRM7W&(R&J92(VYyc}n`d<+GOp7OYBX{IUl5ok zDuvG^eaE)~ghU0LrPai=dEI{-b*5nq*?1+yv;h1xb8cy`UKIVYKJVo;$gi)Lw}<7x zymIN6n6{c!Qsdl+jbY_Japu_-X*C&QR;aIWYuk-x5wg_wfHyq3WH_g{AEN8UpB)~9 zlRm7BWoFqVWnDOXbQaB9EFB+f+AXMfGzb{Q_YL7>cmJqF6XXATH2l8N!8%=M3#OIG z<<}fDu#$bWzBftPB<04qj>$Hgv|C$eIW_ceJmlJW#c{0>*1gM`y7(_Z;bKYZj#eWA z)$u~>bXabb=9fQUK5;mW2>>q#AQ67kY{QC?_0NRDop$(emPnL@yKH04Z?9@m`@tWP z!geXdm?#7R@;c{lGq$>uHDdj?dgi60@ui(b)JwC>2$=*yk=05fbyyr~N5Fn_3$&Cl zkJXONDb6WHN2BP*+upEGYAT3KpBP-oj07qD;0$gEx4uROW8gMIBM$l^W_IV>k+wh; z-GE-)Yld@-j|M?qHL`@oA`>&dgM~Lvv?*6E+0z-MP9DXwV`$`^*)QP+xnBmChj9^l zUe0Wc!mHZ*wZGFGMoq#d`PaVHJ2|5nn@XERZOrz%qGDW`Q>Y1g*7aZPF(IWqi>1Ej zOkF1I%2lkfqNXd_4Ohe}1OaabExXj^qnVlwPEL~|ONnXl!s&WSg68q-!6koK1~v=f z?_yR_OPcblUY#!jnsuwu{hcN!Kk6sn#tZc-pe-Gu!?db~K<55Bm zdUeZJ!**L1L#xublb4+KJo=HH5^x*#%{GGOI|r*3xo^aMeW9{l1rl__yll2fNN7lH$!69rdUdp0puu7rSu*H@^D)b-0S!~#Kk(`xA-<SWb z$AlY!5#r+sICNtW6^VXqw!5_1*0HnljpwaxXPr$NU9n;2T}Oh6Lbcpa{k}t|xtx+i z5vCCTPQK$6`7NW|+nsmF7v)ZDl+il~ijvpPf$3OJ&;NYPBh%M#l@U+PyU7T03J zmzqAoJu+`>R49v-+Ii*uz)<*3pEV!N@U!Wja-Plwd}6|<{0g4V?dPJYuWE2Ybn&e! z=z43JVB1ey%5K|spSYLdP}nwqyJXo3Be`xl@iA!%DgHHx_jPsmL01f2{MOG;t@~?~ z@N43o`19tDPb4Ux%)L;6t7B>mzu~-#!XRAFSmH!% zt9fPIFPiR)^~F9mGjA8PB-k_$e}=Ap@|j1Ez6%M3**84rA=oJ8#qLf1k*nuEw=+Vq zNP5DycT;7b^BQ2B)7Cax>zao)S}UwlMZCK-ly6#6scPWFytMWqkuIM{L^S!BVqGBN zj3?FNkt&%D8D1xn?pE2=BT$mmA~D0JD|OZUF+ilr#RpP1nIyJt6Iqu22OeMbF%IK$ zZ5C71*_QTMZNmL+mx#8azR9SwTIsgfe$E^vIEd4AYKiAKviVYPbGDk-<|wXOvb;Vy z=ne*2Py+*G!Z)LscvZI;k$J|kmqbq(dnbV|W(!VrDP+xSSxhh%yu{d0G&!#QLXELg zB1t_F0)~HYL@knknH1b!nj1r9>p|+g$6k`7H(q`y@OYTSxFciW6uE|JPhY$;$Wb5jw2p>N3 zguC%Hv9jMB2a$PS+ZuhQv5p&glnm@;R&W?w)C#P-y#o7LaA5tyYT)wUzBU*oP~yy+wggoFy*D3A%;0%kEOOsYzkA2IMI? z;hkPR+zbl=YT4ioUZA60v%R=O+(xIM-9@Qk;QoAF1zY(*jvWRXahiMDN6 zxFPKV=MTk9TR3*n70&)&Bc)v5UM-afrJ$l6s3w&ZotxbZF(U^o|AHL5Ort}faQ!q{ zslUbXU4=UfivOxGRzb4}wnxpJY-A~Vuhs%4)_JRuHYSnj2*#uO!)U&lAn4>Qw}DvA z@_%Y+tv@2C8JHOQ_#TcLSBBIX6dc2!;_F9Q6LY03XMF?Q z+0wE{f5O^3>~=-fVFdoeKVNoJ=qg5OUNy_b{q&9Y1nAGRm3~B66;+ujEaDQoh9}Mk zt1is3yvf`bbtj`0T#a6b$D$Te6TbbOhK7|#9dV(Uo}0H!18w%J?1&gnY4T_l5JDzF z`*in~YPa!aiMTY|4mNS;zuKHlj4VcSL>@{&r7DH?{k0d0gGpn(5l2?jys7QvaEL{H zG-NDmRl1?6+uSkr;fAwiC<$eP+lg_l>V*uqG|SWc5t@7|NH>Y$=IH*vC_9HPQDAJ1 zmTlX%ty{Kj+qP}nwr$rf+qP}@eQ)(2=&VdK$t08Hoc--w*qZ*uH1%?#7vprPJVsb& z9p|aQU$~I17u^SD<#2mFsUer6l`c# z?-d~mOq+pr9nYg1Vq8PX;$|zKtlTovp{aa@cH=2@k#ijTyNRDJk6iqo(zo0eAvH3U ziZRuGH4_#5R2~z3{NOsD%Ak5>(L(J*yY?~hp$JW;fQE9!x5w5LPYg}4!EwBlH%afT zR*mY0j2gs}&Kj4n_Pzv+jeS7ui!{V*wS-!d+I@^~TGO`FoMJCH`;BmY3Y5-aizF3R z^=Ekdqo3xbYg17T)2N3Vx6Z(&F!GqzX7P~nWk7I9b)f>Wg|M5DN)t!M+y2@@#)Cg; zhN`BGI)#3$x@%-R<22`ZN>y{961aDqMouv9=5X7rxlYNP+V>>=$bNfBVo=e(?ab@+D zh&VZO7W|};>4f$MUwgNIE~i!S40}`sgNNiF&DRS4Zp+1`j*+ukl983Ic&zZt5w^Bw z_MlJqC;eS2PXc`mC7pvwsv25g`Jv;%oSpIGbL(~h+OO~QiQ4yR?~h+Lu zHK)(E9Z;P1_wzUUU%+RC(rg?qhe2-l4%fU|(&3XP-$iHLpQBHD{7)HVw>Oj7@tgP6 zSG~Esx1aEsI5$+XUj74D2!~IySWcZOpQGDh=3d;=Y>5ac=GGH;T8A5p4yY-!XYiq2G4@u4q$1dmpEC>hVgo`ssXXYUtc`Z69 zk3ZLfHmyG|^@%alTbfR#CE!lK69(so<9L}QHqnbc4{OR;NL~y34pEx|n8&Q~3FdPZ zA?f%8Q4ERKJ|gL<*P8oWayi!<^PL2;_nO@+gpM>z-n8M@4w0}5g6<#oao3*oE&&81 zji$@~h@H<5t_nV{!3qP>=u0}m)~8r5clODD7m+<*mzqcjm3kOnwrxrfHy@vUsTK}9 zXxphni%#wJy3z~-YATZ2V>WLD?=CF+4EitfJ*$#P_A?ubnkoGXP6XDMeqvJ^3`fkc z|MqNS=_F-c&%fMIl(0YPuz_JNu`dv!PgE+av}{(XK@U2~%9-tMDvM;)#0}1np+}f| z*~r_2M`nv;`x`E#ASqo9x7bp0pqLe!Ih0jk)@|lU(2k3+y|10vHYH*$Uc5jpo^7{U zpx&D5G!PF}iMiZ9+#Fj1I2}iZc5>g;jdL#AW;;l;>kqw6FFhu+;Yr&JdJr^Ad$9&W z=x~oa8hCgNtcZlQy&jt&)@|V5;#_~-=MYPSZ>*7f+NYoDCI~JLGpAuY)w%VQSG*Q$ zQ#tcVYT4JSX%qZ5{XEu5l? zp#0%{7RPJndyx>9C0S^*((h+Qa5I36&J_Th1S}zkKxB#A(XN{_f{8$~cfYQwu%DjA z&YS~eeOdB7=vY8x&bp~ba-W?+ezspgvGPiNq{y(8jNfdW<#{ELy|qR3mH@A|?0Jv~ zPx(gYVgDX*a4@uIL~U_+=DXKH83hA5sizG3m@++R@xs;j%IV^F(mEC5w>)ZX6o2hO z>pg7^L-VYS> zGSmXdk*&eRc0YGPhF&(VJT{&?>pPseSWYas57N zMF|;#>8d)GXy~xj$#JwZA!yILrC+NRx2DwfK+kFeh%f6vxQPtwuv!ZdLAP#0|93=S z);9R@5TL%6hn%8{;7!N!ys#LMWF`Yh{L{A*flb&n86UxAO-Y$)ShLz)EG}6~REE~eDU(o;>NbH*)nj^X01}njcn1eoWp#;6hUrWe&K|M-0f90peSB~a69L96V zMRw}Vak{VJgl55m;mE0#S6nC4+KF_J|G<*kc1cfG#Cl0?2({U(87k*BR)M93lC@4} zKErdA-o8=OHkVUii8oc*9M&VyK!SqLvu`11zBzLo3&b>RUGr`bxL$oZi!WLcwg`3j z%aS3HC1R3Ob``ym)gy$6H$Eh5#wb@OBboIi3GnSO$DhwQ)X5k(UW=$?Y#&b@xFjVv zbnu}3=+3*rSr$U=s#6x+q-HG`V%hZ~bgsv6kjC|nZFLE@O_`ob=E6SO_iTBcxYSIB zML95A+c;gn3cK&GPQfx7VT;bw2_P~#8xS^e*(uR0>gOh1dHMGS{$#kU%m_KIH1whUc%DnDe9apH_3l$78c z%jUuxfS0k+)?=`x5@ee~a%FNMwhhm-`d!NUUD?WM2!-=|WDm(%i+QImXk{Ee0@se& zZ&pu7exel1^TcjCdv;WM(l+ICX>&;cW77a{!^G=1V6|I&%aZ07xO##A@a-46+I!rr zWS#DQJ?5J{0MO4Uz(?o$XV*!=J^ca=Qh=Zpj<_$)dBP6Ad1_*( ztp8%{6?rr_R4`m~7aGz(qZlytbWV@I*Q?&^MG4@M%swnH@3#hXDT-!F39oStJm=`? zM;&NbtlHa4j)ZXbdVI_chr&=KtmNU4xjyHvX-z=-Sv3`)*{^COpEJ!=R@+Xs*Xc6S zIz`Autlg-`E)It(g04pdI8+DD#`5C%xcYAq+%XRNr#qbCN}=jZ2gB6%LGJq3n_#4{ zs09m+^TEz7GwCkqgy||1Xf4*m3xQ_Tc6Qc|)6%k*>&c0O=uGSWjqb5OcUgq)Lnp#m zW9<1!&8@O=NzNjkl%o%Iwc`AVx#g75A4$G9@a-`2d-!LxAN->frSC5p-S;q0=s7>% zi#+LfzDWPJ@1(qsaYEv7;dfVl5Bo65p_A>dfMO_!K%mvOA6cr280eJvj*`rSsX2&| zCQeKHe@(w~AHQMK#$J?fN>jUQs*=W-kR=oR+)4Ov-W#foF6iMkpr2BrF9m zszZNzy0LQ|w8tGO(RdKS_S4xXTc31N8P=!v&|MxH!ia352zhz4gWBKbU$*C!pW#n{ zyysoK^sgwqEh~DNCAZO2-slK)S)b@tH>S_i+Yf}1Ii^HQ`_JZQ!2Ggr6p7dqb9!Aj zw`jf4Cfvr1i^~$rRU$Gi+|canNroB*%=p)9Bnuw{#rl7vJlMjP4~EK0X~Fe2MF7rVixcfIBW4n-h+nFh`!} zwi*mh$Nrkw47$SPQal>D9@R1IAk=D0(Pq(v^gkx8TI{IpuHt!n>?hi)xwo=hNK|5{ z`#41Fd;sm@Iu5`D6(y?CRH2w&@G%|68Ji;sH$|}gRWCyE9lrJZgs#z+Vz?n({7_(= zV*t=gPACOtkT9q3rg*Q_Qkv@P{u%oDTMG~rJG)>_+aHdOGm}brxRX7cBj{9Au1Mzb zpmP{fIqxv+hv?4}708+d+anEyuj(k|T_~t*-cu&rEal4~ZD==u$ERz}rO-IEpRwqI zHYvke>C2-?^mdue5_C&FWA{<>cgq*ua}7f+(V>Id_z1C5P7`xYSLw310~5h*I(hV$ z+t$AEB~oJCRDBUJ)`UZce?m@!>YJqikxod=Yt^S7hsSr9w-5H}S`J+}pLuO5xT_E| zk6RtcjooD+rbp0-ZtWSL-*X4TK!Pwy9r<^h3*k})i8xWZY7z-tr>>p4Q+g-_x1`3% zp(sJBwiBQYbH!J=GD4w`53D1nXlt7|Z;vN(X*UoS#whb#eZR1tkhX1sT zbPwGFF}8IIhMJ>61&;q&baUo>l)ajgJPRd8J9@}IC{)QcgC^Pk%;9jDG(?rKZWN9% z!i2Eg0sEwt(x#xJ0* zkCoe|Xd=VcdydlyzrOi3A}iW{R}x2+N1?c*D0f2%>hW~b*u5tKQX&HxARU0DDiVL+ zcTHvQF2EhpW(K1h8(M^@o6Enk-D#<7@-C80zSx{eTEv32qwK=Hk(;_+uC%#NgKIKQ@=1ydzL{5gd$~7cz?GS%;qy4gKb6Ro@$yfi2EkVs zcQ2(`X7VeN7?;#ZVdu&=lO&O1D>f#QvVX??+O~6dk|yDzL2j1xG(9@6qM5qR;iC|J zn&e#fceW|Yoc!Zv75<-JZ3X|=o}8;^s?uCiu1FzaRU&ohm8361bn%{~rt0j230r4S zj(uJOYr4uA$HaqWW@dJgY5KAptHeXmR0LIQh$gIJDb0cN(~pJn2yOa&@jmP{c-mw=RKh#eep9`0+RV9oSQYK^Dt zQ6gs=fEWu*j$R4F*Eu70M+87#QN==I2;x+PQwAZF0#LZ#LJVerp(QWHpC?}}1o)2}fSjtB0GSF{apYcf z6lJ{L6TCV(TN~7lG@T-x91|8G;*v1G30Kx$uSDS^j6!;<|L@u`7w{OCn)JFb{5({E zvrh8uQLzTRi6$TeaXLy6usBIl&~+cqhR_^Ty_!LrC>N@c6(iI1P*^D9wW50tY}jpo z9m6LIgI!SZYiyB@i9c$;ND2f%9y~a`mcSR~|lfC=~X zg|+#*XwctJ+!s5ZuiG@Sv7sTtPpDf4G9f#I&&tqkbw<1lAo@Pp$$b;941oM4gQ?GT zevF$O9K1X{ydL8|gk4j4z?wnmXbS}DKvwAIuq!o&UJwdXp6Q3`N+}+t)*@)O&2br! zU&`8sgq4wUj6>Dvwam>!lV?*@9TZlEP(xn_3mS-Po51iU#QX{#nXxYk>nX6GiGnQb zH>d1eGml6uiVw!g)7x8_qOh(PX&@H?LEA@iyn5TSTJ1F}jDS zUIgfL;RaGomHvIvG#Gxdp+gD9Lqa2>(lJaSxnD$nY=Y9gb3d4LEEDE60`7S$!tUXR z)$~4kKljHgja=Q==^2QVyU8#k42azRE`Uos?DoDElRwESUE)&!;lSG7>bNK5{%a#( zKfbv#mM=unJymw75hC}LN*u~gkRhILf9%$Ysa)$d^ioGy1qQ_hXhtRr@n+1L3WHhs z-1#NV#G`NmvOO%ZtsDD*Ot{m z9qy9ARIt8gSMio{V;QF*?$*zn~VYDADPH(hjRpJzI2E6AtCMWMT1U*u@YaT z+VvwNBsN)K;h)$upfaOe_&-qHe-@O=4AaBQDuDf2wuI4CQ&f>eD>cf5>=G}hz+`T~ zXs-r)PkI~ZDSPehOj{}9*x;zJKw%OL(&zctS0hF00AeV>dBe^ zZnXrqOFqXSImX^%IenCHmgSOD{R~dAh~y&bhs(73!26fQ>^#LbNIXJ!DkeY?Lwv7K zD>P&Z75hR@oPv;;RRAVO@h1t2SB`E&Jm@lT)rvG33SvCJ3eVZ`)$9RwytENBV^16k z{Ah}B%L{z72G%c@X<3ctsOir=mePNLpeJq=(zu72)&L~8d4mzA0Q}}Vz1T-*{gWQjr zjVKuy@E%T9_u%H?kn?&31}Cm>xJgg$kyFyX8<1q7U7dx}>i<=e^Y;?5nR9yhZY#8P+#mVAT-Z7Cwz+i3|N3fQ?8Zu*{1QA%Z=6#K2 z-e42y&0t&=Zzq8{B`G>u;sXX+6rU12*0j_`lqsohC^V^kyjMQnau4S4U-c6k8-#^h zIL2%Ji9u{0%Jo?vp0p~Bg6C-u!|Um;#$0S#hT)1fA zOKem8$BfB$>;|_QSdlj$uMnTdOiP-qA(R`3$`>w&USl@QD00=VjiSlo>o`hIApFhP z>mj%vzvl-sP@^ixwUEgaPLVh7$L{*EkL zqxvBhil+bC_Kk&dvF?Dkw=_M{wG5dC&KXDOlvr}6lnJaicH1_^7y&LAkprSE1LeC$ z%%HS^+3KlA?Yl;PPpw6{f`4XB*uM{80J7AQvS>{!Bx@6`15;6h(mGz`N--0Kl5Pu0 zEJ=_q=;S8+w;?m%ju+KeD@B3=hsXOe+mIyw$qr-{fsg$;FCX_ zEPYeXqB?CN1pMN9{hj4xtEj zfr**@`uhnCyYmBIB-gLsUT{@CfmfclWT?Fj{&vbXS9)BtFiN=0bkQd|1SDCq^lz`P zi6Y!wONN8p9spm;(~=TD=ySwSmJkRP^FWR0@2FwavDTT3#m4~v*Q)EQfR=$0_l!@o z8TkUq&jW=CD*2GMV_H+;P$kZ5_yw_pK*2uj&Bl;N3tf{o9noaT-{n8vnU5Og99;%L zGQ-DbSFTPPOKN$`<`3=>CaWkJeW1LF(5JaBLucryjx+X`TBOueEWsO9I zqJaIy^?icNA_=jWUZa~{xWL;`h-9putdf8ov&fPByXUtRHJnX#u9BG)MZNe%>mFX( ztovOYE8kn&RwzaVge2A_Ya0$T;S6SP&<*5YHytKF1}43`YQhDIp-*qd8Ef;of^iPK zCH(3h-(ZrkL`ZQc+l;LI7TBql1N7a*TEfifW?~=;q>Gp z0zQ%jYn&B0O#oODiKdS{_jbyYst9C1aXNFz1elI#L#=JZ6nfJKN~RZAJ+PcC9ck$V9T@i+!TlcI#lpKXUn1>7X%_ z>G$q_9B&SO7QQZ^FW*3Yf2GV_E9(OYc=!tUK$Y51$SPC3WFq&bWW*(P0RPmEj^8;*PaqctnT z8&6aH{-cOwfBf?^Q~%{Hi@J3c8HO4Sl;B;Mwh&9$7V zcWX-4Vmcj}071chZLv~#HVK%d>tCgsi3<-%;P#%til$GR7>PdwJM(B(!S#;};krRW zP1P7N_^`lBV{PNJu~Yqoa_hMPhhbtLAh|BGl}3KjMYB>z-`;OlA!ZA5%E^uSzBWGD zxZLAtGNfECx<3$n)^4__yVtF*=L!DapD9jAUCSp7 zshZ1Sc)lRH?mg3 zdODUwhfqaeuLrq@VoqDNaK*AhLPa@%h95JDQiIAj-&Xn_wNqgl7YZ~qb!L*P1=k== z0u{?G*NouF>V)P8YR93vb>n?27Jf2jbMeT^T8%>J?AF4}Zx#WLyKXGM1N-^ zhIdtXuek~--JKPzXyWY1iD7+R#|~AlQrhHlyJP7Z=D?|8T z)ooc~Y*0$!!j1bV2C64;R7u%3R~8KZ5}3`+)w6*Oz+hgd7Npu{Vg`!<{D@vE&fY(M z<|7EvYGyNSx$7CdYk46%t`l7_`L5Kj04|IDo<%D-@c5E;@AD0hZtAN2ENN^v8?*P- zM&zZ~#sz~vS>(5|YY!b%TM1mtk?URspF8BBD(&pBC~8DzHpfFMVMkrbw9|RUg*4YD zZ;dXOiIlfHNQh1{dm$0Y2R zp@?yt1YA0bc%*A*Z0xgk-YqgEBAfOO+Y6E@+&>jC@*>{rj2(#O@CG9$p57pTf=P&9 zTo;ake=x;W<6*Ibb$tSxY@KZfs>+?i!+dAI$18BcPdR9%QL9}o7iK;?UlYPvsMlYw zrve6AV9lyz-GZcT19bd$+!A_qE2?kTj7(}Qc61d@_bH%3YE=5Sg#HZ#nXng9Q-`l0 z=OJHwh3F&+pxQaato%*gdGZ3p@YJ#;A_m5vAtI6#MAp>i0kvrB301(rc!lDJRWQ zsI{;Dwy2Fwc$U>z#lbRA?2QIPcX8f*3JNbxXLFNgdtAM8Wc(e-3Hg@n zmf9cj>4fmq4M$mWgpc{lICHBpUz{sakMH+rK4pLR!rqwkxhsmT!2-}7W*P{4v*QA% z>WaR?JgvIcCPctVGQSi9d~+Fd71O6zBv+?;3*)F+pK@;JGL!WW$%|cBbKl>K+I#Op zgAn5uc^6*XI=@ZZOEp{0^L?3^AOyJqZ*Q!2)HttT!70%<;(UwvsWT9ddo<*K+ zL8E+cWfI%gohUDH64_4dma6zf`=|eUv5I$Y$^A3)46(dXT2D+_bG<=#x+A!{}lv>vRT<~XFCxp`pADTK=%!u26 z;!B`=1t*H{YnPM8Gg;USvp+{Uow_yd6BD>!qgOeXR5aMF3Q9TzSE6?r7sf7Ar2ANr zE$zy_JmR~%wODgJefjgy66|-7Nq7B{;f=BCLZ<-)u5S49xsaQ>s7SJiGD(F`m;{7L zg)g#5NAhws3N^c=|5=~#^eii2MbGE?N#P6ckyYO_PF=X;z!Iqs81WW zO6V$41!Uxywh`|ivxX!(Y|1wgQ;Dv5138|E=k4>GW%H7Hr;N7xUMxQPrMhaOGh1o) zdZVMKH>Q-3LW_sG=vBDi;{bIrP#l?L`SSB?e3&yPm&;=f5n~C#$^aKJyP@@JP?59l zLysq$aLn?u;#f-=4@k2Uw>vmwQfDc?svN5ked8)zA~H!SkQjZDv!mA(HL2@wV>3m? z8V(K*MuX1q-BQ#kGVVwmhtk-f~t3_8anZ>PEkA&~nyIELUkuE>TOWT%I0m7c7M#` zs*9#HWukio{0XJAg++dH2El623x6TIVBwI$#sJx!D1hvnaCE2VoF@z{?^!S44+tcU zh-%%e5a4*#fk1&n+1+Q9N>zCj)SHbgX2`oaA=b_e=N=R=H1?L6nODqA^C^8Xd_2x1lPw7ZIAQzj`0M^y(WHC4KF9yog|VyiN@)p#c;(Y1xrnKjA|)eF=93QJb^o@J`4cShgl6Pv;R%ccM`Et322_>9JAn2wZHjI zsvkWzTg9U#Ie5*~WZR@=7z)c~@kJ9)A>2ntZxh=wL%Hx;uajV6>4Y{a*%|E_@g;z? z2f_)7EQB|TAvK>#S)BFO)5*7yfW=>e_5tL6=*)*&_$My5)pX{plU^0+bbX9Gy=s>q zf1hV5fv(WyB?pvi12-npLszZp^@*vbf&%GPYw0>@l@>>Py4m5=j)?mT>^|Jt;iWx^njpE{-kH0nnlTJw8L5TMDn?u+VFO>}d@+ZxE)AssY4lxE838m$ z<~pLGTS-k277iLJB(STy=7q3;!p0^IA`~YHb-!Oq&hFVbGpfC*M?>);%ewHequ>9kwYf{ zf?#own-_(5W0~?Jz|G!^sY&7|v(P-yO4>XIhHi*s0y;gHbT_)n(VcLk8bLWzTw3k{ zQbs;jmP~XDnGk~c%Y5lfel+xTipoE+>0i2z{@9tTNijpCUbuP)L=ziv zy&oU*tGjRX)E@I;r@BexqyUiFa60-PAInK`0Fy&>_1=%q>~XfZsb#nX?~Z*f9^Gu}g$xWjsb^VZdb@t^|Ag<$a1)1RuK~JzKomM?=l6@?aW{3S824@v z<#17;0zN&W`BUV+?Y*{P7vn>9xBPJ0%i35}#I{#*w)}0h4Ir|RVv!NCm_#Sc96h5I zfoVhALQge6y&#Ez9{o>Mp< zeKZc9_i`)b>spYUIO>jEYwMXT-YTR!wH{RPD*kQ^x&Jw9UEtjXr8qIEylAmHCgy;^R2ex4Irl&U>(L4Tl4VX?cZUJ)TgmEP zpX<}Oj-Fh?9#v~1rH|6h@PTBssFQ9eRZe6Ff;5Dxs^FBRcD&=z4zQK(jc#Oeu5HwCilJnhHP9L2>J2dBkgz#(A5vCm-2ifSxsjj0WqmLtS z8GIO6tu)Q!nnseo>dHMfxE4=bLn6!S+?R`o0h`6*j*Ok0!k|a-V zkqI037@5|N!7op2QQqT%24CjHeb9p5BLDMaH|WtTeb6CXO?iFM=Y%1rNUC;WvPuMX zLzzXnUs}0_wHe<^)Q@$TFvv1pX8()+_2{yi(67=>DpYGOoZgBGgtx$PR>?oIV$I+0 zh)f{>bfBT|Gn&(EZc8qsA*y@F6ODH*mTYsrz-|Hj)1JBbVBeA{F^;Pmv@4UU3-|bLCjyn}9eZpotco>wUlGK0rp~ zF6uQoHcmGOuaD~(JH1SB>6E~C(5>lXbST7jk^{~x1%YpEICT8>CA_9%fno2n_`u1Di$m#l}OIc(T)7$q>97$?yi8Iea6cA-Sn`=pqsVc zCgdFxm){3zYRhd6+e{dW3~7t2?vb`-vhJpZ^-D6y5_KVAw?O z-zJEKy^EKrl2}B_PK9vW`{le(4^L!oc|u>aK3}s5Nx1|0#NV5C`#8qAfGyBgMTm;V zK|B2=7E%2j`bVXV%NYseZs%b96s{~_v_i&2`V;htuTN!c9qQ0NU)P+SjXfk zP@@rU?<0*wV)%$>scT+9o`oM?pnOqOETseuZwB>_JCPxeY^F@J#AF2D%h-l1+9A66 z?AoQW_(ycHKw7DNOG7%8z0R_SW+uK$;d&q-&uD-Jy>uX=81&Y-=z~zR7!iASED1V) z_OVrW!{^;B0mQaj#E)DrAJv1lO>OWV!{oHn!fL>DBeRBxwt$RaP;b3+W%jCmy7)^2 zS}yx*1c4)RHu;t$rPU+yw>+{-QqXc5O?5XbNG#&3S{;{6YX?$?XIXi0f>_C82Y#-c z#q2apdufR6pgP3BYE@e<>n~uj)O~aueq^M*Fhj3l>=-Nuu)eB21GefW8yaRP^;hS7 z$}AzJ$b(tmZ*&ue6qm|I_6Wx2Lhk*PshnMGtlOkijBPu%^#dOjyW?QcKK%ow@*Bfi zGpAb8aMxtNW_O#<7rVj5P1IkJh~pcuS2j~q;qFOtWD*rNZohlNG?((ccEalJ*ZV&6 zdIrq=?)g7a^Skmw&Hz@7BTTM?bi1*EaA^`t>u-6okj2!GKIDRzhK2Ca=*fzW>L#*u$#<9Ks+RC;p% zfm-R|akxZv577tZ0ab_oDtglM;5b;pK>QDR^T5MB&eq*SMHsTLD58ctvwYKjljeAf zOfM>V$&t!F$7}(#R>|)0NgU5Ly)R9cqkgS+zDD}$nsBi*vk9j?;-YC7uiupERr#QB zz>>vQh)@|H&53Zcf4Dqb6zM;`s%9gwwd58&S~6wcO&Fz<9GyGR>|Zii?5A=}r~zFS zQJ!~h@FM+AlfT_inP0PDYl;?~xrU-jsxD|oNU*o%DQ{Yyg1!8BFJ>p3`6eTupIo8` zcu`=Or&I+o<;P@lrJLp_zHyW=*R#IUgf7eP)EC)IB}43&*p@H@sep~pYbW~g?T2cN z@Sao0%;C~QBM2I-fa+Ie@Y_!=LktO2*Z^%AzWv@B|K(8Dq-5d;Un8xW!is=eSy}!xOtZVo?EVUK`M<054r?F{p!4u^2-JfBxyZL`S+qRlH5(ClW){-}y_C z;)1qp&&DDFg}y4ou`8yoVXgxv8Viv1mqs*Eo0VBR<69Vk3(7R1Nq$-SJY8eb>9nHx zq@1X~(gO@0;$YvU9_ci{AolFuV*zt*8!WR&c4I4Nd$k8r)J*Ve*i{35T_4Kb4 znEn7#*hkJ`OFcSe)pz6cgcwzU@+~Q*Laj9AEkzjei;4)0`^H~i0oCygJ%nqNB%U8G zU(A~%>J_I@+;L^eFiokQ4$l2eh24Nd)6i&#@=r%M%4Mp6rj}_3Aurj{N_zDAS;81g zd%Kyr-=<%@9Dtma7ju3@j3qFK6@*$ir821cYf_^`n$Dyg6OO}ANng48>XEk;_w^ir z;=(rZ6o_yzn^fV}q5m=oi#VB&aA9m+TmZ`#1YHudy9(Hj{p@=);8$@<%Z@W~)L6qp z5L7(aTu;WOo&%)nk@tnABN1K~F)YKde=3Tesh*87OrcvCPw>|0ZXy4UhYSD%vuh-% zIBdTxsWH>Q)a>vS0qD$Yp~4tI?8IMZ@9(lr&0=7WV|ilaa=hV-)LpW@aP^5DV28AZ zeo)Zn!mYVgRnJgMZ&wxc8pZzZ+C6S9Vh@~KtRD1PDS_NWdjQ|D4nTF*RZGLwas?Gi z6uKUAp9Pn<2!|5LyhiQAI+)6iIkeL~9MsxCrk6jr6RH|KNbz|hk^V=YF%}*OSV{G) z41Pz+fXa)lwLpUYs}?$b(uqZ%4cz19g~AGT1kx-y11^OR;oJn*Ar}ncl&5f_w;a)s zf@0JwQ$8$FpCb58ema-vugo8qZ4>wm%uX#BAt_%d&`)e5JTQ%q!Tqw0=47NkHE9L` zTqm)yWHegr5kHwqDGnx3KUFQw=h4KTW==6ucf6!#sT8mXZWy6FiA1wg3sMpb`csIU zyXKLn0i&1GSIAm9yP~>zmT@ty`)VwHh}5}HrC*dw(?**iVF=uAHl;5?uc1Evw^4*5 zwrhkf0x)M}r9SO6ov1FeVufh632*KDT-*L-Re#muOYxNLczAR89Bm zxF(O9iMJSxmJN#N&HJNWwfh_QE%x0fZt5$y536DWPT%MoUEQZz6`-rnHf zVxyHZuO>ay$Eg<6!boYvQ9~@(~Sq zXoAPFb8B1FN%IR$+BYY%I^Hy^Q6rcJn3n0@>u3hhRYi^5+S7DmCyP6)8!RWXVv4Go zX_^?*&iyg7&CrRC0b5moP_N;*ZYah!;;)O>@U*kTfgMadgK%#l7GBRy98*x;>2)t< zIho$4fTxqql$LOtHnJMnfnsbm^l%wDz)sB@e!89~x&`Z?Slfgt)m$x8%sy7rM3|;q z1q443ukq)M6ip>`*|U0EIxwX!(>30_lPzcuIAvqnTxo>WzjnS>C<(MmqxJP+Uv@$BMs4!`bmB{tJLa6|auo7b4Jc0Fws$zd!{^Wv6r` z--V0g-jndr+6gESC6v|48FG8-l%CpIQ%G-=@YSH**N*}bm|LFVP76$7dI{?5aHv}+ zEpDdD$n$_nA}Vs6f}irR;R(@yB`0H$VNulW&@wG)ZRvPxItYl$8o{!mV39m~v{|D! zw@BcY4GVuBDwM#Mvbj6zT|tGj(bPkM&WJA2Hj<7*V1s zh$X#nr^^whH`T2o@-{8-)P01ZhzE6^=z>*rWeU!%c^+Z${aBnPB>M$y%l5HWcuZHD z>ZRpY7bu0#8fs^jy#n>&Zh}B}^6dTL%?Tw=_fi&Dm#=11oF$}u31U#1oQ9OUDSpSG zMn+G*hU#sipTD73e-F=iiC3?4E<&JI(6B%Qj)!KND_a1RcZT$`abp1@Y`Zbsj&**p zUZUwCB$9*{(;Miv|lN8~c zWqbtu$fca#7cXr;Dzo%4Eb#94z{`L4{afhF6LW|Yt@rbif>Wg@wmEy(F z#h|H)pgc%&25V3E6}hw1m&8VtkQqNaLEVC`ckKRmcIVT8TE4QU0UOzG26ZaBSe??9 zXSh$`za15Yh@^FRStD>cj#-n>5+gK#br+DS+_`FBTu3%pxvB+7CCtpJpG)G9BcDn1 z>qSF~Yeb=p_+Q;Lb4#90)5TAS$N{+(r$J}@rxqFSr)?UHcb7mQn8c-VvW%w&2(gtg)TrAUJqe*-bxuEUw~T zx@Zqi5K*!gDI^81$*2T>;h;U+a2E>+-jrvaxkxfNk1q_+?6=!N9uP9ahk1t!&9uXP z;e=im-`h*(R6SOxsL!H}x4q5`--if7xqte6&AdC!hXxMCqcK+bT~TJzTh>hdobFSIeSE+V-qQ9|n;IgqW|JetdsuknjX99DB_j>npF5 zY;I!=3&lFWm&uiW>HwFGwUW`mfTzHHuVZHf%QoWA*)8Y=-3%_h+^oK1#0n8E7O?jO z*G#S3%A3hqKaLSe!5?oIH5tj4*g=hCjz7WsMBQStqQfm&)0(D@!@B(5kKmVd*~zoFr)n)(fh;Y>HXoSrT2$xqj&y~du7O8L$q8T z2d!(Rj`8DFe4_ttRCZ`AImWA#A60k# zEKcL7ClvmFH>JqG#P}-c{bd^Sd>wI~*7tf_5su0fU|70#eW!Iz1|GTCQf%NPE87$# zHS&T}T0~WfR@IeO(N|X2mX_DlEL|yNLJV2|yYWwrFLq_6K^EVb637RA%(J!$x~yWB zD9gOKrwoyMNiJ`GHE(NcTRO%!vhsyYQ!!72gMbRkzU_HFseauKCoI;TY6fXrEGFC;G` z8jiV>z0zao_%L{z41{2eo-@X^QDGgPq6Bt0=+}z8b@A_*zO3_hjVH1AtZ*WWF3g}? zYpp=nu|C!mT_|^K0OEk$5leYS8e3rV+=76(>U#V8|{ zm@e-pu19LyI}Tt%LBdjbI$95Gi#a9)C?ZUIXMg~|d4^hx=!LReB_%KVHsH>=n?W)j zjH^MKV+`Te+9j=ZP-qt!OxkG{5V@2wYYhTc*UlD`Wt92p_aM4-mPr=s_Q7(_yw#4s z70)`ZBR9IE)?nVF2XZ@3W~4fKRFb(=xev z1J6-pXU}9`louBi9ON7*XIQ{67A;Z1)aDMF3d? zE>(*%#W+v=0uO+p*oyH04wxI5A9e-u={%WCZr0Dh5jj2vJY=Q;P@3~mHcRM&{36U( z*hyxh0~Tu)V4k2)3cR$2h_o>3+ZY%>ZBZ%sX^Tv8jI~SKXzg)N%OtNbQ3wv5u)Y~9 zg=wMa5e;8_Pq-mD)QcilBjC`Dvh(U^0b0@snt-hN81xd?T8}{d5ZGo1exSeDhnKJq zpX(NW{~2gH0Y18cc%$->*^UJ|^5IDW7}*q?aC3VTN$1{XOE>i8O8|dT4T!9Qlps6#^P@eI#9D}pxsR%{Q(`z*@%bD*zwUD3!Cs*6K)j~VJ zUj=S=pXm@w+mqLKyhRHS|L|i*s*3CpV(>?6C|{~|_gL@lPS=-w_WYw)|2fY_@4|-s zqw*rjvtQ_rV={S_XZ0tBcc0z*ooCf$I$i{B=fx!^^28WR7#0A!eveD4KNc57u6zzX zaR*fVSY1j_qX3sZ%WxD~b zrRkVGI$@<~fSEpra|0A=zhIyu9~B;-MH*6jhIqxT7Q=v)#lY}nD$o{bkYV_hv$T#U zhLuRu?t$;_v+g5tc|7_N>(_{$G;=?XsDj<%rL1KJy0}QkM>(eQ2>3Ag+)-jx9me~4 zg&9k=W;33#O>bmxE-uPBfnmN_ZQdWtA+I1GG96T`h&zTqPcDm=)qQuSIoU{nvCjtC zFRpXto9Py_P9c)B6oiKiL{eT2Z<9m28KoIr_>$oi6yS!gfsxDHZ5L=k+hwn9cEyeE{eHaZ|MnS5}y{lfC_YD^! z>J0OVx#+8+YrN=6SLIb|ezJ}PG5*Z|!pAmPfCm8^Hc`!c0vvV!|~;ZByh0z0-kZ$bg&Jo?WBiQcJ(wc?Y{!N$tJx zBCE*crJ{h`DWLq=Mbc_8t>Qo2TrK4IV(ydQy*Aip+txE?;lo)Z(eA!n7oaob8#JEW zt5tghqVmR6eZ!1u;~Wpv?%eUM41bgL}G>IDTpqzt27T_M#j#JQ>K6JFMc z_e0SIeDpj`F^LY3=`U}%r-?;8>sVa%+|{xPHW6g26~d>fc9dxYIA{4zD6&(c8huhY z=B8)3P0SgT^PD7lRI1(qYM>oxY*US7nO8Pj?M^19NC^oWk~^Ykcd0onuv<-bO>d%) zabH}I%J70byC4;vrK1FeMwBp-SClErmrRC1Z=oY(B3)OP38u}-iEoPNV3Cp3eq|fQ zHXdipnFxuns2H&1k!;V|Bk`))&=NX_$pVsSzg3tcH;(qj?t>XAboQaElJdFIcyM@a z5&4M}tQcEIR!dBD$*&&_f(y!saFk3YOhr(;7Si-a^P(?GtJL~owd&43oHA=%GSZk3_|;zu(3s) zv8F%S(iF^xhz=cCYqStL6t$7<3y8uDbBU}`uz~qg+|yJ?#u1H>EMKrNwr20tA`r_d zscrCYx16?5LJhk!+=>5v!?X>k*@cZQ`lstbq<>6$-JMK|>ywm{ZJ%NJBxa2{$VcT3 zIbvmn-Y&g~*I#0X2k&QD$*i^*2Gr&K{j{PS(QI6S-e`jORcs9QFH3@KGdK_0;$D|= z4=7G^+zjea_k&>;@_c0Byv@mkpK!en{4mp=&upN72G)MCcVSx@Ms5XcYR39C7*A7k zVcX*C-^K3L*j+1CGMa3esfQS8eH&lXX>dIh*u0cpE0E&hZSN{mP;+j3PT}qI??A#n zR&>Yn6K%nSK{Zr{ZZUL+#^cEL#i;ui<-1>Z$KxHjG#?iBDLbOSj}0thH_<;1L^bxns`Q=~!yN`jG=o|JXe?8$l$`t~$qwLc6?j6BbTnM7CWeD^FS#fT~Hw97YX zvu_6Pk@zz@G(}moVI2@KuP=)dGhjfcfETq2iz1V~9{~!obo?y(Z$Q?#kSQyF4=B?D zIX~ckmUY8(`-;@u#N8)TL++5#N*GU?Z#)U-yWfix$baD6YC2UmndmwLDTEc~^7gD5 zpVF~2LUhP`;PZwa*bt%*e%&pyVuMB99R0>MwIjL!`cPodcDznxVtk&=fQS7iQtmXx z_dW#Ur$7cgEP22pv+Xe)e3`S^wvofFJ4K*<0aB&G5+GL++&XeKMsQqQJmX#-0;#MQGH_N7Y3l*j-Yl3bAh7MU{V6#O7uh&?73u zH_oWs_mcZ025a^RO4IB`*yMT&%Y4ax`7e&vvG}jwS?)^}^8VB6bN_{76oM$vFL|bU1lus3!TxNQ)=eG-%}h z2or43c^B?td4=N0yvcJb60=M(HV1wkH~>6d-*d)f!#!oafYJ}(h0 zZTrsvM|X*s+~8f7;QO2#^JF_lGkf$Sw4ggJYG4`AXEk-B`h<1R8=fJ<2wE?iiH{a* z;-5`WH0tDG9%w?A|4vzu4m-G;-Cu+kOW>hJ@adsN){n`#lV9Rr3xo5j6?=h-2Kdo; zXb3vByOht&C*)>SC3>E#n+3da>keBIFAMRg)b*Jp*aVc$v8Y)>lErarNn~A$7$xL{8kH$+pJYP6 zYS0)l#T&)Eh7AoHax@)d;>h%U8r_?~UNc&8+_0LFT&Or6ic;%NL&nwJII|5j*9RZs z&afY<$1saDAy$q?GdzJg>}{b60!#FsB`Z-^JM3Rd3)|naH=|pilcxBLdvTtz8SgX_ zh|>k-N#p!UL`~U^kT*VKK~Fy?x|Lmn%p;P~RE7Xm4dhf`_In)O9={CC8XV+f{+PqB z6Udg8lA$%Wogd?zN@xU+bg_YTL%4d)p$fGU_t*JsR6ZTig-COcNpk`Vho9Z?7}(+T zjKu^3v2fZI1kE2(yvfU=PG!mv9#|(K9x#YB;5r-v_HH?99UV6z$aO$*VIL<%yk{Kt3yJYw|gVW+& zllWm8tl4!$*>CtvQAZ&uzm7zMpVTB@v|XFFlN7OwY;O`)P~Nss_?!@LS=$EbP8yFfmrDu?@M$)Bm)5XP>Umq~ASxh{8uuAW{0^;^SLk zbNVDcB!`dISkp!yx~61&sVT9X@*-S??3;dxv`d(s~XaYZkJs#(Eew*)WL zhYher4ql@gs3TcFxFg#PoYr5okw!>UqL(FJ$*HN z`|{}R>B+0%>D%G%i?_Rbdq=Ncp8A?&R4z1$U~4C56nw`p%{N%Y?OQUxF@@N>;mkZN z9*!^2F5gwmJRQ{~@Ky}#qp#IvHjBNp@JL;nCI8^$ztFMta%Z z=fS@R!-r3v5<5NFdp!8-i`_kKW;_g$U)++l=9z#d+BdtdU{6d6;FvlVqP~P1O`&LO zr)yOR`Cf`g&KBM5fS0jq?iBXGxNRpD(R?w#DXba*4%>bUJJF^um#VFd}A z+(ZzMkg($6Y?9Sf@ay%1Hw`axVbpLz43ue9@4qEA2Rg-BV~_nLber2-MNCRne$)P@ z22+EJ96z{Aj>-%qczBnsEaN0Z0g2@OA5 zOok|pD#pp`P(sRZmn)MTe!NL6RPSzl&Iy9(T<7wduDE@vlfKGk->#zu>6Dv^+M!xf zgVsMwYttU=H+=P#=|$?`Wjn5DY(>wNXrmGhG~MeQ*SN6W7Fr8I5tHq&sRr$>XOg z7gMC7*C^pmI$lL${27SPE3?!!0|MH49JJF|JRG(DC%%wy|U;OJvpemI{_lk(0jT8W0UGnk9>zKRK1^90lv%}M@1V-m`7%wU0ikG{QalMi$aCKh7g9XT3BO3AL{ zhB%xp$EriP?)0v-i%86NFpd~o*#Z1A<5pnxBDWw|Gh)APYU44WR+)K-mE!79c{`Zy z;78ojzePv$npemA?cbtbEoc7QP;?)+lv(S{2}4Av*)eL#_!Wf$mO~Jvd$#&`E+S*nD=FRyFUQl0(-reVkbL!{3s?stE&(-g2Q9ecrDclrUAr?+87ss9c@;0 zS+|c6Z^gDHQ%l<-0|j>Xji>~X52m`wM=TEvHG)=7+=?%sn>pSK{7sK?;X8r3F&#`; zZeqt%O#zJzTtL+&uOOwe*GQ19Y42j4il%CW><b91nwY_KOjEMYw*M)_bykMKloi3`vx>vSSA_V@I@J5iFQ7j&?%g zYoOK7iY%C7>bc%zxjKK#=c&*@O%<3X*n^VU-J(qqX|uTSoj%L{1a6THbI&Z|CpX1%Bh7fkI3y?`izE}-J zdn91;`~A?@hvj3_vpEXticLhK0LykXW4^#LJqOOqS*c#bh4IW{qGGs%Lotpz6`Yo& z7Yaz^A#&Ro291sOv*aQ#DqycwJgXkKg%w4QeL+MQ$z+n2H!%pAm#~+t$gNWo-T}fp z0C)$QQ&8QtpV4G)?be%68Q8|;s}$Q{rP1}kSF;l{n{ zPq_iBKvF<44L2>|hQ^YCq|*HA8Lo}Rz?^%K!I47g2UU);K1=Dr8@f3Kn{3`ca)hxv zt`c;ol$|M3yQxI9Z6yB+)Xo+&)~p)XUn75_F*aq_o5X*Zv(A^U$fzO_WE0nyDJ8V# zEbJ;9r~I<7DvwYa6qZ#gGj@qE*l}~KY;nhOre!Q?-THI}Ri76FU_w;&Iq-o-P`z+A;bpW~x{x%~dma``<>a;#0a%<=!SR+J^Afrr-M%+KZ@k3CyrkVn=aM--` z@+`LfQ_v>ITf#f=CZAi2a2A*-JCc`}<`ah;dCj_pY5KrsJdN`_5OKwoYOAbj%X%?> zayVXMB2Sl?h?lsAFTQ8a1ghS~Z?&`O(a+T-@=r4BL+@DY4etyw$EodA_13pe=a|RA&NoVE@;Fv|(D=0`&A>2u zdfgAV*T+*m>vaqoyEGd5`x55c#(rcYe;*);oA;9%J9Aq%LndurW-jq_1+u|1#_%=OK=Tt2@4yq!w7z(>14Qr9jD}i*m||McQ71UeSBc0bQ{*I zBZSZC=DaT(Ux#jlYPs?6+houm=bQ(-~Wfag70E8%zN=S}wh< zOm_4U_me)bwvoguZYMM`vUHi1gM9ZII^6kx0opBPHDaDEBW+C_j4b0hYg%vqJF#bu zQ2=Bz5V%zEnb3Tdnh$Mc<fPf{n)t?(5bI_{QnEb+rCR%eXTu zQz}3W@^M<(NfgCr9VrspxQ4M&mgb8#)vv}7gD`dEgx33uu|R7oYvp|lGBG6&e?$hR z0xcS(faVCB&sG+Y2wj@cb?mH0^yg>aCPl?0x zm&FUh@(QPhyCf?gBVPQj=Ui!qcEN+j*V%F>k8j4Ga=%&TwvV{SjFB7n)ds(|q+Q4| zg5|Ur1mRPOc==XUudNH+d$PA{T{;mH6!MB8GZYY_0U5*G+>3fN73*G^aZAqbqC(X@rM2=Vsfv(UxL}kR%F%V* zdvSD0?6y>2TcN#od2?1~<9nCI^`I`qU4TKBS9LO(49X%IPm|fl)o{J_5#(~?Ds!@- zdIUxs>=vs~iqz1Vqz#T~@{^?x2!}bWb|{3Q>Ua>?9W2KD?b&=%0n7A=d`zKAAGwj? zH^$8gH>|&ow>!AXMED}Bh&hz5_f>RC)bD|ozf!4&>RsSPXBa(3h~JJX406I@Jm?NE zX;bDf-gwg(KINee@d=ft_Jgogq@pp0&QXgN++CK?M?bhw%A+r-q9v};0J-6gx9m=K z+##uGmjjswZa9?1xus5K7nBaMjru1T=Sck>j@v^T-IckmB%+OUC{C@Wo9-=Cs$t$l zwIU#PmA&ygy;y)wsBac{ZbhIGLw_2f20yn;CC%3sx{ygzjI#dea=pQTtewDku7!<` z^xSEoxwp%XhUSwq`GubsAV`W2d@fmp8#n19SX|^-=y)0j4O&bjXI%|=8JE}54Fq(}Xj48`=K&!PJxFH;DznTGY9XTlc z_)(I%9pxOTwVX`KG#TFr|GBoO`(bp&4CSQV`uJL_>K7)X<<;9pnpjcS?FMgG#kZ-q z1-0O&NqVGf{Pq8za%$kwMfQe#z@cSHPF+xum4NBHHEkD@SYI#_FhHG``Qa;j-gf2 zeo`kCwLYZC^b_FUzP#4WZ(-5|DyCE{{OSRqFTs7;*vCdSJv#x6;Tj&ZDekCK$N_R~aq?@citfw~nPwP06r5J56cf!7vN9k{Pjdg8p>iI-*)$AfV-U^pKr=&DcP zQ2uLC)lqNI`4d#;SVx@*?xIX`mcvynMwsHNXI{NYotUMyS>?H@?;GGx;lophe^=}S zlHtcnki$7S9NHfH4a-Kg`7GoUZ1151h$0af7V)Kv{sLz5EZq*^9){`kp%PP{`YT!5 zGwEU^wclBYQrqkx9uvXR)*rv(znayj1-_2f9&ay;S$VvZ`;-9>_MOL%81Y~Zy?n@n zxR1TokO$GJ3VATWwIdlUJa%!OSg&-9WeA2Y&;aMu-$W=c@YjH5VO?7H;a79y@m@On z@>G&vtcyXH?)QFVxe&#;R>~of9aDPP)V2N3!OwOF(MJF>%TiR%(O{ImpG~q+hQ=g$ zR#5FEJS;&^&a~3sIHATx!hTPv+Z~DV7>3oJ^fzkCK*IldJ-n&vbQ%j0IhG|xfn*gp@TtKU=DN+?zFE`nc2bl<>APluB`pTRj=3rS78pdijBN)he-Pl>H2?0Ni zW`ub0e^+f#%o@M6?MIZBjsGZ`4&Ru8US9vT4MCDxTVCH<=U+zu8{;4IoqJo zQpHl|#oWHK$qg-=O1qV{1eoasS#U997S-rwArh`q`N5PA9Io@Sdj$(X3OAbo3uO2e zZzNGawB;ho>Jnil!>tc%PSB4Zv(T%zlp)(nyojjED{Jpy0X4})m1X;k2C~>IC4OG@}c(X@cc z=A6R#p|rjgCFXU@J#AJ|I2dyPhsQasKLV4pnp1EF@svT-->XB74Bx|>8OhfuP+V}E z0&ZksUm$Sgi=s15w{>M>XX= z=JjUHRT@P9Imang`ke?dnjC&aFpWcCcp{GmHr98wA|OLi0MdPn@@isM(DPLw@XktK zYSE1{#VVo*R5m;=fME_V)5#>77GpT~fwJsb=(nwSqUjE(VeNmIH)G|8SBDgN58_IN zx05obpyXJ~xZhzwGd;LFAge>LRM*}GcG@DNscJtMPUDxD)VZiapbwChR6M=5wwOFC ztDjuVMAP^=9!7i5e*Q}rzT}I=?wN5;Jzv;Wuhf5nCL-L2Jrywu_^l_6Xg#(7J>t%z z^m77#KdbQQ1hVHWxmz;s)?D1Rm5Y0AsjjV#AFMBd_qm-!+uOCi-b-})XtlJ?c6X1> z?yfVC7@<40s7v(u#M`Gvxza#NvW_;GA>&xu$dI3~yZhD#_g+xQeesRYY$5l6TuFW& z#*+S505&QHe3pg+HuT*5=z5c5(MoCEA&nTMT;`HyN!8zmxy=JtSk^QVTMg3V5luK^ z5)mi|q_DnypTK#CX&vLB47a7nD>52$jgW@E*Mvj;VhhWTNM)IAu`57vR%8@N#}2-> z91_HjI@Na2@URB7=of8#BRa?F+6H!d_KvU4{em$U*C*XpZ+_)T`LFeRuyzPIIOt;(DOvUd!-(W z3r4&9&q48lIr!Wf?g7~%^*v(;o`|D7XI%$`WYS`pO-a1qQh2F%1!kHKegt=H0GcYX-C_3+x9qZW}F>&UpPaV!eVHvIjayf zv+ZbnCNQs|YBj`0&0RZ^m&H)q-nXSElc%SD?&5*H2;ATEQaI|H>* zmyhe(FDdFWn0nh-ikysN%inCMTH&8BnJzEFpj5 zIWkFWq)qDPPPEJUEt=#jAchf$q)OgIhgl`8&>^8WixAW0# zak#!r>gYNFi5I{~Md`z^DN^0KRK81ZwxcwoghKD&#|M}~4F7m& zcgb;K_Vp9bMa1%s5v0%~b0Vk0b@lqJC??neLu6X1_jmFB3Z2;)bxTWGl+x8=pr2NR z_ozSc)jBObHeRPu<>1KI>YbXl{+LbaotzRsr9GupUFHZfoCBc!mWO5T*w!!Kd)g}D z3-9zrvs+5osi9gNzG2N0t_yCYW*02QPZ&g4aq2?_lE^PgE--wM2kT3Dtl62@T)&kE zF`%zShbFd5vFZL7|zmBf@vG*8bWAXJ94AQCC@PM8)HdVGF4UugX`=j zI?S(%cWLXgo)k3$6{a#qOa2r~^sxFhau9e{VmrKLA(rEK_hk3Q!Rf(C6EN`06D>uF2uyN2HJbcs(0cCNO z>a<|nvy+WK>XjFm+G77d%x2<(QPTjwEs7651EX@VeiUqrWGSf8Py_>WyT?m<89TZe z;cw9lL1BRl#dmx5q-k|kAtlWt%8VQcYdc191`L7tbz^f;TP6IdYG zs0C^ZVwEI>q}_Or$H>MoI=nY`yk;7UKkVRg(`h$oK+FUd!oDd-__J3|_x^V_XMP*8xynMf<0qS%(j5H;+N+?Y~T~MGUM&8+Tv<(!?(Z zIo?L^^|saYw+TLeu_`{U(5V=EIWK;^H6TcP*dUl=uGMWxB}Hlos3HZdyu16p8_O20_VPZ0Vb((Fk;_;H>~lTYBb0hP;Gb&Y7O8?)>mzFO8n~1oIXi{7NE(9C}K9bdp*+~2u>d&*3bYiqKF$2#{ zF^8Te(6uOsjK6S6KvY8Z&leh&(f;0+U|&HLgiO$6Wtq*(86JW(Q?y`>M6G7%55yI8 z>cNzR3eWLU3Y!&25R-Hi3t$PAgn>>o$;pfwVgf9OJzdgZV^I34$~5?8HQ?x+EmN6Z zq1n}FoGq~|bmpfNCCIaVgx8&r3-W;^D+V9_ zFRx)y*+emCY*b$tgQ~{G;uD%pG9ZjAlJw!f$t1djnOC^nF!i&dzLecELnX8HjoAVT zeFLXP2$e;%1x*-Kh9H^blU2eLTNPwugawfcxGl-P5SH5O1i&>Q-IloGGh(ltC8KxZ zy$4ah))q`HQYG9Lm}LtEL;g0<$Ck&CX)cvA2DTk8v^Wd$j4T&>h@+6`>ntUOY(X=t zZu+!Lt|N9=KLAA>9iB5TKs3ve$5<+dWOl+}3DL6#%(xmp?p=P=dc@-fTCxBa7H)QFUm2jgiU9*_b90$? z6*IhLU1Bhqa7IB(`2u0~9)KD_SO;2cGeqU%386Jveqz5Z4Y&@`A@>l-d`v)J!apZY z=TS46t1}!(lJ(lKpQdS&SN>_!9-C#eG{Q6O#u=6Kq}<25E%YELU3HWeugH)Exm80r zVJG8bW?A0GMC|8TIX#@tK&0B~{WZI|?5**dmM|U<)4JcIbGx@4(H{?c{`*|!8ZU91 zYYFekI&YIbTxI+g7mWshsaiSUn2&Yjm`{Sf9IJyxJUh4U*y-rkk!~H#ZV0q=B4k9s zgx=kqj{V(fyvX*^y+Zm}WCjR2gD9tjmj?aUq}<$Vn4K^nmr#LPr|TV`HONlH;JBK+ z?9_MpVp-SIpmPLc)cuNwmCVvQE|$F0)^LB#2dWBo9$L#p#`snr6w8zymiqh=&RsDi z{gsYpYsKwRoU>u9>pt$P-c#? zeP_!zg5Uw%5W9!7 z5W%)2DlH#K*vPdqBk^xNq|e=^x+0sG~;#ek9+r|ga-k_G*1PH?bW z9Zx_qI8EQzMrIkgba{HcK~eTJUC)G%$JJ-E@0IGrVT@SOl#yW>H-mu_hcwH|v+ z_R=NE<`r2$(6U!bY@7~jrNP>=T3X8^ZDSd`Ec{B>MbuttT_0PY3CT2aEGGYsqiRmB z&vQ^sZ**zKzv96yW<-v(EGAvyaurYyZFW=;P#@*{wW zUT3uQ6Oyacxz5q%6YLf(P$sjgvzc7UwAYvL-z#2Qe#GjMDu6SYxuIZ}zVZ}rm25H_ z09qtRSa_nErO7*^Xo>66O(xd~9FbDw$L36Fz$@18_!}8!9Gy&V=Qhci@?tyvFYSLc zy6xt_3tS{|!E-KdEK0GT<~qqLPOOGre_M3=pNY5Qi?`vQ(cADjnf5pEN-$x>sTs1t zLIwQ~Z}X0b2GU&|HW1I+a|pbLDwXr=x1sla@HjUrh}XCs_-g!o7*fwF?7&&y9FrzmmR?`=auM>=-d4KCYpoBvd(#~i;GANYXJtLJaHUX%r2te`S)SL zYbDXT4LQwRpP9JqZ}`l}G}CER9)Q^WK84R#{Bc}DUG?bibn0Hxc+z`Wc+3Vo%H4D^ zStSx$FFnlb%jZS8doXNQdtxh@e*w(b<@YRN*G7U?fVkJcU=Ea3R;qJqt7 zH^=^lPOvRa*o+e(UZi^i;I zz1FPtMx(lssOw3lv1)1$E1NT~%+ea>_lXl>i2SxY>U+%Rr8m8`gcjX$iY`B2IRzCZ z*)8*hMWPZpdOqI)CPP!HksI&SpQO{`imunPg~!sDveW&nLPyv#CRGH90 zg9S79My(+v76snwDMsL|&e{D&mJUVD+K_G`d#!g%)L$-KjeZrW26^qh( zI@Od)RGcb!hDiIPndDUC5G?vi?5rhE1zUg+!yZUu6x+ZIvR?D4(fvB9zN-0pSyJed zt)Ju_qo1FNwpjW0)r}p$sn2JB<1e98sw^gxwCry76UjPI*TvYNs{|cfDB~m;8g-6Z zkbaE_qodB!%Vcsci+jq;82+%RLt$W~+Mm=dBW00E0f?IoAXAQn@}%@x`jZT!l#&Su zO9?9#&!2BuiBu9@cM?D`6mSs4l?;({L|`MZWkjr%mVSgK9+7hiM23BI^QX3AzY`ni zLJ)saLufOkw`UDi6VU4wovPBfE~pKLe3=6x^hPq39VaXw3+A!LH!#}_8@!z7k|;S> zLG7n8L4>(>p~-17pPDDBT|iMrh8?ke+jvI@PGRQGVX>8*ZE+Iwb?r{U6+g|LVM?AL z*Jmn=x;?jK%r2vG#-&IFx!8>LupOPvG5K4LEW@5RC66_Wf{$A9G(&iF^P{Ld%jy#A+hec%MVZ4dIX_2W zE{kin*;wYQZl?>*^cv;JgZFH)1RB&Ts?1H|;Ktlgv~}ROLUh0c0^Uo9WdE|z6HJAh z1^7+Gs2Y{oj6=Y3rr~X_>>LhIXaVxT0>d~nHl<6KRVY_zluRxPnA+vkC}zPD=E>gU&FxJlu7ak{WDjnhsaOUsYC{th?X&@_pc|{RdcCaQN>!Y$=4Vwl&VbnB zQBlrfzWFe>Vb7;uTk5q>m1bj_BUVSRJ{Mv72iX8*}%_fPEj^P>8T zr|*lW@1rEiX)RE{bS?Qu;p9)e?Awnh{tAR_yEfSdcy#8ny z_^(NI3FInf_-4a0LGDD~^?M+>^|pmEa%%~2zV`DcD_1@~T({dEKTBLfVP)o6>Cxyq zx#2hZYM%InqW2Ore4eRaES^*VOF*>0`&m`SV%bPkJ`)fs&?q?(8IF^J=xoe1}ZJ(@_jj5Ne}Q{G-(rll&$^muo@f38&d&RE)lix2TYGw5OG1DEvF~;J_7y@1fsg=+b?pEC#v%zV zA(pJFwtdIgU70CDCr+G*IC1u{EI}Si7SY*-FnFTM)h7Zcep6652Z6g=H2>t^LvNNz z(r^s=giF6YmFw;GLy$7T>ie0{`OjZM{i9eJLjs*`?{oa-fgo6~7X<5iA)fRHs-OqU zhW)=1C1d~U9p0br?J&{-LRt+(zv-QPD#C3Ecd+p?U;-X!%7T5q*CkB`9PmvxBZ&;T z6weN91%2J!&*#d?(qcRKk*9=)1t}AGqtwkp(DrM1EJ5BtfY}X%BoJ`BMn3@AH4%rg z4IX5?aBtMOd89WVuscg6%x&36xdh}%x9rKtrgpV^TAoJFeaG&c3b$*Ffc7IP6NEZr zZr>Kx`_RD}bZ6PlpKAl_<{bC&5ylyQR35}n5mqyxGm2#7M|L&iov{4BLzPLqocxBJ zuzSXysG0QLuOIthRV05*%uQ0Gn%++8-1PQg3$kA z?1Qk#!wCxY-(_rJD)r+d3Wb2i5%%p}?878HRJPDA?o`ruzO&&kR|N0!Fy9?)jOD4j zI*y1qyaZVxjH?S=OecEFecbQ6M6eM_^^X?GR(vLs&H8~>#ZM7xHj4<*28NCl zqNyBa$L!6;zyBLrAE>S6-MQ8LCGv)g|B+k0ctWtOI}tUbqw6L#_XfA*e-q90(6;le z?VV^gZ3!l5s(pI-KcAS!ub;jOZ%)A4j8PjZs0GVVuljjp;kJf!B0>dU;2LYVOUq#$HwLam?$B7A9X`mES&l z_SN+d`;Im6QcuUDwJ*@b8}BCoXeY^5Y5bq?uMuPx6;vx~4TtF%u1$igRDzvk^A+yi z?Q1k(yQ`Ug)KD~HhmR=e&MdH19ChP%=;0IsfH4n#5Q=GFFkf)6#R^7uL?ppD+kvep z)JR`%bPWZ92r%|;vo}!)o;9`@jyN#Fqwlzxjg!mKhp+IPD>xEjDgi9@6)K{B)QGP9 zR|Ou@;pMdMr_=;JxDO;05ler0w-;eb@s~eAOz{~9b{ZlRTmsg3JkNf0#`o@iZrFf| zdc@EHBZQZ7VS@uKoeijoLOH;^%usn|Cw$FwMLfZJ--TvQz%?)6mF5m?VQE%W(09Vl zGMqepTl_ayzlwjb`c`p`U%h$yFJO0gLj20rU7r;EjKpDV-19Np{y-w>Ds^H;_LGy6NS6nu1jybqhvY>dNRb&=>DNJ6Oc&KK*oKswQV3f-fW z2kSeB2gb@Pt~o~mbjN}Q#xsXOM*{443d6)vC>LZrP$I`H9k2vgWfIx~VX!ndlVan& zC}>XXCgA+k#b)0RoggMS8my?)y$Sfg9g1juO*+${9|NBhCa#K4MDBVDyhj?kDOrKK z7F;Jv&#J_!p5fI8NYcYWE$*WUoVMsocr;n39ISJ!3J|J+k2BN^u-^0mib@AO<{Q~6mI|MVHX_TJ5GT7 z^n%0oZ5Bvuf}UBoh&v6vQDcZ)9_sy-yoGKYfmn|F_Veu{;Vzy7CdkKM!&cyDMBE$4 z4wlUykjLST@1I^JbTvEFID+I|BvB+Si5{imbt@xT1hE0W8E6!(E3MrYnQy z65?=xfx{4cD+~{oJKo?}ZZJ;h$k?Gvb`$RoRtn~%GsQw2vQEKNrmDpiU07z}MX~x` zURcZ+A01%rDAEDlb-c5_lpU1N2Ib}c@=~ieqtRA)*qzugV+m!5=mYxU@x{f;=5kUf$G`Kmi2Rh zmt;=>E8*Sw6R6)(=+TNfY2d@v|#UhRZk zE7-{8p@+Gkwy&EgKHB8_HGD>h@7dwsMY{q>_=H*_pgUZhBvW1EahpIOc(-8T(A#%+ z)?5+D$~)WI@W5MNAala0IFFw<-&Lry!Vg3356@d1Y#owdBz_`J@zw!#vm~}Gg;d0T z#0eJS!E*t%d|i%v4*qgSH~tjdqJKeI^*8wsgJmJ>y*|t`e2o3LGw2*9gR&HX2qH_C z@(e_c>jn;GKAdI+VX9xeM}o~<@P2jxqkh~7pnkE;2YSTo_X|uygQ*fu;A6(W3>a?-4?so?kxw|()mrEoj3ebjT(V^l(XWZ$U>zt=7aoRT>v*15ZJEn22fjKR=2voW@!z1b z`8!fJ$;g1O(ZYKnE5X*Dxndl=K=yS54tA&@HEcv2tN`%8puVkx8u2ZEsPr7NRL_dE z7}gv7w*}UlsB8oki)rq@f|gZFnAap1RHBj9rgAvAV1%K~XU51l6Gsw zFz#PH1lwP;-8Rl^#`QuT#9LVdhLKfi(_UR1!2 zQ5S$?pCLB}D|x+FO=Y7>7DkqZRGWh(_X%LPL#DRR2((~{PB`|4VwVPWa}*AzrI(d=ju=(34? zavx$}eCdNH*&154D&y2hB?)B^}l|AA^XF=)T_~IKI2Y)o z_Gzia9JiLf*{gPxvxsGbh~O3uz=`R=f*+h#5-MuEfj2x@kUhm$SOVu%>NzZa}vVX$zY*eQget%7iGlEqSvP?_Jg zr5uqd^~5g25g7>J`;|%EjM{Vk>gF{KXlQ^oM7NL$FII6lXuzss^7+NAwT{(v)VAiow5om9=)h;p>tZR1NJvbIoTsUkw(sm_%~3$?+o*yleX^`hKm>mIe0}&keBc2bOl%I3 zEv#MmDTqaIBR;-fiEH+&XTAOwA|3hV8r$aNhZZu{M`aL8*s!D{w>srn2R?8C3OI|I@njm(dQPo&^xUm{<3 z()_nT$05O(1pKbEaD@x26Z=OS=$ZiDHxR@N?+ze{`<<2d zfsnTlxQVGlE=@P78x(8UU*87j^i3k1)5Tp7@IzP|_g=X}MED6I2)=Ka3#*}ZwLGH&$k+jcc|BJH~F?z`2bsSfBunICizz5`$EONCdde6jr%d} z@D)g)XOd7+^gMr5sIb9acb69oavOSk{8m})k2##YNdN0-ay}tPlaF5iI+)y#K6Eho zDEhBs$^W@=ECpBNzYZnBqaSoAL3_oY9yylmU$4L2R*?gtZdUx?6Cn=_x=&b{d+cLQ z0VNdj;P$2C`~!GFH%wka)%Nha@OI&=CFahJCOctc5L~McaKjHBW9DRaIsRi3j_>{u zUs!4wm(1Ct>{llz0GhL>rpf&94 z8@V8;Yo#Ff6XJQ{`!f_dIECK@H!oh#<7D5NLg)x{^{>=UMoCfZNtBRB)bee-^tGKN z>aqqy@x5hcBd@>v4d0>K)|G?sjvx>`2>x=Vi|bt^FCZp?#D@SVe+nWo`w17NLD^0C z`U`(VyDMPw+F#I2i%usiY4S!EW#~IjA(Eayl1vrEm0<-)tEztV#Q^>ixly?!n1Sya z#O*wMhXA)KsDuyW%Pq75>)<9VH_k9;A7+R?Q>=xE->rHt?%KiEin1Os*X+_eMSQIv zp;carjqbI!3vyybikeZ~%`3A*+o`T36})j!sv z2@gvr82JGESR*~#OTWOO5$p*&xD-?z%V9C0iSM522(XR6^JYft!qcI@gWJpN+41}_ z`|+P*RDZuI`U-?~l+1u-tlwTm*I!-?HttLBJ?(-)Q7DC7T2FyE^guN`+!EKjhw)jk z9*nIyzW4;tg z^860vH1})1z!LjcFTnzw^rJNM0J=jqPuoA3a^3+yN<1&o0#e9FiRJ-xhiLrG^XJDB z%{$=diH1hwZs|Ld-xLG(_ti=G`rhO7c4w#QYY}0$6P}s;E35S#|DM4Wi6?Wg9Tj#+ z2b=P@c=uODGk=4O6$&!McC~gC~TjsiTUjn{3L<~&%NOA zvPC_TyFopLC`m8~-`10mxDsdq4*9?{BlIYP7iW>A%>V?qa7gIWqxy%RoUl9Z5k3p_ z^j*;*h^;%QYa;j1?XGWiZ$)UK8ZjS|S`i`sDWnMdRi89Lnvsu76#;1Xq>KAg_k*R3 z;P}4>?-k$b(A7?NJDcqbzb`jx! zzgJ1vA6WQR)sO6YW1g>hmY+N=NUV);1c9gD;1{xLHO)3UIM3Z*zYy!1L+=9l=C0!NbtUw16e(pkYexD8AI-k6Zf;gZs_7&=_ z@>+XH<6T~+8l5JTL_K^3uzs&DnGGjiSt5+Y^6#<)LJ{`0Cp)@&D`b#4ml#% z52Y>i2x|b}Jxmw0o4e{>|MCmG`~y1QzWDDJ^}r#|$`unZ8ayd>rWN+)`2^`dUAyHB zIOgUKo!6gUfBzi$+vgBUKD2Cz1N|SmLIOwrw`@H`EE}RT&Hoc98}g@DiSQm?CYfP1ngtb*a(1?^A%z5ls=oomTsTbxgOtBs9bueq zhDHqb|MKif|&csGD!Y{C2B$MF5i;QNt%-xki7!!dOWE{c<|92gxdyd1{0PzOWo17v1&Qjt;lbU;#xGRzEC-?6n zz`r=xYT2@ZS13UBJm6>;RRLQ9)t>O*QebH)sQP%b+p@~`d%4bwRd+og#gRG)q5n%= z(e|eR1h4#Oci+&>F1};nrb*A+L9;vhf#5@O48FAk>xXyVT6<&h<}3%OJ1X+t%26as zb5?IgccJf9xGA8)*tWqV0J}A}-Uy=k>q|wE7cU>VVwUW1T(<^j%Y(i~KdQUuWdG}mk#^k1b6SL6 zQiOZ;eAnz+LTu#C)5w1M0vJD3F*{wV_Xd7{voOC_#~18+l`rRe4*0cdsI&vT|_MCVYQ!%g9%+lZRz}A`kmZ2syqu)chQfu>FfL zD8ub;dCoo}gAn2(9+ZE)X0ZEqhCcxHkaI8?xv?Y1XIym6uA=44!2~{gkR-6J zxN{@|=B9_H93i&$hp^sc4YwzP3~(2)vjy}J0`gbY2$GJ7`%~s*_<6vjjD~Q*6N9bE zzWEBNU+ez7S=-XO((IvE0KvtOItiin(K`laG!$g;1B*BiseB1teD2TfZQ=#`jldk0 z#m$3q-ivg9hQsz%h*2DVZkJH`W3eZtjF55me!|u+{9NxGwHB$% zyiZ)WPtGK^H+zBKx8|c!d}QtY)3A-ZZV34KE)Jw#Py$0l^1364E(jD-^W?~GWWImb zVf8hqe6sCK0-~NJ2L_HKIK05K@S)v#DiLT8oxt&M#Ypwf0$U z2+3(=9B*4mJT0topo@XR(0FXq_%}+Jt-*r!=4I9`D2;B78@?m>_}fee@ZbBvjss<9 z?gh0WnMZxM3KXUJ2G#N-{r}J|p8_=i7-6~M*)eqYQw>A;hLJqdeP~4&3z2I*7cYW- zguekzJl5}rD27L-=(EANH)4BxI*c&;CjXv$H$ywL6|aPjog;Ymhz%$R9cEj3K})ke zXs?N9#;PWj3^S?Vp}~PkR*7VSU(of2yBlh^?n!HSsjOsO!fb>8$*T3G;i*7nMVy-b zzeKzfg=%q;=FVdaf3Q?fa5wvpVN|(31{k_BKSvI@TN_d9GV`6gIzRmQmX;HZ>U&J` zDg-Nb-Q%7_Fr+s_8+)pTC@Q*^9Y)3~n!lc4sKyJ`dv9+_KuFiW2c$o#uZjK*9IW`(1+M@f1~opMY5RQ)GY_i{V<8_J_!HpknJ=8XvI! zU|0`ZtFC65u#*L7MK^35@XZ6^&F?es7Ga1zgiN}BZ@zx=jSSyt`K^=f`qjloLXOfP zGhu`cvM?(ezGD{lGvDcJWT(aHV>eff9kNOo+RgWZY$FIH&?anY$MzfO0tt}(0sJ3b z>qLh6kHx9}VYt-2MH|@0|ASZ*>COL{EGkrtCQ3Zl)v2L?5r;={Mc;BEjh~wZ7YzR9 z9enl3t#D+nNABzEi}$(l^4s&gFbwq0-S{44*X-W_iFX}>^@ObX7<2uXpou>JZwi{> z6!LNOM;6Q9k+B0F5Xzk4mp6y{hco!lEiOW*H(C%=SP>KG&_9H8-;P?kQ5AIorbs1} zM13ceR{EP?7oWLeFK-6Bx~&~v55DIsc-cHD`17+JWM|57!8fs zfDSJFv03+3!%0^=%Xsv~onGOoyz&aB7xDu5g3p@aT=@3xdfB=R&fBu5*Wq=JoOTd) zilCXF{0$sXub&*8-h*#_e#78N#<*7np!t@#K0u2T+O&T8rMEi+$;OaA!O_^sT}m+e z+77u?+)IGuwX_<#y9?VdqQ2hj;WQw5$^H(m0eD;d^|E+DMCZ&DvI}@2q-gs)jL0W> zCkYS)XsksFg~DgRSfDWs)*O~*7A;@riV7MrkevZ~!R1dj6hkP1irg><8=ZO-JbsJ)Objs=Ge^f}{r ztN(T_`FF5p^c9%y-{GFNqnp1(i1hg4V*^NcaChSiS-#`jr1qUca6Uhd?`6lsOTP$8SQ5M#K2@o%8j2uJ)ijfNtSj z>v(5qs9(3w6*}iEmbpa6W_aT(3Q)5mv%#*@;a#3!g8^_6(u9)_JE3Lc)<-0$J zHpZe2;T8Oa`$f;Og<{xT4?GP$M6r}TQ?jmg4pKJkT{IKug~0qc6X zra_{lLp-Og`3&y!@V4-4L+2zFx@f42c#DMTAl>6chsqaaPCgU6ce5YgnS_)MPw( ziNaGBZ&xglm0vGH*vEwgjUs?d61uq@-jZ!vWB3J{JA?Rq{)kzdlxckhj;i{g1W)iA z*uo~9*0-twZz(DQ-E9HIjn9v*Gs{!`2QM^#(aFHVzrW_t^atL1|M?Xq69_+}b?~w< z&5iL(EQTMxuLTWEFS>{g<;uc))2;7}STdf-yu}mX|FId+pqXd!pv$u0H6vhA{aWf((a=h=GF8q?q4HctzZ4u zc%#H%=S#PSeQ&U~`t9p0cw~kX!83N>a1kx+>3w4CPBCGBBnpukJQT(95O4VGw-%-s_vSkxJOYRPg;(Yvb2qnI7`{y2d0`3X2;SX8>dDv4F;S6WDcVD@U^9!^ zeN@@Jk{K0!L97dIA)gRwrBvC~V>Y^>K(-AR8ekhbx=qPmd`M??T9*`6GAifkPMHCf zb_R25@abq@_-C;rxG+S3hk>m@Kx9Q)@ZQ?cGwC3y`eyB3<@)?)H<0leNR*A};1%$V zzw)hXA&4kZ&1DS+@GUs1F3cjIbQHwy@9TYI%z*j|WNchH2f`Qi-44~<4Wj&<){U$P zk1ad-J1)DsupU@;-+PTkzMtO0BH(s+CYSuo+Gkkn#fEE zV8KBcf%R(vL{4N|zHBvu(pJJW2O0eytO6?y$8-KOS|w|J&KO7_V=`Z z{MdTLVd1kl7XPCW=YP*g=pPf@{B+L?!C0917J#c}@4Wg*`J!9X6ExC)03IQp*=uL~ zPCz{t-H*Vu9En{?+yj?F=wv^Dr z88PKJJQdl}qkH-r20C*q(a{{Yb^+%e=kpup7K#Q z>F9sgD*Ws#h=Kog!eFi>@h{*$3iJ;|l)B2CeaBi>->~lgp29hKcZ5|ZatleAy4ZK= z3-|rmaFr7>o|l*Q4}eBmyYYwD^a+dId@nA=`wKU`N>(8v1FYk(@jbLCc%iMnFk zsIpG3pX2NtRQ-WmDdS`4Tet5L>TLvEr39dWLv-&a(10V1R0Q>QQR43sMe#kh{2y|s z(ZBNBzjJ>3-!r-WpChyV2c@;&!|`SodblhZWJUiNN$yYETE2}$-Od!+eSwkt>K;A4|&CVk`Jy)Lre(u+32n7^b~ zSQ47WJZPAf@_Lm^)H_Wnx+7s^H-o0OkzIV-(z45kx zOZ#&az3-CO^KCCd0LG2RAut`=Y$zZr+W-3gPZ3LG^5r_iIG3O|?h9P53cQ2c(0(@U ziivJ$Q%TYyA_6&s;UodTNV0P7@HU_};P|Hm6yzB>K<~}dJ0wJjA#IQuv9)6__C9?u z={aaNMmDe;X60KYhT*GZEWv098##PP1UKc)B<7F!C7qY+_dJc^OoLoR`vx8l6}Y*A z#~<&~hdH;n{)ImGh~NvLA-OX>3A6LT8)zQA0{CN9$q{C_=H!QNXt_}k+cz}Ar8B=0 z228{ukR501lnqP@Ak%=Efq+@f+*!A%eq=Z{ZeeHBjO6$Hm6%! z+jAs$9DVL!8szH>WFZImB_O3K?2r?V4`pNDJQoNGe$j&?@i4q|WvMe-<66=F0V(DY z@%w7%C7dkq1NyXsJvdE)4V8=Z28+_etCsLrw**VOj0GlzHGrEhI2c7-X6T!*a2l9V zRUIe-qi@bPn>MX%3?2o(M;vDr8+J9%3|ezf4`OuRr^4 z5wK**EW!DM8_e^1_}hMqRrn1nfAj?ZYqo-)z-+lbH>G(4R(*jpHhU&m7)J@inL~{D z8ZYdIZ3$4WQwAP5TjzT3v%K{4HIS7b$QbR@_go!cI26#(yIuD}TOmVTp&?b1f(jxQB&+CVu-t_#cQU}xSO5NR z)++zcpYYH3?zquxb-6D7lNUAyvdO6t17YIE!S*{wIyA-nY(%DeMKxjY<4%WG3urb( zsa@|8YO?_pGH^1XvC;9Bb-wlhoK^i}54JLZr`Sc^9Cs;Iv}}RzMYhXyxK@vAHt>@s zHrWu+6j0|gm;>p8Z(!@=REn%Y16+0J#%RD8aCtXy^;0#FlM5v z?`HsKbD{5Hmi##~7ZerX1cul_QKCkq2Tm3U@VdxAj~g8TovM=aE(*3btZ@(#?xA29 z556`ohHYabuPc-oh*ppFJ)9JGqj%V&iOWlYF<@L!0wjz--@{Fa{a>ac0##xc=*BxZ z1DvyP5x`?flTN0)p_R$0T7^KZ0t`-(ws&?!@vSb-=Uo` z^75Z(#~Jp6|9XMvDZC>J2L+>-UjB3De&lW&)Fxj3bLW2s8v@OAC&&^dB8pipjle_L z)H}DYXelB9o2Eul#XeZ*bzNWWHzmB9BClu>y}@{pl4AO4fL_9FFx`IoFZ%#%`C1t%T2m9Y*w(w|k_@T{v0PBEx-a8YV9WbfH=96n-g;TQ6;B~xztjk&v zFZPdX3Of7E%S#^_kbT9mJ)%r-M0m^;Q+M$``|tv@ju_y618*s?_Ap??D%#YR2mp_> z>*@t(7!mawOu^DxJ~Ezc*m&G0NAO4oBsO4{x^Ms}z~oklzwZEdPGxw=kjHeBjRkZu zcLfk2=0i!qTGFU9!4?lJ)fQoG)fNUT2=gg?^RG`@_}X>k{v*&NYnpy^Gw)v`KeGVf zS=XeWzeIkf`&_-pHU2j>TPqqky^!J5fZt%NFZ>M*YypK65y=N|#!v(2m+rXRWBKbl z5d_Qy#Ciwg=U}C|&@wFD=z;jet|un{)*BqF0o88@XViI%M3ZY|Ae?IoiD*z|G>U*o zNN>b$QOj#|FKHk&M%QMCh8?8~39IjviyaHu@pS(i8L2K7LoEEEV#DJiKph=lAp8WX zjIu^{5lxhy?aisC{KGq}2nTC)ly&3cckU8Sv)$kKhTXDGfFWk|ly-&#M9xnv*w{?K zD%cKLzW<1Wr-n<+#pUKb#{&jp?yS%XcMPWY=mX<&dVx&Kt(>&B5;tXa-=JzC1$I z_iKe1n+wnY=^12a??oFTG~6hnWaToU`f@*0#h=6HL64yDV`=sU6{^uBd^)4pAO8ed z^u{e<88=LBr}Ov6s0}|IX)f)ql*R>nzZubWhI>xFD}#9t5+LD;xJ$zeXoSi%bW zAR{}J+7+z0xpZwer#763`&Y!Qu|DscKugKDi4;OoJJ^b#>sh0)(h+_(tm{-n>pGR6 zuLlhmhOPHL6Rg!>J_HAe1W=0$qT*Eet@kURaERixZ>ZLtG!t zK>;aIxY`sXgk3AqRg%fsO+H+Llj2#j)>v*4{q}@;9IN)Pu60U4=i}?u)y>_dTXvP` z!fIQWr!8uNO$LqT77w(uU{I^>dWyzQ;U;(u`yN{4@|s9IIVU7g_m64cB^s`o*9aZH z`xz>x1oT=*Uh4Nod}GXih0$nh!F=l>MG@!AV&&qm|10v}u5Mm`cU=n6*=uMZU_Oy@ zZP|KUR+U7hZpe&K=wk|pxN6VM7$&E}QAk^#NDSgnVX?{Kq@0vFz|wgDv)4#jRv zf?_r6oi}iAJqFD64#}MY8BLf1>BJa(vPbXsnfdqqvx*K*!6u^a^UR5XJFL86g!*&| z6=I^Q;bbVb0Ifu2BdG6h3z`pl(f@Z+tKA!?2CR9E26V~m5f+f2pAg0c6iAHF@dV}={t$yF(Kh9D@7L*siYxyUPAE7Mp@d??6{h+ja91+imPHBhc*V-mv`P?rn{o3`L^g9}0WTDkTweTMbArQO zal=Bq%mt+*39|r@5I|_$j;aFnqexLO1$5G2Spq_X^A@3@bunUD7hxWkJ>G?2M5Yqd z{kU0(5)&kmm4@Jb{Km}yg@v>rW#(_mL?QK-jwcImg+w9o78j?5#B83CQi*i1lfMNY z;kv9h=!C7%-;YwPDjkry5lyZ#-NSfJKi$4Fv2w|5I-AJ7WfJk}TRN4Vz6tqc{;iNp zC1zqWla_?s_aRmZtmv1|kvHfrzHK%}auKR^@jsldzCWcvOa_4(KSi1v*jw893o=04 z#cM4kMnom`{Tt9AjQ2SU?Bj9*Iibf#Sck`3%f;(t4O<_f7aj&r0z5EysCv(9Rjrl) zQ2CW$=Y02HB8y)}z5N<_A%H>V8_R5E#H{36Y}0|L7%`#}NF1Yo$$0k1^*IbCgZNlz zS+XG5GtNHMR;F51WWmZSN2fgzR02R|ed?nW?P5XpBhr@Cg~dH3JDpRnG|$WQd{^PZQ-d7J+;1@DLD`NI$47!7$G;F|D*Z?GfM z0!=DfzK^fP`@HfNcl_n530-Yds4c$qhOodwrrDOFk*CLXUU|8tBey%985>DN3B8!R zhMnP>boB8fC;!vOrotIhn~EVIw!63kyTN<(GSY<%KzOF{HrI2~fgC5ZA9> zN#u_+GH`Ike^?kmZ-)nAJiAi@9z3tHPSCvCKM-t@o8_v50ul6Qd(-^<9%*4On3dfh z0qq?Jn}M!YRV7pM*I+dQS11!EF*s#^hXJAjc+f-y8N7E8{Qs+|(6(_~PgFb%G`hcyjCC8QE_}XVWA|dkd5sgKPJMxAqqJU258?-HKU#w_b zo3Ms$%M~qqsS~<{#}km%o^aQff^p!_2TMF@K6cIU2j>f`BtLetESm42mKzhVmg;}{ zX~PjUAD=VVk1NmlC*64#Uf$5apn~_WE%D%%_}=vV*0uU9F@w6n_n@e)wIY&QM6`rm z%U5SwzhI3S9I^{QV<3-yKY|A1&3+VBJp%62$d~|F72Fqt!6qt5^lPD$m9*fzdr-OR#aeFEjhzd_Ww7KkTaNkDXXIQo$%I zmj}%4Zm;=nYy0x?)==AzS$%6Zs)2w%`Do9o;=6RHC^3aQNbiKeB~KRsEZtTF!v2|C!6rl z+OA`du3%uhvMWm4e~;c5*a*6_;ZF;tYdtt;eg$u#n{rZ&}EviHDY>({_k+TUT5x;d=B`nkLmEPW);l4mN z5C5EkrLQ4-i|6|*KAya)TgxIWsoUD6*VLkKx`4x2RF=#E`7X>TF@n|;r2zl&s^~R$n}Moy?FM! z&9Dseji9KzM=vaXi1@FEdn@b@ojl^o{U@0_>f*i*lrWNy&Z+(Dhv)V?Z15*`b~t|{ z0=~=Q!uoi4t$dWxktMbeN`#AdWLks(ze|nqeu(tA)6EAc5|B`D5QHerhSMVm`XO=< zdkLjRcqbnq21y#fL60!uJ)9)O4j!UPSYM%px!IL(Z$=ya%6}+_wWA(3H}Ls z{+rzv00s2Y^=D*^e;EP+Q$HFn4n?iHSr(H+n)iFF%g(GY5cp0}GFE_vz635&`ctR^ z6*xNVTSL8VZPpsb#Y39EI8V~=x%Xr+Hqu#nUtz6IE4HGgE1HS#gV=#H(hj(6?Q~NY zbrlt_!Ogv2zyLpZrm99F8F`y}&%S$aq&`~{eWh2BdpOkUNZY++m~WmYcya?^0^2SC z#ofXM#HZ&+x?DN(Q-p>(PXrnY1QVKYrm)Zu{F>)DZ9|Q#HGRS@4q}69i;NDQsXd0N zW>|)5v!~*PYS6MOFIF-=Y4a>4vn8rXXJ{D~fd;^3mZipA3Or}^vT+o8R2+WidM@$I zn4yj=MN#c`C4bC~OKP2Av#DyMUWPDgquiz6=4guY{a2(;JQXi9L#EuNN-A}11DyI4 z%`n2WI_Ykvm#9gpO$ehR1GQgYPQran_v-JLWW*S@E6p zu|lEeHTE=U2*bu1!kDHShl$pf+sVRNEEmq>QD-wvrcbpZwZ{GOy-GZ>8KxgvMud+f2Y5F7lGJvMvPneWLLF!JLNJ>%fBlk;pz z$N9E#gfN&k!mZ36tAqZ9?eR2QrV@RYq50Y%S-J>ibw5dU4$~#u=BYILjy~~~{(7*Q z4hwq-V^Re3PapAn3x3cWs!MTQxJ;9iIL9^)qDCLYbtx_kA)Oq06d#}mm`_&m&k&sR=F}c~e&}C8=t+~i- z`{(3ATMy4NlbaS+%lIr+-IdLynAv6^jQDUqNDb>Fs$E%0oleuJmgvcRR4VJ;Lq}bf zN_}eCk6mVqRw3DnCaOxO(@|D~bIjOs3%)ppFrqngFuSO1a(>im%|oHyUC7|5W~GD7 zt8qF}+UD5gSfVGjQnscp)?=l>u!&SAE^58L-cLgq<4wD(P4xJf(gaECu*LekRIc@A zl+1(uTVBd?nF0Hao-e66T(^~OpDh=uq0JxAyZ|22qhy+vW%#T_x5XlLp=PLkJI$8l zc3+)r>O)QxNBRk;17_+i^m}ZoAd4tctb*K~&m`-DI8MfO~~w3CfX zKhrGQW8%@6APkxAaMN{9?Ng(kywyjIi>R2xq<+@=jM}67sC_5T_Ih-kXV-EkOP3a_ zhCZuwj!h+hKzO8PsruTDZ)Q17#t&lI+)PvSrJih@r%VCv4Y=of!f@7Z$JsN$?KHY@ zh#p|Sn|x6O|H*p*$KcCsnPH4F*c&DK$kKGFf9zlAj*I3;N}rU3N+&KBb%aM9;4wRA zOt=TF{kI<{3uZk<@4#L?is!--&@K*s5^;erAU-}^;yi_T!HflX!~j1B%=TDpyU!rD zPPeI|EL;1wHW)|GHL*GvoaTjL^3Yh-GyD0nx!H<`L9^MM4bIDRVzxG#>1KYl7%sLu zNt_KPn|MK(H75{8ekJl|JKm4#wNpBuuF8poD5jZJymW5T+9o>YO4H_P%xo{hmKTK% zC7;uIEn!YCF}5^TN)X1Sy5^O#rpm(-(>0ro)}h^`i^+40U8c5lM=PHT?4+Aui)yD4 z%d44=k*bW6>SQr14EOt02l27~Dxc~X3cXhKtS6FUKh956TB1@t#Hy3cv3uT5Q_Z-Z zt^np&?XHfE#5$dvcL&_S91R9t0qwboGT0na$+BLI&CXOeCZ9Lzypt_)sgA}p_4P$P zi`}h$iC<`@RZHmMdn%}aD&E~*9d zn5`bP!IqlT%Ddqq#u#Hkl7*JkD($F2_e4P$=l-!->aD1)*~IOAQ&-wp0Y;i;7LDaluk8xxeCdHv2(wvoyv~#wbgqyr zUyhBVkWD4%79-Quwb7-}X@&00qNnuvu-tATjEqpqjhKu!V&vtN zS>?FVaoyZ38v91Ep>($S6uVq%Vs3rfRm*@UR-`4v(8HQc9f6!9b2T)#?QA8k}%mzF)(c&&GvH^GhlLm|uol zUgr`XNoO3qWT4I|gU?<}>A6|>@k66@R4c)Hy(EE|vS549u^d*|(iu@$0y zeFab*&DJdh3l`ihxO;Hd;Bs)6gB{!*f&_PWcX#*TdVqs_f(3U7n#cF*-MaUedfheC zHB+b=oTDmPy4$F=WUI2{Mo%4w0* zG`WUc#U^bW+pc@okG`{-HW)v~KH&j2qLrTcYBdkD!iwwH&c5_?GRh1Vv?oknTXD{n z^4B@rXhwk6cMJW-xwJVG2=mgv6e74P?cJ1S^w~=GaK?DJ3v}q56B;X07iWHsi}T_n zwe+5|kS~m@7$|Sl>@rYfRBGbLN-UH~WhnhLN7qNhQtsuzw&Z5#q6E=jimn1QW^k-$ zIJ5Ju<(1reW}ccWPXgq$o>W_X%bAZ6QIA-w3Qf*aW3E69(!fb?Fz+=SP*y&S4y6}dY`3q9S3cF$DaO$G{e!p520cUy| z0kxNjBnex#Q&Sx+YsC$yMKMZWb4}sCOp3ZgZ(-#QCCBBc1VB>kt-l?9A7gLoI9`{Z zOi?jHK4-@~4Cr3GPzFdVl+Ht%#EurdIFwPN^?ftxP>;jE=`Tf@y0)Au#qA2Mk9!o8 zem3CBs$FQYrX)PEZ3eJ_BZ7bQwkIpa*vHMa9&HF}t${s6mx9@%uhsdKsB|MsLp$EY zPTZl%gcwg084AV~3%HkXT_hqJBfe9`9*3yM=;S&NsyB@6$Czi!ksGGhG2y=2-$_=y zfR;4Y55@I!!1r^JOlTQEhc9OEC+4NYWj;Xz<3$TJ5GM7I-9Vf@klTAohj~Zs!HKVKU`#!F^0DH>#wU0@a zSg#nuRXL>A#9gDpq}<}8PI6MJ5;_G_5@1<=^+#Kfg0BH#?*L!%E-)0zEIvvr7KUS^ zV+%syFJ9Erd(kZ4<7eJA9#!VqrelW<8c2Q5Ks(%|+Ce*eH!SD2$4lq3%CV7>XSmNR zA1d%+t0@zes1;=~hXz^dv)Wvf>UzTAA45>AS*I!RlPeb!IAvbgD^}n>$`wKjW^WZl zFz0J_7~Jcq{hI279mfk!VO~?M7Q~3VE=GL=Zn|`rv7j&;m8ZuLWu~=`spMP@$83}6 zxNyM%c>X*yp~+8SotSF3de# z{h$!$TP{_w*pNlb+H~vV&IVUzn6}6$!$11rYK;kbQOzGUJK5cs%w^S>*g4G*&m{d@Lso~c0WSiL7DK*)EOy5AF)_c zRF?+y(J%5~8Jg=ANu@?z^>lo0w$yJ@-HG99A#{lA+}g72BI@+ZJqVqw?l(i=FB**} zv9OEnlJK8FS$uUYLgCbB^xrd0i*=4S9hP{WB_b)EaLmKF*0tBn-j7=y?5v7jvh7~A zCW~hpc3i7ZJOuAsym}s&Lak4aboFSQQC*}%xI4fKCrNvtvAgGBrzUM74dtwKb_bg| z=`|~cFO3G(CyNmr`ln?&^jy0{*qgXZ>RQWs{CL3K2(BbcmYzqe28I3MBaq7Pk4(vk_JETvAU)j5IXNI_Mw^SZ>1ryW8ox_z^PX%Z_i7{i zFL$O9kDRbU<>-#C?fq&9BHf%FjwR0UtR!P&c$^bAf*(S(WvZgC~Qb1=}_1lDv zpD6%tJWCsC*3|Xu!$lb;*5pb)@n>^3kozhII^{AX!+OEYy&)=Q>1G%EH{YN^OWjq^ zFDppz?Sz8Yg2)8&9jqrO>ir+6weH!C(3Kw27BBK%Qqu?Tg@cfLyYS6P%Nx@b z%T#9-wOvS~7@pakge=N3*Y4SoH=rG{g8t+yr1$Y%b7e(_+?Rdj<5lEkK)y3ZI?i&s@w^S{F8w)9e zkw3P#?E*`W$eC&4cHHq@L=kh3yXbEc9VXSIY$bz8N2s-YtRKAgsaQ*i@&!;h&jL36)1mmy$G=-*U96m8u->km6NC~5 za6X-8gEUf2buNWBLtQon#JfO*=YDlLwVWnqx$xIeCfh1Z%N%$;;uH<~IZB9jX4ez# zJjC{2Bj!U%lM7`I4y{*)^i8sL#qG;#$aT{~3 zVR?e>s1ppo%9890c^K0a5(<3s!Bkd7K^>mBaZa)w#NQh3hzLHyknXT>n7pPm;o;E((1NvEF> zs2P%wd4W1%X)aE}a?&kZb|@1H8fMiM%2SSs(&x+lkj=~8&Gun5I#Sw~3s6-d-Xy{& z=PDbHdTq_org^mAAxxhs#K$!SUK=A_pg(WvNIfy6sW#NDqAU==U5|1}AT!$=mL0E* zdf{8dr}B=G^V0A8=%kZPh z!P?ORUCL_KxMyA0Z~5I{Gh@kF!HVWdkcahq{8eS2EI;)U*iw$|gK2|i!!_r_eG50< zoYIO&&xuc|rPvP546BXr5)QtdZiKNme6n~P3n1&;C-f2b6=6mR7p*1m*-d$huuF?q zorrygbRF#Xm*&PgZubh8vhD@Qt7H?$5iNNCPQ}!nQ?+^`98U?ns?nHGfSYqwpt&kr zvqVvZ#<=S#KJzfN2#Pl>#?ja&g*DMPEM^#9s&`XZzFo@@I$XnX?LDP!8A{buIC`ZPcy*eQ;zvIYGvO-a)f!9oh;aiST#q}q^WxuFOtxuui_b+ zO|K4AMM|7&7R>zfIpyUNn_QdaJ))d`mP;P4O13l;g*UuW2f@BKqu`@Cb)!J)n@hL z1XOb_rP&%UonCy#g4Ughs0@FG=0LNBQY)e9IaJ3HfY7-%h*D2HsdUt~Vruxt!pKw^ zxQBHCIPz=7$oe?qtBrw&oI6AL4DVqZ=cSu3w^*)8I8-s$$)5xi;_4-}-iOVjlRwU2 z-Jk33zfS>LPNj{Eip88CQn3bMX&-_Txa(1e8|VXswi6x!PrQXA#ECxZuSm*^ z6R+nzT`Y!(j6TS%vKOIr$6V8q24Qk4svI7A3lx>bJL z^1A37Oly{+n>S+FixOd_9;<6{*|igB;q2>|B2+99mRI{Sy3i|nIC<+Iy1Aa?Rbg#a z7kiou=SPK%$Pw{aJ2wlGY2jxFHr#%m*`$PPKP zut^$v@ibfjav_bk%a_dY--68ZY*Oa$Cg>q2$xj^1vkA1P^8UrR)Ny2;I&zzg?{>XYiOi zRE18im}kWqxVSq&#lzjsO!+;1SgC6&d%F-}pEVqN&))(FWfXY5_;20^)Eb32`L zg}|VknuQosdoTXsBFJlrZiS-m7^`OP-LY>)sfVQoD1Pe}XkopSIrB6wS&|jgR7TY% z8>GmQHf>+9*p2d?H0Ata_*E{4g|>>j_1n}w)h%a)Xj(pk%{q8tw*W~YPA+55u#nrr zZFA(j6acPzHtD$R1s|pQe&5d@H5X0n8~+vJ;ivTTjRxuDSm^~h9@^)cU@Q=k3d@l0 zc@<7bZ{91h5AiIGcGu|TjfP5KF3L} zfZbIa?);-!j#zi?s>Jn^h1=W|QkyZrW?vs&YyQiYLi9;bdNR(@Zg&?+ZYHObjt$Cz zthG8@=X0TRdTn6|m0JY0(wMuGoRZpcz7yej)m&|7)Oi$^-5eQf)SXH2G#;Q^tYvaK zM3BtB)44lq?RQ3_Blh#-%V!;Y<#>g(U-G9N0L*70?h-X`@5-{NA$IQC${1glF^f7$&|S~eQr~)MPAm?kD+5F%7>;#A~Mr|er+(8KDr^xV7!|D zOe{edymF;GTw*MU$LjQv)hTg*F`*s(s%x23b#?GD2Q`YC`F;k^yt|6$9#B*8rE8Ex zqw>rp1JcTwrIaW|uUq5B5amg}#N0Zh9%NWY6A`tN!9(a|#;R@s`B5s5cMvuysTXrl zIzp0IF{EF6QL4wBGlfIzE5`ny*SR*nbVJRsejL6kTa<8o&p6C7ZxqR1nX^63ux|mF z)Layd?JEBhN$>773-U)=H(p|ePDj$G1y<6z<8 zM_Q*R4j?q3$G6ZEL`54{tym*)JBA#)`utW4K25&xU?_Sr;nV7(trgMTukZy~e9p6^ zWc{!x9V^S#WJdZlPmzF?nsKY5Z?m7%s+^HF#a&}IZ8N264iAh?6skmimDCPx@RhPl zEn(LAbZkg!gncd4(v~GD#Q(GFhghAP?kTS-){Rxp$cz_v+wBN7NXLoI8Zxh~h>JX} z>Om0>c`FeakL9JK6w{Gx1=_KZejRmK+$Dso{~C9;waDWPW({)vk?-(bs`q`lA9Mn1 zzy)+};}3rf!lSe%>#pgWLoy)sX!Mk;3D#=8(5xrYKjbumy|ln5r; zoCq=KTsYy$x8nG|(b27Qd)<4UP8hDX-UUp>{33x8w(n@|VQa*v(BOs8oiKdYu%1!OQFRLvYRp#BO9rtv{+$KT!)`Mr%u$WzaW?1a@%-hD=|-U zbvwzs{L!K$u%K*}Vb);3r~0f!+(clygy+!A{#`H`bHSENsU}IGfs3s}(t$dKP?SE2 zqeAwyQNMKJaS!tmk=Dh8Yvmkp>{^Z1dE?%an}6%=Z_3inA`p&OshSB$i&PD-;f`FH zN^^GoHdkk0x}XD4I$^ku7%lJ2*TU~8;@B7CDqt#8kg{bOa#=$M9Q3*gYf^V2!0WA} zAcs`uTHk~nbWrlNi(8aXX6>4RTJMiQsYa(X#|6kTgY$5dTDdKNal;aCV;hU0!)K?W zMxqD3qqX{keBGC7ksPX2PEBe4_&KopF~xcrRqDD zeu+u9BCCd9BOxIw^ZJsSxf1~Bm@SsHi3|yDz)zmGD^shqJ=|ZI(LSE|44JpMbFZVI zf{$=t#IOCWM4hx8MlBItV)OhvBA2OQo05jKzfryDMv>DycDzHufSB01$HHb^4?kd4;( zO_0tbWL)2Bo1$Z~p=s&Wed(U9AkxN-?|h!QL9pI-AR~&oirk0Xn{^Ivf*Q#2YhSEl zZg)kjt__yanM-)_`BlCQoOxE_Yl~awE;7;hOr9CK%1y2e{i+OWKQ5Z7YMOCQsMsF` zcf3$$QL^W+I2s@8E1WBL2Z$TLs0^7e_>AkG$Q1WjBxs>|gWj>EX!Io&ZLCEoulFxT z#}YH7unBs+#s8anpQNgOgmvsZ&XMOHt~2r~bE-P=O6hg$G}PtWeS;IU zh>v=Z*4=KkjCtK7;%wPm>Erp8wjMw<=~OMFLvZrvMsQ?{5`8|8D&A$=oll!l^ZExN zxHiQnV-7lhTiL5W)vn)0IYnoLICw`3WGr=b9E|>!jsz+26Iq!#Fhj5f1kOCi(@%oA z{CH89Q;zHh)6bR;Fb}1>I{AKKqWVwZVgf3%`Le3S9NKc)RAVK5YOUO;rRn!g*cqo< z-trTB%Xb-2WI$|Di@&nZ=hA=%c6E#Z0V8&K-Aaf9uI>w)L4*_COv5r?g$qk*xkB@2 zEtV{<;c2bOT*I?P?2=Xad-$^5UM#TtVHME1;~d9&6-VS?gIW&GjoBKpfk~mh||6W4_HPI)9y^L4{ICnVSvtg7abCJt^e@&&<-O~ zYYQE>*#C_&ml4k@l>QLmD5h3M!%jfFfhl;hVJOV zdqN>G*`kzOM;!6Sv!~}nK^n04ZBXzr6m90J19*bnhQ2jR779-o(z%Viqo**ys)N56u=x<1tU`n*O#gwTPp?_r7o7#8~2dt zm)-jg`_SQh`}&)zwtEV6#m>27g`h~&?%7Z}R|M;;A+7q7>gL1S71Z&lHXygE7aZL~ z?-r}Wx6)u|6;E8+$?nLi-8;ZrKVHyoHSz6|%)I_{V-}s`R7)+c4PZD0>4$VHw3NTrVrRc7eony z-snqJ1I@`jN)MIf{$41&Eg}y0ft~%+5dT7{$Rm8*o5*A214BWji@?5LLw~@A!iM_z zUd5tA)wvn=bkZrHpfdQOpwOZIdy#N(^ip?FQByH-wPJB}VgK)FwM!oM#jdbcU&Ee*0YcaiZjbq1Ne!_EE&{y)F$zv5XG|0mw=9S;Zp&ud`bYwvqoMhyLa zR*{E+#eQ!;LY3JOYbhA8X$rhQ^_2_?3gi8*goC{W$kNT(#1-UV|IbhC>)1K0bECfz z!@Qv(jHZ+1U(ePZaV*p)^-I_gB|uDn2Z<$E>E$qaQ>83SK5cu@9)~nik8TzE5{OV? zcy;4ldx9kn${-dn^>?R6qe&G)jd!#y!YF6Z?Sk3QQ8K&}hvZYQ0R!2{mwzU%B>qgi z&Z6Oc#=)Bj3f%1!MAB$Vup%*B3(lHz<<5+D8Ez_J73=(A#OQe&40TQrP6xYiksg_W zkSHtbo~F+bE*@u|O5zYAVlW_x%dm}TR=3Lgnt@VB^0PWKh9zTOx=*1Zik_yEEN9kb zb`@1$R4*btXOo&EFS~z~ocq9<7;ZpPzjnzQGCfj)iGM`WY)4{a6vi(->@e?n^2OD~ zAT6VWaz)i7Td-YEL$2fJTDEnab5;StLw&f|JKRWi}h1paQI%rp=nw5(CE3l)`10c4->SK62x|Z zuq_pN8%r4mK?(Ri*&9n{jgI z;1BMgBO`R}TJ+&xmCLq*pd3Vt**tiA;^QlFLp-7FVDdWih5jT$#dG7ysC9mHYr~Cm z;gt%oHa+a3c@AihzRG5s@k zXy%sn^#)tIiVF{EA#otm2V-k(VP4fWORZdD1O_(vbNXI_qmD9o;ikI4)gckOUU&qF zPA+|dJW1HF(>BBq?@|NoAb)TincW%YRI~wuWj#{UF2l*JLV&LA$A{`@HquL9U(4&A zV8vr$9GhUTz+vP3H>CsVG)CQaaS&(JHs5*f#BK(8}|dM2-Ae4!UR zD5_V!vovTr!HBEP~kNXT9y| zrYaz}m7eoV+pACrK@vj(E(XoR1|9&qmiCX!WkXVhj7lGtv0wfM+JMDDa^c8{?UWVX zx_bp^`tq$Jc$6ARJ&dDJ!YLh~mv=vK93_h`J2iFlT4Br`B2^|y-vS;>P7i?;NW}?u z*U7uL7Nk2%9k#;d>?HaOuAlqRHqAeh;o#iaM7i?MeP8vz9Vxh-*Mov{V zy1D-VcVaG|`m?0V?3_%!rv8mgzrH_h_~k?+x!(O-IXy-#w7Ardxcc-LW#q7lOB{7$juC| zCgPJ!dl_Tj3yS&>pq&}(SMp}XmzrW7%NGYY@4O9^x)2W<4FePmr)SJoab&fWXF2u%!7Z!YZ)q3A>r)iB-knH;R zV#3pK{LP0%gpc0+C+epQch!}&5x?K2hZZTya_Yb8(sSDGL|~mJp3NQ;1|jBR04<)p z2Y(w685&`7YE)Slcc-K7b>|i7usQf|Q|I4D78~~rF~8y~&$7?GvhXx>kw=^}Mbz%a z;77!J%@OcV1iE6#WgMAg-+FO(PD`M+>I`tAnWm3APX=q7^W`y_C&GQwaYkkJGh9uW z0^~nokRP7G16lp3LL*0a4Pv|Q?EFlBk^c33K>PPdLu*Q`H3FS={P%qTiiClJLV6!* z6dWuq&7J=lVhq#? zR>{6+dskrmp*~a1P2vkTnh7tW^vSJ-YvF8%N_)AwKkT^+bc0N1#|}S}Y*SEy!7}yH zy&4^x3q0V)Jz}*xqN3|lyGzILojD6Q))EcaEF71suB4mhupe4w!Kv!(vnm9Z#3h(< zT}8DjhS*FKMNBjrdN+4lC9t08Vpk$~c&}tzx@gM({>M@O|M+H3Kel9Z1NANvz#Sct*0orp+D z_9Z1$ZG#Ftp+#hWjo3RcnXun%_b_7m($|@lcJ2sY_|{F%@0_0so~PZPZG75IIK3|* z&brL9({haR!s3@dD&ZskOb6~Hl^P!-iA~t9+H4ecek=;h;vHh=Yt0CVd%oP*q>_4jXB2NB+o4wgTVgHQSgB{ zBJjtOo>}G!kW6?sn`cCYa2=q+q4(rKH)qT>i_MFQUxK+u$DAuE9FSz8ocHw1qj~X< z)AcWhgu{_o>nNL*9Ud79%9k1niuk>oxB#6&j;_pR4t6FWdus=fy^E`Zvx%koKOJZB zAK!!*^X(Ms5e;UTS72FY9hbR&%;3}Ink=|yh?}Wwv!|2}Kf=8|MXHAGJsZo*Ll!x` zUhDqI^g%$Ezm-`+Ho?r~pk;X<+3Cfi;NLdGZ#y1-zO`<9$r1QlaxY-8*#r%-uGr@r z-a(VhO}@MJ!E@t5V(m zL+#w5r=jbQTW?zfBKHrNsf{2kE?@jvEU@QVx3SZh$}F)`er^e$$cqftR)frr&sLHS zYh0nfH@{+|7X+n}3Fm5$a^cMW)WVzYdhGOfUy<=2_~E}gM*)9@|455%9*X5g+6wpQ z1UhKpDM~t5YdvKuNQ`&2O7u-}_tj%H@ez~1FG7|2Ya-RTw%DZE2F+QuMb?c}B zi{;V)gc|N@x&-&nWDb6Ud>H`*%6!lVQp~9SCYQV8Otq*bbIJ{f3a8pt z8Hh>)%f3VgspgIpi^hV(g?)8j`agSD}}L=!y^?mgWtwoTxorG^HWNfoY12R`>n zcU?L#*n?aFK1G5~&QU0f-}w5Jq&}+E zU{mT=tp|RK+S7-R#w3Lh3mvvPNMgHl3d3dX!fcy8s>t0k*8aeRwUoLv>JbpzR~2|o zG`8z}U;FrjISh$;iy*aht9kt=5|&=y`@G_YO3|s_N;^kcGa4`q*QF6qz{ru)s&GKb zcL{n|w^%bWR-1U+dPV!X0|k#k8-z0%O$IYC#(ZHs2TNF$C>6BE8=x{)R>)VcM?+DG zU8q$PTWX@smFhyTJV`2xPE-52krMx@2BRMR#Ncx?J0QgBGbNmwAQ~dhsV%md?0Oe+ z`eyhJyah#M^OX4K7-6g0_ZfQYq|Hn?WITCZ;K2Tp@I<{nb8ST7cCIGa4`;` zcqN88928rZuQqRDFJkDRW=z?sQIwGrKJopqbJLGe7e33BD|PNum_);iVuz>oR|{=(sM*5xd- zPUY`jhUstwPB-y+jb5KkCC1F;86uj{Sxa(}8t~*}qj5-D z`Wlt>?23BrA;|GmR3xWfdjsTXg0a^yhBUu0>s^heRcbI_9U>C*jp8bURdfD__i(0^ zjK2)AmDl9nroP>SwnSt<#uql?oYpH7{nFH2@!WVWBE#K!?LZ4d-36xHT(RA9h%jg; z7^le6TCiGohyIk{OPBR~zC$%OSUqlnB-P>84N1!81aah;NS~;l{qXU3HKB!Y3Jg4; zLJIo#;eCoIHbaD2q^mz2OBPDk6@^e9u0b$~vOZZ#!#Rn~tkKH5n1KDdUXu zFqI2(39B|eDF+$}bDE@LwXGZuew%1y^3*T_ll&9{%L1rBW zoeb=IP3M+48DUE0Tz~c?Bx3_OyoVr0DPgx4K~e6q5gCsqD22Spu0NznG_#~|lFfzM zR^J8v(THX5{zh5;rOhU|W}hsop3lN{{q!ln{FkZw4@iZ|f)rgpqT927y{F=hoc@GP$CW=4*$|pL4&>|y^*euO0r$w; z6Mnd2FOG=V-k~v6_DjOXo<%WE{ct?P)ZpJ?xGXoU<|A)#6th+&X6$GmbzhBx)NXZ5hnRBx{9`$*_x*xrZ(i%EdqM0 zA#zXBw_!!^!dQL=%#NFGLOc5>h7K;Ft>&c6`s9~U)Nl!#(d-u8%*l_X;PCUgU-?WL zoXocv9Z~{K3rXCywS-`X%{a;7qGtqF(Y4)al*4<|+@C@F=9H0}`tpi&?CE3)kzKV2 zp`WAcb^1{XC554%#Fi=HWD6*}1BUD>itd1v@fMfIizkcg_}B;o09?q}*Sq+YqbC}x ztXTrJdJql2=XbjyEtfe>oVH&qW#L*WHn(X3^$gxrZel7~lFkUdh)qY9nt(Cp&Bnku zxm~7Atd(%yLpV+@jw7R2fJv9xw0QFq{pj{+XLKz?wd>M~a1D#QTQ|iN{ZW10+whT+ zs)I2Jr`2y+<6Xz1$saVxB}6g>p{JaAeU9gC%?iAp`mG**ed-eVO=J{$QoP@a8gDtK ztVJEfUv21xA2c9ZMJj-c9-wNiz;~F!*KOqIej~?)P)#;1f;swQmn|pp&KD7+8>umMekudOGIQe2RD=5fV8=~$y zuYbhS->oJu z$Mch2nV!vTA`x=LO3hU)=sKo^u5dKo{5(Ur^n3DmfV~;jfloDobhIc1DmOz6hGD|5 zEsEhDUPd}8NW+O3@~lT^@w)uA>yPQjj02hWOvcEmW{yek=wl<6uEQex3+t3xKX52c ziUp~&$cN^D-$FU|$Ly)qGSJKiT^6=jt-&6#HWuD|r{+h{ z`XiZP0Vbb^@-ADB$jL@WaJM%rd&&B?>V&InaE5uvTwprC9F+%ckpvd%k?c8}3_-`ZsJ1_VT8XD>!BlYiQ{|8I>pYZ=J*!wq}kP7-gLcjmS{cqm?zj0zT a(Es09;9q1XEEFsh{Ck)g$o>!6`F{YUgT*NT literal 0 HcmV?d00001 diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 060f38b2f1d5ae7f1e941f25ddc08e5e8ca58304..38b8b3c1496d90328221050d6459e25eb3c88811 100644 GIT binary patch delta 2798 zcmVZ54 zuf6`j@A~*$>&Ph+F}#=fpP$K;O*piIK<06V!!)~d>bHm8!KmBs(SmLa0aG007+Rg* zIzFg?$1D}{2!BE&>vxi+tSn|^0aL(W%7SYV^OVN{M=cIolsGiSgC;?)OWB5o>RQpy&bgdSc7#sOY?fA-#buV20b_sqDbka8iz zoPX@liwAOs3$A$-RSS9Tz40Cp(Yp2QnV=q=SRAb|%TAhyHIE3$*;iZ6D9Td~n?HNW${e6CwiV&t+DMqwbw*&tY$+-*|B|N4% zdd_WMizw`7d!XabE@$s$2*96%@}RM8yR4HFSn3h}E}NAobO8cVvAr+;OS zBnT5%5ZMt7{niLri1jWI+8C)qG?0;kDV~Rf3U)RMvaIdH1$kAcF=(Wy3<4=aIFaC8QW^#9R&8jk- zPSJERIIvh}0#_UIKXOb)x9^|f(SL^L1Gp9l4a;h?gk6aUa{!#7Vwtxl+w1u5dB^ug z6aZ(jm=cDkg-C}S;kG)iMk=3nO(j#gU#8`U3rCq9gNtx>B?(GvceMSkTBWiEh~Jy^ zF)nF!`d7cBlttw>%paAX=-Ra)`u(8E@{@npT<9t_{tY6X<@x$%_1a^5(iq|GI=*w+dbBh zB5(u^3`eJJd>EIhrKgZ5WPiB?Mt{xyT}n*8#Lb zJbrF%9uWgsaJ((l58Oh|{+`uS7Epjcxb{^yT=rgTX5vX@@{06;Du1<7WcFHbrFm6k zw3SDYtF6piU-#%^sbpYhSx02&daGYqg)tP=#M0M|_SsohV5t?`EJ1xL<7QWuBe1n{ znq6plM@qEn4MpghO#`cpcFjiZtI<5c8Y)oEzHETInV=m(jAW7vJd?uSO0M=1$!Fxr z({E-{0j#Uw;$Cp2$bYAfp9je1)EMc`8i46jaTniX(gfP0fQVKU3yqM+?|>tz{(tf8 z|AaF`K4y88ReIBc&cOi`Rb0$Ycsdn|x(Ee0p>E#~7O$y4?8%tp>1p*6S?REh`O_4CU{0C|<;==MoNJnHy8fHYbi`eQEmLgRzFfv z1tubJY+qbq7KUq=sL}yffk*XX%?X*kQ5rke#KXm4%+}s2*}l1*rA3}T95kCP0Q?v1 z8A2*moq!0pQ;B50wdD3P#fCgZ7@+)zfWjgp)5hzQz?x>SOAPRiRU{|ko5kLG2U~J} zjLkz2GgOFe1h z^XJBkO7|mC@#y}+3y}7BGsC&Pm}j_PdD)0!H`h`VN(|;PQgPSyzz~EHHVc?Rl*lJQ zKj?a-ASrZ&7m&Cub+mqL1kw!Nym`BN8-wB?Sju7=`G2S$5<6Yr1Z@*KV+uCSLM8}SjP++dKTC? z+~~5f$$vuW22!XY`^x99oVzV86Am7i?Ooq5)ez|HhsahD&flmky$rJ&(3?>IUW(6M z)%4XUl+=44Sd{Ay;ecrWePJK?3y#{*3g#-~Q=|*}Zl*$~JD}S;EQbRZdp3=h*rU~# z&*tE!02W-R2xyt~ZY1oYubfg$Oh-wJ3<+qn41ZgwjZ&ek1xKeYU8A6rr$y}~Yqf)Q zvb9Rq1Y+nhLuuuRH{?mg0^W2Q&QZf@ zP=E4Uv(8Yt`(DxESk3viSbgk(YlvsJch;w~=wO>!KXf}t(8B4^*KJ9oef&94+{?ZZ zQ(fG(qPsfuabZfIIhPsR&Fq=c8`#^D14t&xRG1 zW*%}s0@)?8qpwzi@(mqC0r}#iB^gmK$JUSkh9FIhfKv5PKg;Zk&p>+N=xQ z=*zzV{&jz&Wh>Jr=h532FD&ob5r%3{grV9KV5kzEp8!K^M5P2HiQxr{D?R$Oxd|yX z?R3i_LajpWgfF$axiZ)xw|7any1oZ1XIhNi|MJf=ktz&ERarT&N|r5F?2=dZvh)Bh zW6eXrFc9KT_}cW4Ph(???`~D!kKgWBAJ*22;+rRrxdC08bW}m_jzH0^4syA$;=tOO zg_Y81EoF3ep84n02meRx>))4wF#*U8(L^#=|EJES3kv`MeV0};0YL_aF#!Mo0KuGF AbN~PV delta 2805 zcmV(^%005V7G65ZzdnN%6e>gkW zNZS@Iu*h8w@Y+ewy~H*wr`^4#C>V)$xRph%D8+T!{P&w7DOVUVq?seSEHU&t%Fb99lsj^Eks{n%z0|+r#c))b00Z zK{tkgDGqWBtONBgwf6&PKon$F1iy2wK6fl^w;6}u_Hiqnm+xg!9-oZci z_Y#(}X%jVk7|;{Xc-p*RamY~698RE~r8z(RNE6<%NZ@YaA-A&c5n=r-v^v>yDKE2F#%4rUt^)Izx?XD+vxvkGZo+eT~vGuLHJmu|3 z=HY34D^eLxIRWM&DXE{Pf2mAc0cHOn` zlL=3~M7?mdu=j`n+{L%xoXIpm?J!AYof>EBv zq(F|x@Lt5BoGBQKl+Rccc|ekQ=Jt4YX5V22j77x3Egnqr9>E~LM!WEDDsE{z?rF@f zBQ)%cMM`h08>_#uTC3ZEe~aW? z28|5BlGN-f;V}}-VvQnWdGM%0)qTvCagpHspWgn2c`UKf|L9&j)ZVe-Ij$)n*C177^wEI77uUZ%ww> z@!j)|?~Nz`&SEho3{MM@4mrYYbzF^9KJA)HrgFbb%MTZhGCKwr;p|!xl-BNP`(3rl zWDO9%HR)qq((3fDe@7{c%59k6?T9I*Qy7b4n&6?4It};+?{DzXbM2b1Q2*qaV#SFS zyd3VWe_Ow6iuG~{p$haYdW~eIL3U`h$0aeV@#D0gvI3| zi!fdX&<#0si3HSKV;gd##y?CzZ)7(gUj0N|D)X zf4!CFRguwF9zm|QGH-p|4>Qfmv zyRsaCt(DX4LdzRcqE&AwLf32>SY@SJaNO#r%OrMIo_#Trc&>jUuw4zvOggkx^ z97*;6i)a5QoEh>l%cHE)n-+8q4xp&wVs^sQsZi8KD8LDI`+l%^P5og{#vD&itCz@1 zhh@y4Uh7K_#1#a{>l{b7Pa5J;$GYp z#y@QJ4=Sp_LtH@CC2$kT^| zX0ru=|AIY3NTsS15aD(zk<7Q2++L>Gkf#U(l>ZP=SY%|{czqIB)9iJL0p78S*8OF#icM`(B3G{>%!K9i0;wipe$80E%Xt& zMLV<9lQyod8qX@-k3_|z`v)&T+T+a(=k{Wr;ezF5BZ}QzOHC*-m>-dfyRHX@AdIkC zzzm{9J^}hc*CPc($#B6bHdl7SqT_^^n-ER#M0<-Lip?O5-e= z6WEA2=LIu0GU;FaQenGf%|f*LDaYT(x{R(WtaR4cKCLcxb-W_XDe17U{>AA|QEy-! zGic~ZVB>J3%fcoLr5i}0e}?QcpTBVKx3o++cwDx3eZN#gptBz$TSYj3qq6ie%xXYy zLj7wgKKE7ASEEo;@4aJDt~-PSqW#|s`@mmt)P`0tR~eroUC?(k6*}Dk-QHn29JtuC zX|%*1t-gFV2R8+<;6g<}%cOTBVHbVnlwx8!N?K${K$~UQLT!`^e`PH=I(6w91)V%C zYA0E%9jueBRk9`!Lx1`u;F{ZemhPB|qnlLDaNH7;%#?3A(r@h1s_fS$w8MUGqD$r4 z0borb(aNCs90iN-Q9$9bhYEwYe!mASP1&4ahQacJ!n{RcAN0evFIyT)D@VK`Pa+oZ zrqgha8cu_f-d?o9DShQ!Y9y#-c!W>vXM%0IwtL`1U3}E*G-l8|JS(n+RCLl@ z=`Oo+A+4!$ixES1^+sntEIEdbf*xIW5GGKtC8-Os^-sl`m-{aPW`B(8UoN}nqi*kN zm9Blyh82}&9&$edw1DV6oo?zemaIqtE#|vsY$(-}AFcjDg-ac~hua9Sj91e#Gh-=u zJ@`k?REAL@wgS)kx^oQ;RO3cckuX&MUk8>H^9QMq@^NrFr~jC_CAo@ zI2CKPSr@p`=YIqI>wiYeR;EqPqqonVS>CfF4AmY9L$yc1P$fD)0*2OzN(n|1!wVKy zdh}^?6H;p0>6Sx;T7}vPUut!8Ww1kT?~-tJeGgX7v>3bp<)39DRTzw_vT|OPEL*JD zC9mvd=>c5Enuma4AjF^Wwdo-r$Ho@l-KxGHzuvDttgRKrHzyx+1G+TnsDj=dfudU- zIcK?Z>_ H0RR91#Zh8* diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index 2ececc00b..76bfd176f 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -22,7 +22,7 @@ param [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [String] $SecurityPrincipalNames, + [String]$SecurityPrincipalNames, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -88,7 +88,7 @@ Configuration DomainJoinFileShare [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [String] $SecurityPrincipalNames, + [String]$SecurityPrincipalNames, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index e2cec6385..be1200993 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -14,9 +14,9 @@ param( [ValidateNotNullOrEmpty()] [string] $StorageAccountRG, - [Parameter(Mandatory = $true)] + [Parameter(Mandatory = $false)] [ValidateNotNullOrEmpty()] - [String] $SecurityPrincipalNames, + [String]$SecurityPrincipalNames, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -35,8 +35,8 @@ param( [string] $CustomOuPath, [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $IdentityServiceProvider, + [ValidateNotNullOrEmpty()] + [string] $IdentityServiceProvider, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -50,9 +50,9 @@ param( [ValidateNotNullOrEmpty()] [string] $CreateNewOU, - [Parameter(Mandatory = $true)] - [ValidateNotNullOrEmpty()] - [string] $StoragePurpose, + [Parameter(Mandatory = $true)] + [ValidateNotNullOrEmpty()] + [string] $StoragePurpose, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -133,8 +133,7 @@ if ($IdentityServiceProvider -eq 'ADDS') { if ( $CustomOuPath -eq 'true') { Join-AzStorageAccountForAuth -ResourceGroupName $StorageAccountRG -StorageAccountName $StorageAccountName -DomainAccountType 'ComputerAccount' -OrganizationalUnitDistinguishedName $OUName -OverwriteExistingADObject Write-Log -Message "Successfully domain joined the storage account $StorageAccountName to custom OU path $OUName" - } - else { + } else { Join-AzStorageAccountForAuth -ResourceGroupName $StorageAccountRG -StorageAccountName $StorageAccountName -DomainAccountType 'ComputerAccount' -OrganizationalUnitName $OUName -OverwriteExistingADObject Write-Log -Message "Successfully domain joined the storage account $StorageAccountName to default OU path $OUName" } @@ -153,56 +152,55 @@ $account.AzureFilesIdentityBasedAuth if ($StoragePurpose -eq 'fslogix') { $DriveLetter = 'Y' -} + } if ($StoragePurpose -eq 'msix') { $DriveLetter = 'X' -} + } Write-Log "Mounting $StoragePurpose storage account on Drive $DriveLetter" -$FileShareLocation = '\\' + $StorageAccountName + '.file.core.windows.net\' + $ShareName +$FileShareLocation = '\\'+ $StorageAccountName + '.file.core.windows.net\'+$ShareName $StorageAccountNameFull = $StorageAccountName + '.file.core.windows.net' $connectTestResult = Test-NetConnection -ComputerName $StorageAccountNameFull -Port 445 Write-Log "Test connection access to port 445 for $StorageAccountNameFull was $connectTestResult" Try { - Write-Log "Mounting Profile storage $StorageAccountName as a drive $DriveLetter" - if (-not (Get-PSDrive -Name $DriveLetter -ErrorAction SilentlyContinue)) { + Write-Log "Mounting Profile storage $StorageAccountName as a drive $DriveLetter" + if (-not (Get-PSDrive -Name $DriveLetter -ErrorAction SilentlyContinue)) { - $UserStorage = "/user:Azure\$StorageAccountName" + $UserStorage = "/user:Azure\$StorageAccountName" Write-Log "User storage: $UserStorage" - $StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountRG -AccountName $StorageAccountName) | Where-Object { $_.KeyName -eq "key1" } + $StorageKey = (Get-AzStorageAccountKey -ResourceGroupName $StorageAccountRG -AccountName $StorageAccountName) | Where-Object {$_.KeyName -eq "key1"} Write-Log "Storage key: $StorageKey" Write-Log "File Share location: $FileShareLocation" net use ${DriveLetter}: $FileShareLocation $UserStorage $StorageKey.Value #New-PSDrive -Name $DriveLetter -PSProvider 'FileSystem' -Root $FileShareLocation -Persist #-Credential $Credential } - else { - Write-Log "Drive $DriveLetter already mounted." - } + else { + Write-Log "Drive $DriveLetter already mounted." + } } Catch { - Write-Log -Err "Error while mounting profile storage as drive $DriveLetter" - Write-Log -Err $_.Exception.Message - Throw $_ + Write-Log -Err "Error while mounting profile storage as drive $DriveLetter" + Write-Log -Err $_.Exception.Message + Throw $_ } -<# try { Write-Log "Getting security principals" # Convert Security Principal Names from a JSON array to a PowerShell array [array]$SecurityPrincipalNames = $SecurityPrincipalNames.Replace("'",'"') | ConvertFrom-Json Write-Log -Message "Security Principal Names:" -Type 'INFO' - $SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force + #$SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force # Determine Principal for assignment - $SecurityPrincipalName = $SecurityPrincipalNames[$i] - $Group = $Netbios + '\' + $SecurityPrincipalName - Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' + #$SecurityPrincipalName = $SecurityPrincipalNames[$i] + #$Group = $Netbios + '\' + $SecurityPrincipalName + #Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' } catch { Write-Log -Message $_ -Type 'ERROR' - Throw $_ } -#> + + Try { Write-Log "setting up general NTFS permission" @@ -215,10 +213,10 @@ Try { $acl.purgeaccessrules($authenticatedusers) $users = new-object system.security.principal.ntaccount ("users") $acl.purgeaccessrules($users) - $creatorowner = new-object system.security.accesscontrol.filesystemaccessrule("creator owner", "modify", "containerinherit,objectinherit", "inheritonly", "allow") + $creatorowner = new-object system.security.accesscontrol.filesystemaccessrule("creator owner","modify","containerinherit,objectinherit","inheritonly","allow") $acl.addaccessrule($creatorowner) $acl | set-acl -path "${DriveLetter}:" - <# + for($i = 0; $i -lt $StorageCount; $i++) { # Determine Principal for assignment $SecurityPrincipalName = $SecurityPrincipalNames[$i] @@ -231,14 +229,14 @@ Try { $aclProvidedGroups.setaccessrule($domainusers) $acl | set-acl -path "${DriveLetter}:" } -#> + # Unmount file share Remove-PSDrive -Name $DriveLetter -PSProvider 'FileSystem' -Force Start-Sleep -Seconds 5 Write-Log -Message "Unmounting the Azure file share, $FileShareLocation, succeeded" -Type 'INFO' } Catch { - Write-Log -Err "Error while setting up NTFS permission for FSLogix" - Write-Log -Err $_.Exception.Message - Throw $_ + Write-Log -Err "Error while setting up NTFS permission for FSLogix" + Write-Log -Err $_.Exception.Message + Throw $_ } From 7aff6b17e1e872683175b27a68f1c24c066fc83b Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 14:05:38 -0500 Subject: [PATCH 18/42] updates --- workload/scripts/DSCStorageScripts-v2.zip | Bin 0 -> 78498 bytes workload/scripts/DSCStorageScripts.zip | Bin 78498 -> 78252 bytes .../scripts/Manual-DSC-Storage-Scripts.ps1 | 6 +++--- 3 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 workload/scripts/DSCStorageScripts-v2.zip diff --git a/workload/scripts/DSCStorageScripts-v2.zip b/workload/scripts/DSCStorageScripts-v2.zip new file mode 100644 index 0000000000000000000000000000000000000000..38b8b3c1496d90328221050d6459e25eb3c88811 GIT binary patch literal 78498 zcmZ^pQ(Pqu@aSu6H`}&to$NN-cAZXbwryJ*ce7oaZR=#)uKWAndtdIuozG|ZnR%Ug zn6L6rC}>QG{}CEfLM>Is!F_KcNQnPYod0T~UQ#yp7S1xBroU{=jaZr4nK_xgY#f#U z_Yf=uEQDxGnEL;o{=WwGKQ9h)^i&5at0|kfSTj31vo&RFHSDd`ZEb0kTsc-(6BnDx zN*F_&-}Z}5k+MS?36rAnp^+wCTsfe6-||rq{TWkhvYHMMF&p&%YWKdG2D0$XPLj+S zeGaqu$DQ5uY{p#lRm5y9e>yZ;aK9fYeSIkTf8@`6z3!3J|JU*o-;?1a{0{Wr-@6j_ zue(|9`MmAg7M25i#FFfuYPG!A8*!&|e}<0bIq`B%AEbZXMZe;ImUfQa#`{0_ z_`mm)eARA}u<77|Vs|T=Jsqy>N}p|tope+`x3BVjGd|z^10O!N^7MkNus?jg(ZPrk zPCc3N-H#R=4`nrz&!2@~uXjd5JvUb*N-H-F(^;=IUk_#ZkFQ#wXU{AD&5SKBc=LJY zt+khV(8GgL&wK1zR@&lcE!Q&-_@U!my=QpJ|I_sPoaO5U0gXoI<7YnAdRL9r`%h(V zlbcWN!<^ zkjM*dwr`K!avfIuZWSQ9gx?Om7?YXdsPQ2RYzVmx3`$dEUW4GH2D*U}PiM9^0LXtR z!k8Hr5Ou}k^*@Z|SZ(yO8ATGH-971PYMJH6XJ6Kb3?hjvL@UP|%22WL=Ft@d@Ab0} zoK2W1W!sigD4ClcGTZgJ$48fX)D2st5|>0vz}z$35mra^!5{I)msi~UOWRN>bJjsQ zjHJ$Gnfieulu-&0%g`mjv39_0R>yiRS8Q3?<0UwC$bHInV3$P)2BWFV`z@xZY~-5I z7dF9}?5r#j>diGV4>-8xb={0sFm}AC`sG*XfQTInX)ehwo&EGlO{*)~X$JK6Q@W&eEn`Kjq;yeTKZ zyec2eEdvA*{8S18RyERLa3UB-Q^V;rqFFwy-X0Xb;_f$62hV@vv5n_wtV(Wg*R&wT zuN~%R2<82>Sa%r%R9fbuOi;&q?7)p+N7Lz3+Qj0I?L zessZ3WD8P(iYmXeTKHc&cV0M{J-^eKqN=);=8C?A4rDHG(#lIu|L-V|l5Cfg;@3DY zyTrPG`alE+NivZe@HE_tEW=zO*MfRe!mlq9j9&|Kpc%l&a=}-e}V)0b%%j0B8gc12W#(N?%>{+aeodJ^gaQie>yr0VEyJ5U=qYb~)75Ekp$Ml&k(tz9j% zt#QK1mR3mgpvvpgDh!+?XPNAQkvYXmPS+pv?jQn(5{T9ys5IeJ(gFsyy!X0}6t*Hc zk$$IF0q=Ydo^Dni-$>PV9+Nw{1-d5Y7-b*Nn|W|ef5QdUQQJ}7gNA&*#STB`Acv|q zw1}^*p)nopbioK;^rS~`2Zx|f18Wp_f{xZ#MAxsj?8mD|&#DEtn!hLYR)0t9YT9c( zd7*B`DDgcDwvL>ENTtkwtg`M1mqh%&o=4Ie93w}TYZR{!>~L(<(1<;!GTJUbT}+O` z`jhOI9UNz06Y40e+SP(o340(KTq#a5MRQI`$x0YTQy-8aNpqo#n)F2sFc@=QBHFcfy^+RX^air57a|Pn?>Ko3V52wV4jE`MZ!xp_%tU zd~hjqQi68bX&BmlmZ4!>9=dm^ppB0U$0UP1gMS!uL+f#2&S((uSJ`=&`vxP%RCW6_ z1b~>`65atM`0PIFoN$oFG$A;}W%|cU{Zmiq9-+U;OX06VQ`%2!mr3|4XiqbCRmBVS z4wnbffECWwbx~Lf2Fo)S-t@yF>Woqh!N9r2hilV6=p?1ltV?b%fJ9&Zy~J|^Va0bn zAG5rF+?LnPb=t{e8Q+h8gbo;z#-U83)lD~WnoJa7h2D`{)@vv4CO_fDdgTSW`;t0M z)i3M?WS*^uWkp^$KS(c%awM026bT!HPiFefHRcN-@G#~0oFrw);uy8RePI46rl4RS z^mYrr@*`odp=m;;o2tP;|?n5h!M5LbIvEdTjEG?E|_RSfHti2@8WQrdKBy9pemVi$`?zO%u* ztM*>!eVcet%sUgv+=tZBe|b~?1N_^GDK~nLEPev0>9^w&{_Zv}!8|3K6Kr$U0FIs8laQQX1Lx#M_TK30aICBZR&HAl;jflV9xKIlz+bFx7 zI3+NcJ_x)aq9*b&(>FtDTzIeTfk+QL{DtbL50W2xoylp5WswhrpMOlgT+8Tr;#%42 zm=$}=C9w)&6WRJ)HEi~-Xo*$8Xg;cx=vYtac{x{5o8GD$dDPSCm7Rj@ycvE8mfTQU zJ~kMBJmYinxEtx|Cx7$s>8JQYkH#IPq%_KKP-`?eN&{&ZUnA~TdDie8-5`qE{8(uM zWg8_;_e^cA4-FGKoFl5EQ{sATiBs=Bg796WPti+BQ}`E<+T)6CV7+3=>rJl2f4)r# zr@Vn%1}-J`Bb87 z3L?Ovi7nhg)z&ghF?W@C-+ieh*ohpD!)S)f-q5Q-#&6qa;1^ihOtC%FD1^avwYqJL zm)=J~3PXZwZZ;``N%-`krnkFa&k8b|RoZ|fAdTQeIc1`zUg&n#u)%dz_?{jjwbwtT zipfumd^<1O+uyiZ`e*$>;yN9Y-b_Lg=3+v1!t-eQJ4Z-SdRl{eww!Pi;H<5_(a#c^nw7^tA6OB7?*tn8MzY}jo5yrQ zholIWpuRd5)H*dk*oK1N(u z^N?Q6b{Ku8%a}tZj)fU@E$qCJU15=qpDkt0Q&KF3UW=seLpOX*1c zg^FHm--s%X%-*D>t?eV5%@neVAZO(7AOfKIzYW3W1#MfwwqnrJeIJR%-OiitKm|PW z6Bg};gDw7rE1RyEUQk7{k49qZyYe%w20?(IQirt=|aW`IOXkYJC3%eKgq zBzVFz*SE4;NDOh#GG79~ z+|6UW-XIm-(!?SDL%afI?2i_Q>9m1*(zb=-D?BqB{wO>tXU{jO`3?L}8F5ER(|uc^ zOPe@T6V~2>&yvi{lOxR*YcN)|%ik_Y0orVwW)&2PJ% zjx7V?k%5+P9S_FE&Zj?~;8Hhz<>5|VXZn<}7VXaQhPwf;CkC+k1mDeov(J^yx!v()+)m7=1O*P0)~mO{NA=)t5U$R5mDOmtT%q`$)BBC#5Zb2eXNr zLyf&E*N;L{vSG;#^R{+5eEej7TxJ*5w|_ox#jPCG_26bJ`<`|{=(6hyX*Jwya>CeA zdxfsA%KhaFC5HknVMt5wZvqs5%VS1ZPJZ6ArS+kH_;J0{?WC2vBSO{#1{ZDL;rGQ$R5%!f}idDMwSG220-J8P^FX9^s7R9x;m70ah-P$1!66 zQpC6Q*GSuHb?vm76JZppQu=^J!{x#4z7AMPdHNleK!gb9HcA7j1{YQFnu> z`qHkeSu$5Gl5k{`dJ97bxka)`6WZryuah}y1T_<~_>Fq!+c`}}2Ny&h(R7(R7uowP zo^J*SJ>#3nl(jr0T|PH9-;k`myz^$j&OpVh&Xbd_r=IEg6XMK~fgz}#IuOJpgIO}; z1zjI~qtl4_2}rdx4qO7LVtEFi^QA1uG=cGVN?Qg64NHyQ@tL^N{q7{El;FRkt|Bg9 z5Y?v8B-ry{^g^KnVkjd=a$k}i%|>fqY>+?mZD!YpgvWcoH0g_t<4mrgh|b{jir}X^M~ff%worZZK`V#-bw3am z=eLo&tv{tNF?_0BCw_fayJ9Ar-sam9-FoNdcI%JJnvV8dZ4qC6Ns)Y|e)?9%8$I2G zf2Ok2`R|ik^1Tb;^!iL(7+4#GD9WeM3LjDRJ)E`LPfK!VmqOartY>5_iLqk4v>&HP zpHg-0tUHR1|DEHP(DIQut$s5D;t*zB(NmO%~o)xeMNqGGkP z<(dYJRjG;YO8Mbl#yU298CrEs)MPia-+0K8I`t&5qZH9HG!1`}-{7mPdvYARy!0c? zi<6Fflf2dOcEa=K4suVa$o==J*A;?;YT1rk;YkBG2)B}pc%w2;@z{C9(0>7O@|TuIAP3N&8Yy-XpH zwN{=k(~5kh&oQiPW>lPjd0{FIrH{y~#=C@Pd!FBKFL1z`BS7Ump(N@OuHJa`Wb+}= z$%fLPt+85KWzv_=)nKIlX8lLaJ%6D$uRVRb>d$vr3cIfvrx_8OE=$-ov(7wQGP$K7 z(C~xIV$mQiv5=caRQa9Z&%bQNUHP^rP2b`>bCK-^YcG*fCN1FXI0g*Pt2=9BBR1IWy|;a*1$TIFp|IPtQ^a~_z0(?0_Tv@aQ&gfx1Tq>=+iE*UBt{;KCUSPP#aPfPOx zlcPGg0{a)68tqVJF1g&c1e9Ey!@O04{fPzM79@al=3l|4cP#~dBM$)8A4hJa+@B*i)%At4W5VNye z4ojskEvzoq3$Vgo>{UA%JGZ$;pqr0)o@Jda`e0%l%kc=lJ=tb&73qkjsx{OiHaNA7 zAU3~!Jbi2wcd+j%Hp}25iPu}EilMHVf9!usdg6u76u=(`w+wi>Ms@ z>@@IZItg!Xy8_%izUfV3G_(1>HP(EdZ!WnjF6s*1B7;g{V(l@7t0-nkUUHKl<|U|& z)?4Wos?CHeI3S03*DtB6#9|Im;fIETO>DOzkR#!wS?~=E<&d-l1agekP7N!nWROFG zuwrVoj)#Qo-&PCet;Ug_U7NiKtm?o%;9y#WWA= zb`}iWB=2x`luXx~-6*%o#N{d9wG0KuGKoQ1#hjekevuFs`*?BXm}7U$hC|-4pT;aK;3671=;jeCaEI+e9vh(f{^6?xjDpAP{@md zvcF+-Iz{Z&b<-rcD|8~O=d?Kja!`~pQ|=rg%K#}6X+|)9J)PX&#i`hHR4G~Z<2)%Z z&pf$Css<^@GRb68JWH1A22h#G@~}wSJ(DB)FUb_H!Op}5)s?sKWdDY1WZ@62Fyc_vwUqAW{+kRwBLgd(`0Q;{Cun!%ORDUjtQV+?+)3j9ijZl zhlYtKIxlaVTyOwXpAbrv-DqX$xQRc))3aQZaM(zgg^rvSYkv`qFVd217@c11 zH(M+YpdTLDQ}G3$psHf|o*Tz1Iv4ceynn(L3I2d@x^qSR_7zGLkoK~Ioe(zGl`Fa_ zvp`AcQX8VaI%FNw`X_$*DZL}CS$})v4maYx`-m8!qWesK2m2?g+e6!w`Pda|Mk|Na zK31?BD*Z*##z4l_upf#3^R%7fS46xJ@9`7IHfS+h$Yw{litnQn3@v2(z;a~7{ev^v zVo$`wst?PjyZLhY*SEJSulZ`xuick)k~0NwzYmh7oDJFMU!UJUv95ZWZuTnsrrtoC zirkxd2k!FeH^R39H?ms}-V^DZ`_-<0+w7F}Dj)vc&_!yl28Bx!iqN0S9kO+Y4BWHw zTWJ=t;$Xc61_*!&Sm+6YcWZ$g53tj3dD)2&Oh5}a!@geH{BWFu#Xkp!Df_gXVMV`C zI5icL!{_ng%nN|dmLGJDtP@g>%j>I$CDf&jl3*lpq& zHx{6pGj(1y9Sy!+;xBjxPtVhQ;@ z#A@YW9jg)N!@1NvoYIf=`^Fc|<-kr_Om37Fcbck`x2dc;@?8OiLQ} zRk9D)vF&7MPz`gTmUnDr59bt?^Bm8qGHL;*aKK>(AF#s^x#P~GZ!&g%qS1tn1+bc< zQCcgRb^V|^DQXBU#p=5HK(#w7?F36sQ7N^Zhl%Uo@k9ZNJ7FotWJbU5-iXgc2o0`Z ziytC(Vah*Qs9D|K?;O=GT3`vTqk3-iStDP;Fy-W;wQ&UbEtiPEw$FZhq)K4Q?f7Z- zNgJEla{2uSEA{D9R#{M}o^>*znUitYY?Rvb>CsU#h9=irrO|P1UWb|+UUwef?(e5e ziUH`M4#oRk)_hw@d99)K`n<>D=~`{$$#2wPStzv;z#_`bx!;ugO9Vpf);XG!W)$G|)u z&fkEb@M&$Nv~HcWCi@bYrRuXF86nsm1Fev3F>}t9gks>oENgB^9R(UT?)OkQO!}dX z0ST1`vnGMcek^S3oGjJjE0Yzxp1zjV9s2@R1c#w~m9?%koCN~4|FT~hFd^hZ$A zpj^+p@wr+y5x;>|>t*lnX(15%n@ZhON+3-SRW&}oc9~)LO z*P+O+fnVFG)XMcQaw&2yv7Em!E`We*ie-u>^ul-@5 zx2qUCZo@Q9x85`8e~>es$MT-L@xXDo_H;32V02qK7w@S#88}``@4QUvKxXGZ_C0@j zy0ZBQ;pxbD+$s~?F&;TdORcnCn%UB*3fpL|Q{fO6Y~M~Z_@4Cym4EB^mhs8h^0Jh2 z@sT%uwC_D3GJ-Bu^UEOulSd^Zkgea=N*+5#}xA`R4`?Z!XBm50iDz6?hQuu zhnvq+_d9{U-6!hRmw^5o)BI(($C0&(iy zh!x}`pH;0*4>uiy@VI9yts{pdW~}ZmZ{SekZWgj&^HF$xlN`5m$ve3v{Fgac0SR(j!11a~eQO z%j(wwmQ~1pk@#7UT^bXpJ$TgB{m;JU&K~9G!$R(%NPkCH^CPM{PL>y9Vl*VXYq23$L6x6%s$Ax(EmnhQZPbLL!zOxoPTmhU**BBNn_A;fd2eMN% zsuJ4F+%jP(k*hnpWWZ$f=I_2xXI*V1l;Dqz=hT#xfkjw>5m~gNx596}y{j)|!SOw= z%n{o>ZWIfI%)uCV^WL#a&_g4RQx_Ry6o0YI4xxMH6{$=pCD`Kn6G}K5f#ex&>|T)e z9n_H&Boi3$JP2MJJr$4M}o9@M{ghOVTXu8CuLIKV2I-0E0Ww|QndM^Ul79;s#c>ByqVva%*}5)7`CtrKpx2oj4Jh5s zN-wiH@|Wz!!u`V`|MtEaK{cROggCGPRmyNDwCSt_y@r+sd zTOs~)`V~RsIqz*Ezt?$^s7Ao(Tq;Z|}wl;-2!0z=}gNA+%A?IYt$bJv1rHpXEsfmkfXrb}jrTfJkNFH|UT4lyR<# zN2P^reNirv_K8y)mb$0<><;|~+)9&-Ze8`e1ttpb!wfqmtB(mjmL_u(Kiv_~>I1|oR^lM=okk$FZ2C~`o3V4f5O0W)9>qK zkV8OZ@PHrDuFo1Tgrw?YxYNY_ywhZZ=#{Kz;hVAjRo^JX= z$$flxD}RPB?B5rwdHY+<*MF>w-TN2D`^$Lp;iA)GHzEv-+g{(F@N|SD+|Oy7ths0! zSKkdOB_JkG&61zLwd#1iZ{D!K&!DNBEr=;naMjk-%4!GhAk zi_S^$j?RJjW;EqOl+SQCOE(3Hx{ZNG>Vx%$XwgS&Xy4=>vCd)Y{E!3odn?q#yHuL% z^}2ALUr`V>aQw98>6Q2Nk6l4?v(IVN^W68VP{K?g7$KIA#$tq_MMsgky zZL-m2r~GVm?30$119;wxswj->FZZ?8ZT%?vQkZ&)yu=YLe*uBF@})p;JEfCaJF)q>j1J*tf0=6>N2RwuJu9E4`)`D-arVfkItZBu`xKet3F8muTTM)Uv4d>V0C-{`VN$(*Le6;t1 z35a73skeXrJcY7g_nFpL>9JCL~}#c%|AsZc5L1Er+7Nu`jWPUfO%az z6*usL4B31g{nG^-x7TEVRFynN{yaSI)bKitG4ipv`%}$d6&if{VxC!AhF{(nI9m|h zz1P=vFg=2ggNigf8me=`zc<=8^c_0-QcS(8}u^DZcp&Oo@-zNP9i}P9F^1 z*!dH{2pN|kyyYzvFb!Sw=NpUAaB_SX8QR@&{&H^~Oairru+K4#*FD~{ah}<@xu#?G z1pl(dr(4ojMqG_ReGPs2^qx8bis8d}*>8JkF^E4(hu(@8JW7f?Jsa1-i~*#qim-8p zC|?;8xw~{D47ejX?QW#r8J38GcK6l4eURKhh+dCbT51nTez@=_@C1!ptzlC^XEME< zt@z5jE&hN!Tz@};+^$c-LY3G`BK9((vZt53X{Y_Nqt-BbXBy^b^dItHcUCv@%{J2xN90P+Z(B_ChJz{hZqZx-fQ^ahju0Q zk5nYN>dA$nvdPy*5&R@v=JQFS$8Y^1D6v%_v;YZMp0pBp);x!j2Y|Np;ONWif8iDl z(Qx=NjA;CO8n$@#>6vJC5TFU>WfOz;QARjT1b(`_`*_D{t0Q&ai&mcM1@nkp~%yL;{x_(=VpXD63kdJg1+pAd)i( zopa6}^+(}$)+uS{JetLC}@S0=_3j%zX`K z{jW~U-}@a&3jzlyX}p530`w#U&+b@paUZGe;zaQSXK-Rc9EzPmkUJ-QRHlwe}SGgT#kPwY<uOdoP2@y&|& zD|r8cjH?6xh_5IA&WBbToF*QE=g*~nI#-$yM`aD2cUmjIa&u@@go4n;{`kDy;dlZR zF(1JgLtShN6JPi;M%>c5En%Xavc2m)ArJP2k8!>cQx@9o3=;YXVY*G>{TTkwKZ-Y@ zhmpS@0|l_m4Hvas`F=Iz-;)q8e--#eq_MfMN7zxQ;gA2zKYSC;+b_7Uajig2BTJF9 zcuPX||ChxgAw2)Qr5q6!fwJf`5Z>||GzcdARI>QGZ45T-#X3T-hJ5-HC@dirnO`BR z?&#KT&zK5*^vn$$)piUn{Nou1H$x#T6?&z_?gGe|5++akGL&A9L6}z12n9{&hJnIQ zz)vXsN%4imJpT2UJzIXbiB~L2_``i=a2Z5cN(zM7YSqvCmL=(mA9!&L^u~8$p1Z#* zXdnkEetIy?%O)AkQ7Ru3xWb^LS(>DT4alO|pw9h=h*F`YJ(LH-+TgDcBG=4Qt>4EX zC)|Lu&jMxED35I*0)C%!f2>*73(D3w8m=`IA@8(y6TnMDT<@fR<3S^3v`MV|k%4#* z-#7{ZEn6Etu~>dtfZQjG>)IH898tBnS90begu$0nEL*~#Ky6YGC!Ul7yf?8{bDUbR z{mvEc=$GgbE|oYWUn)i9aqxr3jw$FQe7UTy38BJ?S&@!Y^zjF(do+P33;<1z8q%J~ zyp;K`sS?9ualbld++{_PZ;IToF1Ap|g#^|;CLsZMeYUG6m$AvU&Vv4Lv>#0A**9Mf zs^O$CmGJ1F%W8!o@XbU3H-Q!DreAe~3I!scxLOPDu)3?f{tval%Vg*SQ`;dnRoA|> z#bSylvEVe=xLq%mvNwZ$SyQp6dgLD}C|8b$U0eoxLv}68c5s0aa`W;0G8Xl*CEj4p z%SL8&P6Xv(YB&{Ew!_O>9rwP)itL#vSnPShUFyr24S55*^;mvI%nkqF{s5fFQU{C3 zbkG&En;5TdyVrN8hhIOODxGo-mxEuS&LE$XT1S1stpY_NYm5<4q<#9?fRFOx_Zfpx?31De99`v&wywmVQtURX0WL za1k%ES`zqo3~3s*>@Lyd=fz)3xPDwxwnKMee*3z9!~-)8jlBiJ!^zNSi7{f=iKVKO zEe?Evr%+O(7H=l_P~(DNJ6cQFK=yR5*i}d;^o-O5$u=U8EdF46gx0Z?4Wks1TZ#4H z9|?P9UeUt2h0lrFpvz$8kfU^kz67crPl_ox-gv)`dBm)efQKNI`EHSz8BrNj6JA3z z*ukQIM9;~c^#z&AZ1rkQExgkLX*@ENy*a9z5PG3H64A-|Sw++35ppv!HC5_{#a-)$ zFb{i`ocu~X0t}t$*|9(-wK(u&83jo!zYljudnoRy{Sv=4SFoR5WXSEcjYi0k#JOY? zaY#pyth*VV8jCY}8DA{FnApLF{xqWFLjO!$oyy&1~Ib-0B< zUhmP}^6EsG@7i!1B(Zf7|1{ORw9>PSn)K%=ULzD@pVyWs;mfII(ogcNssgV!(Z&@Mdz#vr zHE0Mq=8zohTV4Z6q) zl()LX%wEJAUP;P&gPJ+qQMRyh9dvBfP570$)zCZ7d_dHOu^$*I%f?P&;Yw!-=#$zp zhv_xaA?to>uqe$(2%=-@i!4)r5jxYRUvK`1>cKwzo&(+7T(OPfutFWS`+%<$B!^Rt#3VqA=;Sms^xs)D&<~qif0_yl#D-ftq4AZ zP7}-^L#4my^*k!)8#&z9CT-a4l-XIV6M}GW9^vYSWQ4AfTu`#W>9RiuB%%Z|54baH zm5o^TQ?|}Vdxx1KiM@)c<6coMs;fBNI!ZZ+##s%fGpKU4EPaAS+DR$s>f{Q+iZ_zs z4FMLlfL+bUy==vF1<%RkSXajQoU*iW_j zCthWkqbcyHnKP@~%<{)IC|%L122U-5=Vetr&fYce7zYLn5)vp);K+{2rs3Km`&Y)~ zMEhXgATX}vSXA&E)`HKB@R;z`ZF*?WY@SfR_*inz_UQT9ngvAct zscS79lD!5#kyW1sNH$0ztB|o-2}0ZkvQp+PC$wj+_TbPA2+Z5~gW%|u>E&a%;nFiW zHiDNC;eN@|2akT~PfVQIzC08oJ|c-mxT7#0eM&)_fe6pdkvrb70!$?N6_}^={Unk% zo>Px=vi&I$YSC86B1Am+>n+aKi9e}0kRbnF;L|TM8+_6BiU83yZ_VF_yA$;%=LCHg zqLhW=GcTu|XoCjP+fzeJtd18JD!gc1gQMM|teE2D(dzJwK=4dh>oWSNaXriPoIBqrsB+lsDbqdYCPseN$bOEt~Pl zQXtRM7=s3m${Bx(PF0{#=#Le z$|~3#*Lmjg-}u@wFm`iIM;DXcZ*osywP%map$Bb0}+MG$$ zgQ|J5X}r5m27!C<%bbyxGNFMVy(yDXag-M_qpaY36;F)-opD=s!HK3tOe5^LM#&?= zKG?gEWj8G}2_c(29rmHiVlAI%FW35WMCT-JCnID$taPZd#_NKMN&uDcPESP$C`;Ic;Ek<2-jSWKF2khV$PAw@ zH7uzsw{+XRO;m+LswhW8kByN+2`}tZtt3O< zltWWJ_+RvW!t^yhiVK-{11Gd6h|Wzg`DWN8&xFeam}LIj&ie@Y1Z^8G4n4chYXZzq z(ib8UalVEEBH=VOC`$0}C0mzHFqf2Q;NJJaW*Z~Sc<8^r{&rhej*|~mogb2CM z?OGz|;7Fo{*(gqr24X@wRXNh3e=sg6its8BX+M}rr;K3&)-jNb=l|Otf_2anKRg5j zW7vgA+5eI6aS*N08Kb!RXhH?NP{9>|BlXf0)5b&4$}Pg}DfT&GncEr{L#gcA$h58U zjZ^`WITH#kWlPb-TNTy583xIovfKw=3r>Hc-&_1~VW=Wc={3+B9V64Sluf()gPh#bY#C`aH^yHPRYm14;^p9{wP(j#Rz0R6 zY`D2{nl@Fc{g%>mqP46a9nTj#0&~FcM3=-+xhX}c?YXtZN!WJ@KYOp<8p`F_VZ1rF znO~bdh!BnIo|GPbnMp;As)Qkii zWx6(Uhqy;yWSV7mk(1@)_=sD)AoJRM7W&(R&J92(VYyc}n`d<+GOp7OYBX{IUl5ok zDuvG^eaE)~ghU0LrPai=dEI{-b*5nq*?1+yv;h1xb8cy`UKIVYKJVo;$gi)Lw}<7x zymIN6n6{c!Qsdl+jbY_Japu_-X*C&QR;aIWYuk-x5wg_wfHyq3WH_g{AEN8UpB)~9 zlRm7BWoFqVWnDOXbQaB9EFB+f+AXMfGzb{Q_YL7>cmJqF6XXATH2l8N!8%=M3#OIG z<<}fDu#$bWzBftPB<04qj>$Hgv|C$eIW_ceJmlJW#c{0>*1gM`y7(_Z;bKYZj#eWA z)$u~>bXabb=9fQUK5;mW2>>q#AQ67kY{QC?_0NRDop$(emPnL@yKH04Z?9@m`@tWP z!geXdm?#7R@;c{lGq$>uHDdj?dgi60@ui(b)JwC>2$=*yk=05fbyyr~N5Fn_3$&Cl zkJXONDb6WHN2BP*+upEGYAT3KpBP-oj07qD;0$gEx4uROW8gMIBM$l^W_IV>k+wh; z-GE-)Yld@-j|M?qHL`@oA`>&dgM~Lvv?*6E+0z-MP9DXwV`$`^*)QP+xnBmChj9^l zUe0Wc!mHZ*wZGFGMoq#d`PaVHJ2|5nn@XERZOrz%qGDW`Q>Y1g*7aZPF(IWqi>1Ej zOkF1I%2lkfqNXd_4Ohe}1OaabExXj^qnVlwPEL~|ONnXl!s&WSg68q-!6koK1~v=f z?_yR_OPcblUY#!jnsuwu{hcN!Kk6sn#tZc-pe-Gu!?db~K<55Bm zdUeZJ!**L1L#xublb4+KJo=HH5^x*#%{GGOI|r*3xo^aMeW9{l1rl__yll2fNN7lH$!69rdUdp0puu7rSu*H@^D)b-0S!~#Kk(`xA-<SWb z$AlY!5#r+sICNtW6^VXqw!5_1*0HnljpwaxXPr$NU9n;2T}Oh6Lbcpa{k}t|xtx+i z5vCCTPQK$6`7NW|+nsmF7v)ZDl+il~ijvpPf$3OJ&;NYPBh%M#l@U+PyU7T03J zmzqAoJu+`>R49v-+Ii*uz)<*3pEV!N@U!Wja-Plwd}6|<{0g4V?dPJYuWE2Ybn&e! z=z43JVB1ey%5K|spSYLdP}nwqyJXo3Be`xl@iA!%DgHHx_jPsmL01f2{MOG;t@~?~ z@N43o`19tDPb4Ux%)L;6t7B>mzu~-#!XRAFSmH!% zt9fPIFPiR)^~F9mGjA8PB-k_$e}=Ap@|j1Ez6%M3**84rA=oJ8#qLf1k*nuEw=+Vq zNP5DycT;7b^BQ2B)7Cax>zao)S}UwlMZCK-ly6#6scPWFytMWqkuIM{L^S!BVqGBN zj3?FNkt&%D8D1xn?pE2=BT$mmA~D0JD|OZUF+ilr#RpP1nIyJt6Iqu22OeMbF%IK$ zZ5C71*_QTMZNmL+mx#8azR9SwTIsgfe$E^vIEd4AYKiAKviVYPbGDk-<|wXOvb;Vy z=ne*2Py+*G!Z)LscvZI;k$J|kmqbq(dnbV|W(!VrDP+xSSxhh%yu{d0G&!#QLXELg zB1t_F0)~HYL@knknH1b!nj1r9>p|+g$6k`7H(q`y@OYTSxFciW6uE|JPhY$;$Wb5jw2p>N3 zguC%Hv9jMB2a$PS+ZuhQv5p&glnm@;R&W?w)C#P-y#o7LaA5tyYT)wUzBU*oP~yy+wggoFy*D3A%;0%kEOOsYzkA2IMI? z;hkPR+zbl=YT4ioUZA60v%R=O+(xIM-9@Qk;QoAF1zY(*jvWRXahiMDN6 zxFPKV=MTk9TR3*n70&)&Bc)v5UM-afrJ$l6s3w&ZotxbZF(U^o|AHL5Ort}faQ!q{ zslUbXU4=UfivOxGRzb4}wnxpJY-A~Vuhs%4)_JRuHYSnj2*#uO!)U&lAn4>Qw}DvA z@_%Y+tv@2C8JHOQ_#TcLSBBIX6dc2!;_F9Q6LY03XMF?Q z+0wE{f5O^3>~=-fVFdoeKVNoJ=qg5OUNy_b{q&9Y1nAGRm3~B66;+ujEaDQoh9}Mk zt1is3yvf`bbtj`0T#a6b$D$Te6TbbOhK7|#9dV(Uo}0H!18w%J?1&gnY4T_l5JDzF z`*in~YPa!aiMTY|4mNS;zuKHlj4VcSL>@{&r7DH?{k0d0gGpn(5l2?jys7QvaEL{H zG-NDmRl1?6+uSkr;fAwiC<$eP+lg_l>V*uqG|SWc5t@7|NH>Y$=IH*vC_9HPQDAJ1 zmTlX%ty{Kj+qP}nwr$rf+qP}@eQ)(2=&VdK$t08Hoc--w*qZ*uH1%?#7vprPJVsb& z9p|aQU$~I17u^SD<#2mFsUer6l`c# z?-d~mOq+pr9nYg1Vq8PX;$|zKtlTovp{aa@cH=2@k#ijTyNRDJk6iqo(zo0eAvH3U ziZRuGH4_#5R2~z3{NOsD%Ak5>(L(J*yY?~hp$JW;fQE9!x5w5LPYg}4!EwBlH%afT zR*mY0j2gs}&Kj4n_Pzv+jeS7ui!{V*wS-!d+I@^~TGO`FoMJCH`;BmY3Y5-aizF3R z^=Ekdqo3xbYg17T)2N3Vx6Z(&F!GqzX7P~nWk7I9b)f>Wg|M5DN)t!M+y2@@#)Cg; zhN`BGI)#3$x@%-R<22`ZN>y{961aDqMouv9=5X7rxlYNP+V>>=$bNfBVo=e(?ab@+D zh&VZO7W|};>4f$MUwgNIE~i!S40}`sgNNiF&DRS4Zp+1`j*+ukl983Ic&zZt5w^Bw z_MlJqC;eS2PXc`mC7pvwsv25g`Jv;%oSpIGbL(~h+OO~QiQ4yR?~h+Lu zHK)(E9Z;P1_wzUUU%+RC(rg?qhe2-l4%fU|(&3XP-$iHLpQBHD{7)HVw>Oj7@tgP6 zSG~Esx1aEsI5$+XUj74D2!~IySWcZOpQGDh=3d;=Y>5ac=GGH;T8A5p4yY-!XYiq2G4@u4q$1dmpEC>hVgo`ssXXYUtc`Z69 zk3ZLfHmyG|^@%alTbfR#CE!lK69(so<9L}QHqnbc4{OR;NL~y34pEx|n8&Q~3FdPZ zA?f%8Q4ERKJ|gL<*P8oWayi!<^PL2;_nO@+gpM>z-n8M@4w0}5g6<#oao3*oE&&81 zji$@~h@H<5t_nV{!3qP>=u0}m)~8r5clODD7m+<*mzqcjm3kOnwrxrfHy@vUsTK}9 zXxphni%#wJy3z~-YATZ2V>WLD?=CF+4EitfJ*$#P_A?ubnkoGXP6XDMeqvJ^3`fkc z|MqNS=_F-c&%fMIl(0YPuz_JNu`dv!PgE+av}{(XK@U2~%9-tMDvM;)#0}1np+}f| z*~r_2M`nv;`x`E#ASqo9x7bp0pqLe!Ih0jk)@|lU(2k3+y|10vHYH*$Uc5jpo^7{U zpx&D5G!PF}iMiZ9+#Fj1I2}iZc5>g;jdL#AW;;l;>kqw6FFhu+;Yr&JdJr^Ad$9&W z=x~oa8hCgNtcZlQy&jt&)@|V5;#_~-=MYPSZ>*7f+NYoDCI~JLGpAuY)w%VQSG*Q$ zQ#tcVYT4JSX%qZ5{XEu5l? zp#0%{7RPJndyx>9C0S^*((h+Qa5I36&J_Th1S}zkKxB#A(XN{_f{8$~cfYQwu%DjA z&YS~eeOdB7=vY8x&bp~ba-W?+ezspgvGPiNq{y(8jNfdW<#{ELy|qR3mH@A|?0Jv~ zPx(gYVgDX*a4@uIL~U_+=DXKH83hA5sizG3m@++R@xs;j%IV^F(mEC5w>)ZX6o2hO z>pg7^L-VYS> zGSmXdk*&eRc0YGPhF&(VJT{&?>pPseSWYas57N zMF|;#>8d)GXy~xj$#JwZA!yILrC+NRx2DwfK+kFeh%f6vxQPtwuv!ZdLAP#0|93=S z);9R@5TL%6hn%8{;7!N!ys#LMWF`Yh{L{A*flb&n86UxAO-Y$)ShLz)EG}6~REE~eDU(o;>NbH*)nj^X01}njcn1eoWp#;6hUrWe&K|M-0f90peSB~a69L96V zMRw}Vak{VJgl55m;mE0#S6nC4+KF_J|G<*kc1cfG#Cl0?2({U(87k*BR)M93lC@4} zKErdA-o8=OHkVUii8oc*9M&VyK!SqLvu`11zBzLo3&b>RUGr`bxL$oZi!WLcwg`3j z%aS3HC1R3Ob``ym)gy$6H$Eh5#wb@OBboIi3GnSO$DhwQ)X5k(UW=$?Y#&b@xFjVv zbnu}3=+3*rSr$U=s#6x+q-HG`V%hZ~bgsv6kjC|nZFLE@O_`ob=E6SO_iTBcxYSIB zML95A+c;gn3cK&GPQfx7VT;bw2_P~#8xS^e*(uR0>gOh1dHMGS{$#kU%m_KIH1whUc%DnDe9apH_3l$78c z%jUuxfS0k+)?=`x5@ee~a%FNMwhhm-`d!NUUD?WM2!-=|WDm(%i+QImXk{Ee0@se& zZ&pu7exel1^TcjCdv;WM(l+ICX>&;cW77a{!^G=1V6|I&%aZ07xO##A@a-46+I!rr zWS#DQJ?5J{0MO4Uz(?o$XV*!=J^ca=Qh=Zpj<_$)dBP6Ad1_*( ztp8%{6?rr_R4`m~7aGz(qZlytbWV@I*Q?&^MG4@M%swnH@3#hXDT-!F39oStJm=`? zM;&NbtlHa4j)ZXbdVI_chr&=KtmNU4xjyHvX-z=-Sv3`)*{^COpEJ!=R@+Xs*Xc6S zIz`Autlg-`E)It(g04pdI8+DD#`5C%xcYAq+%XRNr#qbCN}=jZ2gB6%LGJq3n_#4{ zs09m+^TEz7GwCkqgy||1Xf4*m3xQ_Tc6Qc|)6%k*>&c0O=uGSWjqb5OcUgq)Lnp#m zW9<1!&8@O=NzNjkl%o%Iwc`AVx#g75A4$G9@a-`2d-!LxAN->frSC5p-S;q0=s7>% zi#+LfzDWPJ@1(qsaYEv7;dfVl5Bo65p_A>dfMO_!K%mvOA6cr280eJvj*`rSsX2&| zCQeKHe@(w~AHQMK#$J?fN>jUQs*=W-kR=oR+)4Ov-W#foF6iMkpr2BrF9m zszZNzy0LQ|w8tGO(RdKS_S4xXTc31N8P=!v&|MxH!ia352zhz4gWBKbU$*C!pW#n{ zyysoK^sgwqEh~DNCAZO2-slK)S)b@tH>S_i+Yf}1Ii^HQ`_JZQ!2Ggr6p7dqb9!Aj zw`jf4Cfvr1i^~$rRU$Gi+|canNroB*%=p)9Bnuw{#rl7vJlMjP4~EK0X~Fe2MF7rVixcfIBW4n-h+nFh`!} zwi*mh$Nrkw47$SPQal>D9@R1IAk=D0(Pq(v^gkx8TI{IpuHt!n>?hi)xwo=hNK|5{ z`#41Fd;sm@Iu5`D6(y?CRH2w&@G%|68Ji;sH$|}gRWCyE9lrJZgs#z+Vz?n({7_(= zV*t=gPACOtkT9q3rg*Q_Qkv@P{u%oDTMG~rJG)>_+aHdOGm}brxRX7cBj{9Au1Mzb zpmP{fIqxv+hv?4}708+d+anEyuj(k|T_~t*-cu&rEal4~ZD==u$ERz}rO-IEpRwqI zHYvke>C2-?^mdue5_C&FWA{<>cgq*ua}7f+(V>Id_z1C5P7`xYSLw310~5h*I(hV$ z+t$AEB~oJCRDBUJ)`UZce?m@!>YJqikxod=Yt^S7hsSr9w-5H}S`J+}pLuO5xT_E| zk6RtcjooD+rbp0-ZtWSL-*X4TK!Pwy9r<^h3*k})i8xWZY7z-tr>>p4Q+g-_x1`3% zp(sJBwiBQYbH!J=GD4w`53D1nXlt7|Z;vN(X*UoS#whb#eZR1tkhX1sT zbPwGFF}8IIhMJ>61&;q&baUo>l)ajgJPRd8J9@}IC{)QcgC^Pk%;9jDG(?rKZWN9% z!i2Eg0sEwt(x#xJ0* zkCoe|Xd=VcdydlyzrOi3A}iW{R}x2+N1?c*D0f2%>hW~b*u5tKQX&HxARU0DDiVL+ zcTHvQF2EhpW(K1h8(M^@o6Enk-D#<7@-C80zSx{eTEv32qwK=Hk(;_+uC%#NgKIKQ@=1ydzL{5gd$~7cz?GS%;qy4gKb6Ro@$yfi2EkVs zcQ2(`X7VeN7?;#ZVdu&=lO&O1D>f#QvVX??+O~6dk|yDzL2j1xG(9@6qM5qR;iC|J zn&e#fceW|Yoc!Zv75<-JZ3X|=o}8;^s?uCiu1FzaRU&ohm8361bn%{~rt0j230r4S zj(uJOYr4uA$HaqWW@dJgY5KAptHeXmR0LIQh$gIJDb0cN(~pJn2yOa&@jmP{c-mw=RKh#eep9`0+RV9oSQYK^Dt zQ6gs=fEWu*j$R4F*Eu70M+87#QN==I2;x+PQwAZF0#LZ#LJVerp(QWHpC?}}1o)2}fSjtB0GSF{apYcf z6lJ{L6TCV(TN~7lG@T-x91|8G;*v1G30Kx$uSDS^j6!;<|L@u`7w{OCn)JFb{5({E zvrh8uQLzTRi6$TeaXLy6usBIl&~+cqhR_^Ty_!LrC>N@c6(iI1P*^D9wW50tY}jpo z9m6LIgI!SZYiyB@i9c$;ND2f%9y~a`mcSR~|lfC=~X zg|+#*XwctJ+!s5ZuiG@Sv7sTtPpDf4G9f#I&&tqkbw<1lAo@Pp$$b;941oM4gQ?GT zevF$O9K1X{ydL8|gk4j4z?wnmXbS}DKvwAIuq!o&UJwdXp6Q3`N+}+t)*@)O&2br! zU&`8sgq4wUj6>Dvwam>!lV?*@9TZlEP(xn_3mS-Po51iU#QX{#nXxYk>nX6GiGnQb zH>d1eGml6uiVw!g)7x8_qOh(PX&@H?LEA@iyn5TSTJ1F}jDS zUIgfL;RaGomHvIvG#Gxdp+gD9Lqa2>(lJaSxnD$nY=Y9gb3d4LEEDE60`7S$!tUXR z)$~4kKljHgja=Q==^2QVyU8#k42azRE`Uos?DoDElRwESUE)&!;lSG7>bNK5{%a#( zKfbv#mM=unJymw75hC}LN*u~gkRhILf9%$Ysa)$d^ioGy1qQ_hXhtRr@n+1L3WHhs z-1#NV#G`NmvOO%ZtsDD*Ot{m z9qy9ARIt8gSMio{V;QF*?$*zn~VYDADPH(hjRpJzI2E6AtCMWMT1U*u@YaT z+VvwNBsN)K;h)$upfaOe_&-qHe-@O=4AaBQDuDf2wuI4CQ&f>eD>cf5>=G}hz+`T~ zXs-r)PkI~ZDSPehOj{}9*x;zJKw%OL(&zctS0hF00AeV>dBe^ zZnXrqOFqXSImX^%IenCHmgSOD{R~dAh~y&bhs(73!26fQ>^#LbNIXJ!DkeY?Lwv7K zD>P&Z75hR@oPv;;RRAVO@h1t2SB`E&Jm@lT)rvG33SvCJ3eVZ`)$9RwytENBV^16k z{Ah}B%L{z72G%c@X<3ctsOir=mePNLpeJq=(zu72)&L~8d4mzA0Q}}Vz1T-*{gWQjr zjVKuy@E%T9_u%H?kn?&31}Cm>xJgg$kyFyX8<1q7U7dx}>i<=e^Y;?5nR9yhZY#8P+#mVAT-Z7Cwz+i3|N3fQ?8Zu*{1QA%Z=6#K2 z-e42y&0t&=Zzq8{B`G>u;sXX+6rU12*0j_`lqsohC^V^kyjMQnau4S4U-c6k8-#^h zIL2%Ji9u{0%Jo?vp0p~Bg6C-u!|Um;#$0S#hT)1fA zOKem8$BfB$>;|_QSdlj$uMnTdOiP-qA(R`3$`>w&USl@QD00=VjiSlo>o`hIApFhP z>mj%vzvl-sP@^ixwUEgaPLVh7$L{*EkL zqxvBhil+bC_Kk&dvF?Dkw=_M{wG5dC&KXDOlvr}6lnJaicH1_^7y&LAkprSE1LeC$ z%%HS^+3KlA?Yl;PPpw6{f`4XB*uM{80J7AQvS>{!Bx@6`15;6h(mGz`N--0Kl5Pu0 zEJ=_q=;S8+w;?m%ju+KeD@B3=hsXOe+mIyw$qr-{fsg$;FCX_ zEPYeXqB?CN1pMN9{hj4xtEj zfr**@`uhnCyYmBIB-gLsUT{@CfmfclWT?Fj{&vbXS9)BtFiN=0bkQd|1SDCq^lz`P zi6Y!wONN8p9spm;(~=TD=ySwSmJkRP^FWR0@2FwavDTT3#m4~v*Q)EQfR=$0_l!@o z8TkUq&jW=CD*2GMV_H+;P$kZ5_yw_pK*2uj&Bl;N3tf{o9noaT-{n8vnU5Og99;%L zGQ-DbSFTPPOKN$`<`3=>CaWkJeW1LF(5JaBLucryjx+X`TBOueEWsO9I zqJaIy^?icNA_=jWUZa~{xWL;`h-9putdf8ov&fPByXUtRHJnX#u9BG)MZNe%>mFX( ztovOYE8kn&RwzaVge2A_Ya0$T;S6SP&<*5YHytKF1}43`YQhDIp-*qd8Ef;of^iPK zCH(3h-(ZrkL`ZQc+l;LI7TBql1N7a*TEfifW?~=;q>Gp z0zQ%jYn&B0O#oODiKdS{_jbyYst9C1aXNFz1elI#L#=JZ6nfJKN~RZAJ+PcC9ck$V9T@i+!TlcI#lpKXUn1>7X%_ z>G$q_9B&SO7QQZ^FW*3Yf2GV_E9(OYc=!tUK$Y51$SPC3WFq&bWW*(P0RPmEj^8;*PaqctnT z8&6aH{-cOwfBf?^Q~%{Hi@J3c8HO4Sl;B;Mwh&9$7V zcWX-4Vmcj}071chZLv~#HVK%d>tCgsi3<-%;P#%til$GR7>PdwJM(B(!S#;};krRW zP1P7N_^`lBV{PNJu~Yqoa_hMPhhbtLAh|BGl}3KjMYB>z-`;OlA!ZA5%E^uSzBWGD zxZLAtGNfECx<3$n)^4__yVtF*=L!DapD9jAUCSp7 zshZ1Sc)lRH?mg3 zdODUwhfqaeuLrq@VoqDNaK*AhLPa@%h95JDQiIAj-&Xn_wNqgl7YZ~qb!L*P1=k== z0u{?G*NouF>V)P8YR93vb>n?27Jf2jbMeT^T8%>J?AF4}Zx#WLyKXGM1N-^ zhIdtXuek~--JKPzXyWY1iD7+R#|~AlQrhHlyJP7Z=D?|8T z)ooc~Y*0$!!j1bV2C64;R7u%3R~8KZ5}3`+)w6*Oz+hgd7Npu{Vg`!<{D@vE&fY(M z<|7EvYGyNSx$7CdYk46%t`l7_`L5Kj04|IDo<%D-@c5E;@AD0hZtAN2ENN^v8?*P- zM&zZ~#sz~vS>(5|YY!b%TM1mtk?URspF8BBD(&pBC~8DzHpfFMVMkrbw9|RUg*4YD zZ;dXOiIlfHNQh1{dm$0Y2R zp@?yt1YA0bc%*A*Z0xgk-YqgEBAfOO+Y6E@+&>jC@*>{rj2(#O@CG9$p57pTf=P&9 zTo;ake=x;W<6*Ibb$tSxY@KZfs>+?i!+dAI$18BcPdR9%QL9}o7iK;?UlYPvsMlYw zrve6AV9lyz-GZcT19bd$+!A_qE2?kTj7(}Qc61d@_bH%3YE=5Sg#HZ#nXng9Q-`l0 z=OJHwh3F&+pxQaato%*gdGZ3p@YJ#;A_m5vAtI6#MAp>i0kvrB301(rc!lDJRWQ zsI{;Dwy2Fwc$U>z#lbRA?2QIPcX8f*3JNbxXLFNgdtAM8Wc(e-3Hg@n zmf9cj>4fmq4M$mWgpc{lICHBpUz{sakMH+rK4pLR!rqwkxhsmT!2-}7W*P{4v*QA% z>WaR?JgvIcCPctVGQSi9d~+Fd71O6zBv+?;3*)F+pK@;JGL!WW$%|cBbKl>K+I#Op zgAn5uc^6*XI=@ZZOEp{0^L?3^AOyJqZ*Q!2)HttT!70%<;(UwvsWT9ddo<*K+ zL8E+cWfI%gohUDH64_4dma6zf`=|eUv5I$Y$^A3)46(dXT2D+_bG<=#x+A!{}lv>vRT<~XFCxp`pADTK=%!u26 z;!B`=1t*H{YnPM8Gg;USvp+{Uow_yd6BD>!qgOeXR5aMF3Q9TzSE6?r7sf7Ar2ANr zE$zy_JmR~%wODgJefjgy66|-7Nq7B{;f=BCLZ<-)u5S49xsaQ>s7SJiGD(F`m;{7L zg)g#5NAhws3N^c=|5=~#^eii2MbGE?N#P6ckyYO_PF=X;z!Iqs81WW zO6V$41!Uxywh`|ivxX!(Y|1wgQ;Dv5138|E=k4>GW%H7Hr;N7xUMxQPrMhaOGh1o) zdZVMKH>Q-3LW_sG=vBDi;{bIrP#l?L`SSB?e3&yPm&;=f5n~C#$^aKJyP@@JP?59l zLysq$aLn?u;#f-=4@k2Uw>vmwQfDc?svN5ked8)zA~H!SkQjZDv!mA(HL2@wV>3m? z8V(K*MuX1q-BQ#kGVVwmhtk-f~t3_8anZ>PEkA&~nyIELUkuE>TOWT%I0m7c7M#` zs*9#HWukio{0XJAg++dH2El623x6TIVBwI$#sJx!D1hvnaCE2VoF@z{?^!S44+tcU zh-%%e5a4*#fk1&n+1+Q9N>zCj)SHbgX2`oaA=b_e=N=R=H1?L6nODqA^C^8Xd_2x1lPw7ZIAQzj`0M^y(WHC4KF9yog|VyiN@)p#c;(Y1xrnKjA|)eF=93QJb^o@J`4cShgl6Pv;R%ccM`Et322_>9JAn2wZHjI zsvkWzTg9U#Ie5*~WZR@=7z)c~@kJ9)A>2ntZxh=wL%Hx;uajV6>4Y{a*%|E_@g;z? z2f_)7EQB|TAvK>#S)BFO)5*7yfW=>e_5tL6=*)*&_$My5)pX{plU^0+bbX9Gy=s>q zf1hV5fv(WyB?pvi12-npLszZp^@*vbf&%GPYw0>@l@>>Py4m5=j)?mT>^|Jt;iWx^njpE{-kH0nnlTJw8L5TMDn?u+VFO>}d@+ZxE)AssY4lxE838m$ z<~pLGTS-k277iLJB(STy=7q3;!p0^IA`~YHb-!Oq&hFVbGpfC*M?>);%ewHequ>9kwYf{ zf?#own-_(5W0~?Jz|G!^sY&7|v(P-yO4>XIhHi*s0y;gHbT_)n(VcLk8bLWzTw3k{ zQbs;jmP~XDnGk~c%Y5lfel+xTipoE+>0i2z{@9tTNijpCUbuP)L=ziv zy&oU*tGjRX)E@I;r@BexqyUiFa60-PAInK`0Fy&>_1=%q>~XfZsb#nX?~Z*f9^Gu}g$xWjsb^VZdb@t^|Ag<$a1)1RuK~JzKomM?=l6@?aW{3S824@v z<#17;0zN&W`BUV+?Y*{P7vn>9xBPJ0%i35}#I{#*w)}0h4Ir|RVv!NCm_#Sc96h5I zfoVhALQge6y&#Ez9{o>Mp< zeKZc9_i`)b>spYUIO>jEYwMXT-YTR!wH{RPD*kQ^x&Jw9UEtjXr8qIEylAmHCgy;^R2ex4Irl&U>(L4Tl4VX?cZUJ)TgmEP zpX<}Oj-Fh?9#v~1rH|6h@PTBssFQ9eRZe6Ff;5Dxs^FBRcD&=z4zQK(jc#Oeu5HwCilJnhHP9L2>J2dBkgz#(A5vCm-2ifSxsjj0WqmLtS z8GIO6tu)Q!nnseo>dHMfxE4=bLn6!S+?R`o0h`6*j*Ok0!k|a-V zkqI037@5|N!7op2QQqT%24CjHeb9p5BLDMaH|WtTeb6CXO?iFM=Y%1rNUC;WvPuMX zLzzXnUs}0_wHe<^)Q@$TFvv1pX8()+_2{yi(67=>DpYGOoZgBGgtx$PR>?oIV$I+0 zh)f{>bfBT|Gn&(EZc8qsA*y@F6ODH*mTYsrz-|Hj)1JBbVBeA{F^;Pmv@4UU3-|bLCjyn}9eZpotco>wUlGK0rp~ zF6uQoHcmGOuaD~(JH1SB>6E~C(5>lXbST7jk^{~x1%YpEICT8>CA_9%fno2n_`u1Di$m#l}OIc(T)7$q>97$?yi8Iea6cA-Sn`=pqsVc zCgdFxm){3zYRhd6+e{dW3~7t2?vb`-vhJpZ^-D6y5_KVAw?O z-zJEKy^EKrl2}B_PK9vW`{le(4^L!oc|u>aK3}s5Nx1|0#NV5C`#8qAfGyBgMTm;V zK|B2=7E%2j`bVXV%NYseZs%b96s{~_v_i&2`V;htuTN!c9qQ0NU)P+SjXfk zP@@rU?<0*wV)%$>scT+9o`oM?pnOqOETseuZwB>_JCPxeY^F@J#AF2D%h-l1+9A66 z?AoQW_(ycHKw7DNOG7%8z0R_SW+uK$;d&q-&uD-Jy>uX=81&Y-=z~zR7!iASED1V) z_OVrW!{^;B0mQaj#E)DrAJv1lO>OWV!{oHn!fL>DBeRBxwt$RaP;b3+W%jCmy7)^2 zS}yx*1c4)RHu;t$rPU+yw>+{-QqXc5O?5XbNG#&3S{;{6YX?$?XIXi0f>_C82Y#-c z#q2apdufR6pgP3BYE@e<>n~uj)O~aueq^M*Fhj3l>=-Nuu)eB21GefW8yaRP^;hS7 z$}AzJ$b(tmZ*&ue6qm|I_6Wx2Lhk*PshnMGtlOkijBPu%^#dOjyW?QcKK%ow@*Bfi zGpAb8aMxtNW_O#<7rVj5P1IkJh~pcuS2j~q;qFOtWD*rNZohlNG?((ccEalJ*ZV&6 zdIrq=?)g7a^Skmw&Hz@7BTTM?bi1*EaA^`t>u-6okj2!GKIDRzhK2Ca=*fzW>L#*u$#<9Ks+RC;p% zfm-R|akxZv577tZ0ab_oDtglM;5b;pK>QDR^T5MB&eq*SMHsTLD58ctvwYKjljeAf zOfM>V$&t!F$7}(#R>|)0NgU5Ly)R9cqkgS+zDD}$nsBi*vk9j?;-YC7uiupERr#QB zz>>vQh)@|H&53Zcf4Dqb6zM;`s%9gwwd58&S~6wcO&Fz<9GyGR>|Zii?5A=}r~zFS zQJ!~h@FM+AlfT_inP0PDYl;?~xrU-jsxD|oNU*o%DQ{Yyg1!8BFJ>p3`6eTupIo8` zcu`=Or&I+o<;P@lrJLp_zHyW=*R#IUgf7eP)EC)IB}43&*p@H@sep~pYbW~g?T2cN z@Sao0%;C~QBM2I-fa+Ie@Y_!=LktO2*Z^%AzWv@B|K(8Dq-5d;Un8xW!is=eSy}!xOtZVo?EVUK`M<054r?F{p!4u^2-JfBxyZL`S+qRlH5(ClW){-}y_C z;)1qp&&DDFg}y4ou`8yoVXgxv8Viv1mqs*Eo0VBR<69Vk3(7R1Nq$-SJY8eb>9nHx zq@1X~(gO@0;$YvU9_ci{AolFuV*zt*8!WR&c4I4Nd$k8r)J*Ve*i{35T_4Kb4 znEn7#*hkJ`OFcSe)pz6cgcwzU@+~Q*Laj9AEkzjei;4)0`^H~i0oCygJ%nqNB%U8G zU(A~%>J_I@+;L^eFiokQ4$l2eh24Nd)6i&#@=r%M%4Mp6rj}_3Aurj{N_zDAS;81g zd%Kyr-=<%@9Dtma7ju3@j3qFK6@*$ir821cYf_^`n$Dyg6OO}ANng48>XEk;_w^ir z;=(rZ6o_yzn^fV}q5m=oi#VB&aA9m+TmZ`#1YHudy9(Hj{p@=);8$@<%Z@W~)L6qp z5L7(aTu;WOo&%)nk@tnABN1K~F)YKde=3Tesh*87OrcvCPw>|0ZXy4UhYSD%vuh-% zIBdTxsWH>Q)a>vS0qD$Yp~4tI?8IMZ@9(lr&0=7WV|ilaa=hV-)LpW@aP^5DV28AZ zeo)Zn!mYVgRnJgMZ&wxc8pZzZ+C6S9Vh@~KtRD1PDS_NWdjQ|D4nTF*RZGLwas?Gi z6uKUAp9Pn<2!|5LyhiQAI+)6iIkeL~9MsxCrk6jr6RH|KNbz|hk^V=YF%}*OSV{G) z41Pz+fXa)lwLpUYs}?$b(uqZ%4cz19g~AGT1kx-y11^OR;oJn*Ar}ncl&5f_w;a)s zf@0JwQ$8$FpCb58ema-vugo8qZ4>wm%uX#BAt_%d&`)e5JTQ%q!Tqw0=47NkHE9L` zTqm)yWHegr5kHwqDGnx3KUFQw=h4KTW==6ucf6!#sT8mXZWy6FiA1wg3sMpb`csIU zyXKLn0i&1GSIAm9yP~>zmT@ty`)VwHh}5}HrC*dw(?**iVF=uAHl;5?uc1Evw^4*5 zwrhkf0x)M}r9SO6ov1FeVufh632*KDT-*L-Re#muOYxNLczAR89Bm zxF(O9iMJSxmJN#N&HJNWwfh_QE%x0fZt5$y536DWPT%MoUEQZz6`-rnHf zVxyHZuO>ay$Eg<6!boYvQ9~@(~Sq zXoAPFb8B1FN%IR$+BYY%I^Hy^Q6rcJn3n0@>u3hhRYi^5+S7DmCyP6)8!RWXVv4Go zX_^?*&iyg7&CrRC0b5moP_N;*ZYah!;;)O>@U*kTfgMadgK%#l7GBRy98*x;>2)t< zIho$4fTxqql$LOtHnJMnfnsbm^l%wDz)sB@e!89~x&`Z?Slfgt)m$x8%sy7rM3|;q z1q443ukq)M6ip>`*|U0EIxwX!(>30_lPzcuIAvqnTxo>WzjnS>C<(MmqxJP+Uv@$BMs4!`bmB{tJLa6|auo7b4Jc0Fws$zd!{^Wv6r` z--V0g-jndr+6gESC6v|48FG8-l%CpIQ%G-=@YSH**N*}bm|LFVP76$7dI{?5aHv}+ zEpDdD$n$_nA}Vs6f}irR;R(@yB`0H$VNulW&@wG)ZRvPxItYl$8o{!mV39m~v{|D! zw@BcY4GVuBDwM#Mvbj6zT|tGj(bPkM&WJA2Hj<7*V1s zh$X#nr^^whH`T2o@-{8-)P01ZhzE6^=z>*rWeU!%c^+Z${aBnPB>M$y%l5HWcuZHD z>ZRpY7bu0#8fs^jy#n>&Zh}B}^6dTL%?Tw=_fi&Dm#=11oF$}u31U#1oQ9OUDSpSG zMn+G*hU#sipTD73e-F=iiC3?4E<&JI(6B%Qj)!KND_a1RcZT$`abp1@Y`Zbsj&**p zUZUwCB$9*{(;Miv|lN8~c zWqbtu$fca#7cXr;Dzo%4Eb#94z{`L4{afhF6LW|Yt@rbif>Wg@wmEy(F z#h|H)pgc%&25V3E6}hw1m&8VtkQqNaLEVC`ckKRmcIVT8TE4QU0UOzG26ZaBSe??9 zXSh$`za15Yh@^FRStD>cj#-n>5+gK#br+DS+_`FBTu3%pxvB+7CCtpJpG)G9BcDn1 z>qSF~Yeb=p_+Q;Lb4#90)5TAS$N{+(r$J}@rxqFSr)?UHcb7mQn8c-VvW%w&2(gtg)TrAUJqe*-bxuEUw~T zx@Zqi5K*!gDI^81$*2T>;h;U+a2E>+-jrvaxkxfNk1q_+?6=!N9uP9ahk1t!&9uXP z;e=im-`h*(R6SOxsL!H}x4q5`--if7xqte6&AdC!hXxMCqcK+bT~TJzTh>hdobFSIeSE+V-qQ9|n;IgqW|JetdsuknjX99DB_j>npF5 zY;I!=3&lFWm&uiW>HwFGwUW`mfTzHHuVZHf%QoWA*)8Y=-3%_h+^oK1#0n8E7O?jO z*G#S3%A3hqKaLSe!5?oIH5tj4*g=hCjz7WsMBQStqQfm&)0(D@!@B(5kKmVd*~zoFr)n)(fh;Y>HXoSrT2$xqj&y~du7O8L$q8T z2d!(Rj`8DFe4_ttRCZ`AImWA#A60k# zEKcL7ClvmFH>JqG#P}-c{bd^Sd>wI~*7tf_5su0fU|70#eW!Iz1|GTCQf%NPE87$# zHS&T}T0~WfR@IeO(N|X2mX_DlEL|yNLJV2|yYWwrFLq_6K^EVb637RA%(J!$x~yWB zD9gOKrwoyMNiJ`GHE(NcTRO%!vhsyYQ!!72gMbRkzU_HFseauKCoI;TY6fXrEGFC;G` z8jiV>z0zao_%L{z41{2eo-@X^QDGgPq6Bt0=+}z8b@A_*zO3_hjVH1AtZ*WWF3g}? zYpp=nu|C!mT_|^K0OEk$5leYS8e3rV+=76(>U#V8|{ zm@e-pu19LyI}Tt%LBdjbI$95Gi#a9)C?ZUIXMg~|d4^hx=!LReB_%KVHsH>=n?W)j zjH^MKV+`Te+9j=ZP-qt!OxkG{5V@2wYYhTc*UlD`Wt92p_aM4-mPr=s_Q7(_yw#4s z70)`ZBR9IE)?nVF2XZ@3W~4fKRFb(=xev z1J6-pXU}9`louBi9ON7*XIQ{67A;Z1)aDMF3d? zE>(*%#W+v=0uO+p*oyH04wxI5A9e-u={%WCZr0Dh5jj2vJY=Q;P@3~mHcRM&{36U( z*hyxh0~Tu)V4k2)3cR$2h_o>3+ZY%>ZBZ%sX^Tv8jI~SKXzg)N%OtNbQ3wv5u)Y~9 zg=wMa5e;8_Pq-mD)QcilBjC`Dvh(U^0b0@snt-hN81xd?T8}{d5ZGo1exSeDhnKJq zpX(NW{~2gH0Y18cc%$->*^UJ|^5IDW7}*q?aC3VTN$1{XOE>i8O8|dT4T!9Qlps6#^P@eI#9D}pxsR%{Q(`z*@%bD*zwUD3!Cs*6K)j~VJ zUj=S=pXm@w+mqLKyhRHS|L|i*s*3CpV(>?6C|{~|_gL@lPS=-w_WYw)|2fY_@4|-s zqw*rjvtQ_rV={S_XZ0tBcc0z*ooCf$I$i{B=fx!^^28WR7#0A!eveD4KNc57u6zzX zaR*fVSY1j_qX3sZ%WxD~b zrRkVGI$@<~fSEpra|0A=zhIyu9~B;-MH*6jhIqxT7Q=v)#lY}nD$o{bkYV_hv$T#U zhLuRu?t$;_v+g5tc|7_N>(_{$G;=?XsDj<%rL1KJy0}QkM>(eQ2>3Ag+)-jx9me~4 zg&9k=W;33#O>bmxE-uPBfnmN_ZQdWtA+I1GG96T`h&zTqPcDm=)qQuSIoU{nvCjtC zFRpXto9Py_P9c)B6oiKiL{eT2Z<9m28KoIr_>$oi6yS!gfsxDHZ5L=k+hwn9cEyeE{eHaZ|MnS5}y{lfC_YD^! z>J0OVx#+8+YrN=6SLIb|ezJ}PG5*Z|!pAmPfCm8^Hc`!c0vvV!|~;ZByh0z0-kZ$bg&Jo?WBiQcJ(wc?Y{!N$tJx zBCE*crJ{h`DWLq=Mbc_8t>Qo2TrK4IV(ydQy*Aip+txE?;lo)Z(eA!n7oaob8#JEW zt5tghqVmR6eZ!1u;~Wpv?%eUM41bgL}G>IDTpqzt27T_M#j#JQ>K6JFMc z_e0SIeDpj`F^LY3=`U}%r-?;8>sVa%+|{xPHW6g26~d>fc9dxYIA{4zD6&(c8huhY z=B8)3P0SgT^PD7lRI1(qYM>oxY*US7nO8Pj?M^19NC^oWk~^Ykcd0onuv<-bO>d%) zabH}I%J70byC4;vrK1FeMwBp-SClErmrRC1Z=oY(B3)OP38u}-iEoPNV3Cp3eq|fQ zHXdipnFxuns2H&1k!;V|Bk`))&=NX_$pVsSzg3tcH;(qj?t>XAboQaElJdFIcyM@a z5&4M}tQcEIR!dBD$*&&_f(y!saFk3YOhr(;7Si-a^P(?GtJL~owd&43oHA=%GSZk3_|;zu(3s) zv8F%S(iF^xhz=cCYqStL6t$7<3y8uDbBU}`uz~qg+|yJ?#u1H>EMKrNwr20tA`r_d zscrCYx16?5LJhk!+=>5v!?X>k*@cZQ`lstbq<>6$-JMK|>ywm{ZJ%NJBxa2{$VcT3 zIbvmn-Y&g~*I#0X2k&QD$*i^*2Gr&K{j{PS(QI6S-e`jORcs9QFH3@KGdK_0;$D|= z4=7G^+zjea_k&>;@_c0Byv@mkpK!en{4mp=&upN72G)MCcVSx@Ms5XcYR39C7*A7k zVcX*C-^K3L*j+1CGMa3esfQS8eH&lXX>dIh*u0cpE0E&hZSN{mP;+j3PT}qI??A#n zR&>Yn6K%nSK{Zr{ZZUL+#^cEL#i;ui<-1>Z$KxHjG#?iBDLbOSj}0thH_<;1L^bxns`Q=~!yN`jG=o|JXe?8$l$`t~$qwLc6?j6BbTnM7CWeD^FS#fT~Hw97YX zvu_6Pk@zz@G(}moVI2@KuP=)dGhjfcfETq2iz1V~9{~!obo?y(Z$Q?#kSQyF4=B?D zIX~ckmUY8(`-;@u#N8)TL++5#N*GU?Z#)U-yWfix$baD6YC2UmndmwLDTEc~^7gD5 zpVF~2LUhP`;PZwa*bt%*e%&pyVuMB99R0>MwIjL!`cPodcDznxVtk&=fQS7iQtmXx z_dW#Ur$7cgEP22pv+Xe)e3`S^wvofFJ4K*<0aB&G5+GL++&XeKMsQqQJmX#-0;#MQGH_N7Y3l*j-Yl3bAh7MU{V6#O7uh&?73u zH_oWs_mcZ025a^RO4IB`*yMT&%Y4ax`7e&vvG}jwS?)^}^8VB6bN_{76oM$vFL|bU1lus3!TxNQ)=eG-%}h z2or43c^B?td4=N0yvcJb60=M(HV1wkH~>6d-*d)f!#!oafYJ}(h0 zZTrsvM|X*s+~8f7;QO2#^JF_lGkf$Sw4ggJYG4`AXEk-B`h<1R8=fJ<2wE?iiH{a* z;-5`WH0tDG9%w?A|4vzu4m-G;-Cu+kOW>hJ@adsN){n`#lV9Rr3xo5j6?=h-2Kdo; zXb3vByOht&C*)>SC3>E#n+3da>keBIFAMRg)b*Jp*aVc$v8Y)>lErarNn~A$7$xL{8kH$+pJYP6 zYS0)l#T&)Eh7AoHax@)d;>h%U8r_?~UNc&8+_0LFT&Or6ic;%NL&nwJII|5j*9RZs z&afY<$1saDAy$q?GdzJg>}{b60!#FsB`Z-^JM3Rd3)|naH=|pilcxBLdvTtz8SgX_ zh|>k-N#p!UL`~U^kT*VKK~Fy?x|Lmn%p;P~RE7Xm4dhf`_In)O9={CC8XV+f{+PqB z6Udg8lA$%Wogd?zN@xU+bg_YTL%4d)p$fGU_t*JsR6ZTig-COcNpk`Vho9Z?7}(+T zjKu^3v2fZI1kE2(yvfU=PG!mv9#|(K9x#YB;5r-v_HH?99UV6z$aO$*VIL<%yk{Kt3yJYw|gVW+& zllWm8tl4!$*>CtvQAZ&uzm7zMpVTB@v|XFFlN7OwY;O`)P~Nss_?!@LS=$EbP8yFfmrDu?@M$)Bm)5XP>Umq~ASxh{8uuAW{0^;^SLk zbNVDcB!`dISkp!yx~61&sVT9X@*-S??3;dxv`d(s~XaYZkJs#(Eew*)WL zhYher4ql@gs3TcFxFg#PoYr5okw!>UqL(FJ$*HN z`|{}R>B+0%>D%G%i?_Rbdq=Ncp8A?&R4z1$U~4C56nw`p%{N%Y?OQUxF@@N>;mkZN z9*!^2F5gwmJRQ{~@Ky}#qp#IvHjBNp@JL;nCI8^$ztFMta%Z z=fS@R!-r3v5<5NFdp!8-i`_kKW;_g$U)++l=9z#d+BdtdU{6d6;FvlVqP~P1O`&LO zr)yOR`Cf`g&KBM5fS0jq?iBXGxNRpD(R?w#DXba*4%>bUJJF^um#VFd}A z+(ZzMkg($6Y?9Sf@ay%1Hw`axVbpLz43ue9@4qEA2Rg-BV~_nLber2-MNCRne$)P@ z22+EJ96z{Aj>-%qczBnsEaN0Z0g2@OA5 zOok|pD#pp`P(sRZmn)MTe!NL6RPSzl&Iy9(T<7wduDE@vlfKGk->#zu>6Dv^+M!xf zgVsMwYttU=H+=P#=|$?`Wjn5DY(>wNXrmGhG~MeQ*SN6W7Fr8I5tHq&sRr$>XOg z7gMC7*C^pmI$lL${27SPE3?!!0|MH49JJF|JRG(DC%%wy|U;OJvpemI{_lk(0jT8W0UGnk9>zKRK1^90lv%}M@1V-m`7%wU0ikG{QalMi$aCKh7g9XT3BO3AL{ zhB%xp$EriP?)0v-i%86NFpd~o*#Z1A<5pnxBDWw|Gh)APYU44WR+)K-mE!79c{`Zy z;78ojzePv$npemA?cbtbEoc7QP;?)+lv(S{2}4Av*)eL#_!Wf$mO~Jvd$#&`E+S*nD=FRyFUQl0(-reVkbL!{3s?stE&(-g2Q9ecrDclrUAr?+87ss9c@;0 zS+|c6Z^gDHQ%l<-0|j>Xji>~X52m`wM=TEvHG)=7+=?%sn>pSK{7sK?;X8r3F&#`; zZeqt%O#zJzTtL+&uOOwe*GQ19Y42j4il%CW><b91nwY_KOjEMYw*M)_bykMKloi3`vx>vSSA_V@I@J5iFQ7j&?%g zYoOK7iY%C7>bc%zxjKK#=c&*@O%<3X*n^VU-J(qqX|uTSoj%L{1a6THbI&Z|CpX1%Bh7fkI3y?`izE}-J zdn91;`~A?@hvj3_vpEXticLhK0LykXW4^#LJqOOqS*c#bh4IW{qGGs%Lotpz6`Yo& z7Yaz^A#&Ro291sOv*aQ#DqycwJgXkKg%w4QeL+MQ$z+n2H!%pAm#~+t$gNWo-T}fp z0C)$QQ&8QtpV4G)?be%68Q8|;s}$Q{rP1}kSF;l{n{ zPq_iBKvF<44L2>|hQ^YCq|*HA8Lo}Rz?^%K!I47g2UU);K1=Dr8@f3Kn{3`ca)hxv zt`c;ol$|M3yQxI9Z6yB+)Xo+&)~p)XUn75_F*aq_o5X*Zv(A^U$fzO_WE0nyDJ8V# zEbJ;9r~I<7DvwYa6qZ#gGj@qE*l}~KY;nhOre!Q?-THI}Ri76FU_w;&Iq-o-P`z+A;bpW~x{x%~dma``<>a;#0a%<=!SR+J^Afrr-M%+KZ@k3CyrkVn=aM--` z@+`LfQ_v>ITf#f=CZAi2a2A*-JCc`}<`ah;dCj_pY5KrsJdN`_5OKwoYOAbj%X%?> zayVXMB2Sl?h?lsAFTQ8a1ghS~Z?&`O(a+T-@=r4BL+@DY4etyw$EodA_13pe=a|RA&NoVE@;Fv|(D=0`&A>2u zdfgAV*T+*m>vaqoyEGd5`x55c#(rcYe;*);oA;9%J9Aq%LndurW-jq_1+u|1#_%=OK=Tt2@4yq!w7z(>14Qr9jD}i*m||McQ71UeSBc0bQ{*I zBZSZC=DaT(Ux#jlYPs?6+houm=bQ(-~Wfag70E8%zN=S}wh< zOm_4U_me)bwvoguZYMM`vUHi1gM9ZII^6kx0opBPHDaDEBW+C_j4b0hYg%vqJF#bu zQ2=Bz5V%zEnb3Tdnh$Mc<fPf{n)t?(5bI_{QnEb+rCR%eXTu zQz}3W@^M<(NfgCr9VrspxQ4M&mgb8#)vv}7gD`dEgx33uu|R7oYvp|lGBG6&e?$hR z0xcS(faVCB&sG+Y2wj@cb?mH0^yg>aCPl?0x zm&FUh@(QPhyCf?gBVPQj=Ui!qcEN+j*V%F>k8j4Ga=%&TwvV{SjFB7n)ds(|q+Q4| zg5|Ur1mRPOc==XUudNH+d$PA{T{;mH6!MB8GZYY_0U5*G+>3fN73*G^aZAqbqC(X@rM2=Vsfv(UxL}kR%F%V* zdvSD0?6y>2TcN#od2?1~<9nCI^`I`qU4TKBS9LO(49X%IPm|fl)o{J_5#(~?Ds!@- zdIUxs>=vs~iqz1Vqz#T~@{^?x2!}bWb|{3Q>Ua>?9W2KD?b&=%0n7A=d`zKAAGwj? zH^$8gH>|&ow>!AXMED}Bh&hz5_f>RC)bD|ozf!4&>RsSPXBa(3h~JJX406I@Jm?NE zX;bDf-gwg(KINee@d=ft_Jgogq@pp0&QXgN++CK?M?bhw%A+r-q9v};0J-6gx9m=K z+##uGmjjswZa9?1xus5K7nBaMjru1T=Sck>j@v^T-IckmB%+OUC{C@Wo9-=Cs$t$l zwIU#PmA&ygy;y)wsBac{ZbhIGLw_2f20yn;CC%3sx{ygzjI#dea=pQTtewDku7!<` z^xSEoxwp%XhUSwq`GubsAV`W2d@fmp8#n19SX|^-=y)0j4O&bjXI%|=8JE}54Fq(}Xj48`=K&!PJxFH;DznTGY9XTlc z_)(I%9pxOTwVX`KG#TFr|GBoO`(bp&4CSQV`uJL_>K7)X<<;9pnpjcS?FMgG#kZ-q z1-0O&NqVGf{Pq8za%$kwMfQe#z@cSHPF+xum4NBHHEkD@SYI#_FhHG``Qa;j-gf2 zeo`kCwLYZC^b_FUzP#4WZ(-5|DyCE{{OSRqFTs7;*vCdSJv#x6;Tj&ZDekCK$N_R~aq?@citfw~nPwP06r5J56cf!7vN9k{Pjdg8p>iI-*)$AfV-U^pKr=&DcP zQ2uLC)lqNI`4d#;SVx@*?xIX`mcvynMwsHNXI{NYotUMyS>?H@?;GGx;lophe^=}S zlHtcnki$7S9NHfH4a-Kg`7GoUZ1151h$0af7V)Kv{sLz5EZq*^9){`kp%PP{`YT!5 zGwEU^wclBYQrqkx9uvXR)*rv(znayj1-_2f9&ay;S$VvZ`;-9>_MOL%81Y~Zy?n@n zxR1TokO$GJ3VATWwIdlUJa%!OSg&-9WeA2Y&;aMu-$W=c@YjH5VO?7H;a79y@m@On z@>G&vtcyXH?)QFVxe&#;R>~of9aDPP)V2N3!OwOF(MJF>%TiR%(O{ImpG~q+hQ=g$ zR#5FEJS;&^&a~3sIHATx!hTPv+Z~DV7>3oJ^fzkCK*IldJ-n&vbQ%j0IhG|xfn*gp@TtKU=DN+?zFE`nc2bl<>APluB`pTRj=3rS78pdijBN)he-Pl>H2?0Ni zW`ub0e^+f#%o@M6?MIZBjsGZ`4&Ru8US9vT4MCDxTVCH<=U+zu8{;4IoqJo zQpHl|#oWHK$qg-=O1qV{1eoasS#U997S-rwArh`q`N5PA9Io@Sdj$(X3OAbo3uO2e zZzNGawB;ho>Jnil!>tc%PSB4Zv(T%zlp)(nyojjED{Jpy0X4})m1X;k2C~>IC4OG@}c(X@cc z=A6R#p|rjgCFXU@J#AJ|I2dyPhsQasKLV4pnp1EF@svT-->XB74Bx|>8OhfuP+V}E z0&ZksUm$Sgi=s15w{>M>XX= z=JjUHRT@P9Imang`ke?dnjC&aFpWcCcp{GmHr98wA|OLi0MdPn@@isM(DPLw@XktK zYSE1{#VVo*R5m;=fME_V)5#>77GpT~fwJsb=(nwSqUjE(VeNmIH)G|8SBDgN58_IN zx05obpyXJ~xZhzwGd;LFAge>LRM*}GcG@DNscJtMPUDxD)VZiapbwChR6M=5wwOFC ztDjuVMAP^=9!7i5e*Q}rzT}I=?wN5;Jzv;Wuhf5nCL-L2Jrywu_^l_6Xg#(7J>t%z z^m77#KdbQQ1hVHWxmz;s)?D1Rm5Y0AsjjV#AFMBd_qm-!+uOCi-b-})XtlJ?c6X1> z?yfVC7@<40s7v(u#M`Gvxza#NvW_;GA>&xu$dI3~yZhD#_g+xQeesRYY$5l6TuFW& z#*+S505&QHe3pg+HuT*5=z5c5(MoCEA&nTMT;`HyN!8zmxy=JtSk^QVTMg3V5luK^ z5)mi|q_DnypTK#CX&vLB47a7nD>52$jgW@E*Mvj;VhhWTNM)IAu`57vR%8@N#}2-> z91_HjI@Na2@URB7=of8#BRa?F+6H!d_KvU4{em$U*C*XpZ+_)T`LFeRuyzPIIOt;(DOvUd!-(W z3r4&9&q48lIr!Wf?g7~%^*v(;o`|D7XI%$`WYS`pO-a1qQh2F%1!kHKegt=H0GcYX-C_3+x9qZW}F>&UpPaV!eVHvIjayf zv+ZbnCNQs|YBj`0&0RZ^m&H)q-nXSElc%SD?&5*H2;ATEQaI|H>* zmyhe(FDdFWn0nh-ikysN%inCMTH&8BnJzEFpj5 zIWkFWq)qDPPPEJUEt=#jAchf$q)OgIhgl`8&>^8WixAW0# zak#!r>gYNFi5I{~Md`z^DN^0KRK81ZwxcwoghKD&#|M}~4F7m& zcgb;K_Vp9bMa1%s5v0%~b0Vk0b@lqJC??neLu6X1_jmFB3Z2;)bxTWGl+x8=pr2NR z_ozSc)jBObHeRPu<>1KI>YbXl{+LbaotzRsr9GupUFHZfoCBc!mWO5T*w!!Kd)g}D z3-9zrvs+5osi9gNzG2N0t_yCYW*02QPZ&g4aq2?_lE^PgE--wM2kT3Dtl62@T)&kE zF`%zShbFd5vFZL7|zmBf@vG*8bWAXJ94AQCC@PM8)HdVGF4UugX`=j zI?S(%cWLXgo)k3$6{a#qOa2r~^sxFhau9e{VmrKLA(rEK_hk3Q!Rf(C6EN`06D>uF2uyN2HJbcs(0cCNO z>a<|nvy+WK>XjFm+G77d%x2<(QPTjwEs7651EX@VeiUqrWGSf8Py_>WyT?m<89TZe z;cw9lL1BRl#dmx5q-k|kAtlWt%8VQcYdc191`L7tbz^f;TP6IdYG zs0C^ZVwEI>q}_Or$H>MoI=nY`yk;7UKkVRg(`h$oK+FUd!oDd-__J3|_x^V_XMP*8xynMf<0qS%(j5H;+N+?Y~T~MGUM&8+Tv<(!?(Z zIo?L^^|saYw+TLeu_`{U(5V=EIWK;^H6TcP*dUl=uGMWxB}Hlos3HZdyu16p8_O20_VPZ0Vb((Fk;_;H>~lTYBb0hP;Gb&Y7O8?)>mzFO8n~1oIXi{7NE(9C}K9bdp*+~2u>d&*3bYiqKF$2#{ zF^8Te(6uOsjK6S6KvY8Z&leh&(f;0+U|&HLgiO$6Wtq*(86JW(Q?y`>M6G7%55yI8 z>cNzR3eWLU3Y!&25R-Hi3t$PAgn>>o$;pfwVgf9OJzdgZV^I34$~5?8HQ?x+EmN6Z zq1n}FoGq~|bmpfNCCIaVgx8&r3-W;^D+V9_ zFRx)y*+emCY*b$tgQ~{G;uD%pG9ZjAlJw!f$t1djnOC^nF!i&dzLecELnX8HjoAVT zeFLXP2$e;%1x*-Kh9H^blU2eLTNPwugawfcxGl-P5SH5O1i&>Q-IloGGh(ltC8KxZ zy$4ah))q`HQYG9Lm}LtEL;g0<$Ck&CX)cvA2DTk8v^Wd$j4T&>h@+6`>ntUOY(X=t zZu+!Lt|N9=KLAA>9iB5TKs3ve$5<+dWOl+}3DL6#%(xmp?p=P=dc@-fTCxBa7H)QFUm2jgiU9*_b90$? z6*IhLU1Bhqa7IB(`2u0~9)KD_SO;2cGeqU%386Jveqz5Z4Y&@`A@>l-d`v)J!apZY z=TS46t1}!(lJ(lKpQdS&SN>_!9-C#eG{Q6O#u=6Kq}<25E%YELU3HWeugH)Exm80r zVJG8bW?A0GMC|8TIX#@tK&0B~{WZI|?5**dmM|U<)4JcIbGx@4(H{?c{`*|!8ZU91 zYYFekI&YIbTxI+g7mWshsaiSUn2&Yjm`{Sf9IJyxJUh4U*y-rkk!~H#ZV0q=B4k9s zgx=kqj{V(fyvX*^y+Zm}WCjR2gD9tjmj?aUq}<$Vn4K^nmr#LPr|TV`HONlH;JBK+ z?9_MpVp-SIpmPLc)cuNwmCVvQE|$F0)^LB#2dWBo9$L#p#`snr6w8zymiqh=&RsDi z{gsYpYsKwRoU>u9>pt$P-c#? zeP_!zg5Uw%5W9!7 z5W%)2DlH#K*vPdqBk^xNq|e=^x+0sG~;#ek9+r|ga-k_G*1PH?bW z9Zx_qI8EQzMrIkgba{HcK~eTJUC)G%$JJ-E@0IGrVT@SOl#yW>H-mu_hcwH|v+ z_R=NE<`r2$(6U!bY@7~jrNP>=T3X8^ZDSd`Ec{B>MbuttT_0PY3CT2aEGGYsqiRmB z&vQ^sZ**zKzv96yW<-v(EGAvyaurYyZFW=;P#@*{wW zUT3uQ6Oyacxz5q%6YLf(P$sjgvzc7UwAYvL-z#2Qe#GjMDu6SYxuIZ}zVZ}rm25H_ z09qtRSa_nErO7*^Xo>66O(xd~9FbDw$L36Fz$@18_!}8!9Gy&V=Qhci@?tyvFYSLc zy6xt_3tS{|!E-KdEK0GT<~qqLPOOGre_M3=pNY5Qi?`vQ(cADjnf5pEN-$x>sTs1t zLIwQ~Z}X0b2GU&|HW1I+a|pbLDwXr=x1sla@HjUrh}XCs_-g!o7*fwF?7&&y9FrzmmR?`=auM>=-d4KCYpoBvd(#~i;GANYXJtLJaHUX%r2te`S)SL zYbDXT4LQwRpP9JqZ}`l}G}CER9)Q^WK84R#{Bc}DUG?bibn0Hxc+z`Wc+3Vo%H4D^ zStSx$FFnlb%jZS8doXNQdtxh@e*w(b<@YRN*G7U?fVkJcU=Ea3R;qJqt7 zH^=^lPOvRa*o+e(UZi^i;I zz1FPtMx(lssOw3lv1)1$E1NT~%+ea>_lXl>i2SxY>U+%Rr8m8`gcjX$iY`B2IRzCZ z*)8*hMWPZpdOqI)CPP!HksI&SpQO{`imunPg~!sDveW&nLPyv#CRGH90 zg9S79My(+v76snwDMsL|&e{D&mJUVD+K_G`d#!g%)L$-KjeZrW26^qh( zI@Od)RGcb!hDiIPndDUC5G?vi?5rhE1zUg+!yZUu6x+ZIvR?D4(fvB9zN-0pSyJed zt)Ju_qo1FNwpjW0)r}p$sn2JB<1e98sw^gxwCry76UjPI*TvYNs{|cfDB~m;8g-6Z zkbaE_qodB!%Vcsci+jq;82+%RLt$W~+Mm=dBW00E0f?IoAXAQn@}%@x`jZT!l#&Su zO9?9#&!2BuiBu9@cM?D`6mSs4l?;({L|`MZWkjr%mVSgK9+7hiM23BI^QX3AzY`ni zLJ)saLufOkw`UDi6VU4wovPBfE~pKLe3=6x^hPq39VaXw3+A!LH!#}_8@!z7k|;S> zLG7n8L4>(>p~-17pPDDBT|iMrh8?ke+jvI@PGRQGVX>8*ZE+Iwb?r{U6+g|LVM?AL z*Jmn=x;?jK%r2vG#-&IFx!8>LupOPvG5K4LEW@5RC66_Wf{$A9G(&iF^P{Ld%jy#A+hec%MVZ4dIX_2W zE{kin*;wYQZl?>*^cv;JgZFH)1RB&Ts?1H|;Ktlgv~}ROLUh0c0^Uo9WdE|z6HJAh z1^7+Gs2Y{oj6=Y3rr~X_>>LhIXaVxT0>d~nHl<6KRVY_zluRxPnA+vkC}zPD=E>gU&FxJlu7ak{WDjnhsaOUsYC{th?X&@_pc|{RdcCaQN>!Y$=4Vwl&VbnB zQBlrfzWFe>Vb7;uTk5q>m1bj_BUVSRJ{Mv72iX8*}%_fPEj^P>8T zr|*lW@1rEiX)RE{bS?Qu;p9)e?Awnh{tAR_yEfSdcy#8ny z_^(NI3FInf_-4a0LGDD~^?M+>^|pmEa%%~2zV`DcD_1@~T({dEKTBLfVP)o6>Cxyq zx#2hZYM%InqW2Ore4eRaES^*VOF*>0`&m`SV%bPkJ`)fs&?q?(8IF^J=xoe1}ZJ(@_jj5Ne}Q{G-(rll&$^muo@f38&d&RE)lix2TYGw5OG1DEvF~;J_7y@1fsg=+b?pEC#v%zV zA(pJFwtdIgU70CDCr+G*IC1u{EI}Si7SY*-FnFTM)h7Zcep6652Z6g=H2>t^LvNNz z(r^s=giF6YmFw;GLy$7T>ie0{`OjZM{i9eJLjs*`?{oa-fgo6~7X<5iA)fRHs-OqU zhW)=1C1d~U9p0br?J&{-LRt+(zv-QPD#C3Ecd+p?U;-X!%7T5q*CkB`9PmvxBZ&;T z6weN91%2J!&*#d?(qcRKk*9=)1t}AGqtwkp(DrM1EJ5BtfY}X%BoJ`BMn3@AH4%rg z4IX5?aBtMOd89WVuscg6%x&36xdh}%x9rKtrgpV^TAoJFeaG&c3b$*Ffc7IP6NEZr zZr>Kx`_RD}bZ6PlpKAl_<{bC&5ylyQR35}n5mqyxGm2#7M|L&iov{4BLzPLqocxBJ zuzSXysG0QLuOIthRV05*%uQ0Gn%++8-1PQg3$kA z?1Qk#!wCxY-(_rJD)r+d3Wb2i5%%p}?878HRJPDA?o`ruzO&&kR|N0!Fy9?)jOD4j zI*y1qyaZVxjH?S=OecEFecbQ6M6eM_^^X?GR(vLs&H8~>#ZM7xHj4<*28NCl zqNyBa$L!6;zyBLrAE>S6-MQ8LCGv)g|B+k0ctWtOI}tUbqw6L#_XfA*e-q90(6;le z?VV^gZ3!l5s(pI-KcAS!ub;jOZ%)A4j8PjZs0GVVuljjp;kJf!B0>dU;2LYVOUq#$HwLam?$B7A9X`mES&l z_SN+d`;Im6QcuUDwJ*@b8}BCoXeY^5Y5bq?uMuPx6;vx~4TtF%u1$igRDzvk^A+yi z?Q1k(yQ`Ug)KD~HhmR=e&MdH19ChP%=;0IsfH4n#5Q=GFFkf)6#R^7uL?ppD+kvep z)JR`%bPWZ92r%|;vo}!)o;9`@jyN#Fqwlzxjg!mKhp+IPD>xEjDgi9@6)K{B)QGP9 zR|Ou@;pMdMr_=;JxDO;05ler0w-;eb@s~eAOz{~9b{ZlRTmsg3JkNf0#`o@iZrFf| zdc@EHBZQZ7VS@uKoeijoLOH;^%usn|Cw$FwMLfZJ--TvQz%?)6mF5m?VQE%W(09Vl zGMqepTl_ayzlwjb`c`p`U%h$yFJO0gLj20rU7r;EjKpDV-19Np{y-w>Ds^H;_LGy6NS6nu1jybqhvY>dNRb&=>DNJ6Oc&KK*oKswQV3f-fW z2kSeB2gb@Pt~o~mbjN}Q#xsXOM*{443d6)vC>LZrP$I`H9k2vgWfIx~VX!ndlVan& zC}>XXCgA+k#b)0RoggMS8my?)y$Sfg9g1juO*+${9|NBhCa#K4MDBVDyhj?kDOrKK z7F;Jv&#J_!p5fI8NYcYWE$*WUoVMsocr;n39ISJ!3J|J+k2BN^u-^0mib@AO<{Q~6mI|MVHX_TJ5GT7 z^n%0oZ5Bvuf}UBoh&v6vQDcZ)9_sy-yoGKYfmn|F_Veu{;Vzy7CdkKM!&cyDMBE$4 z4wlUykjLST@1I^JbTvEFID+I|BvB+Si5{imbt@xT1hE0W8E6!(E3MrYnQy z65?=xfx{4cD+~{oJKo?}ZZJ;h$k?Gvb`$RoRtn~%GsQw2vQEKNrmDpiU07z}MX~x` zURcZ+A01%rDAEDlb-c5_lpU1N2Ib}c@=~ieqtRA)*qzugV+m!5=mYxU@x{f;=5kUf$G`Kmi2Rh zmt;=>E8*Sw6R6)(=+TNfY2d@v|#UhRZk zE7-{8p@+Gkwy&EgKHB8_HGD>h@7dwsMY{q>_=H*_pgUZhBvW1EahpIOc(-8T(A#%+ z)?5+D$~)WI@W5MNAala0IFFw<-&Lry!Vg3356@d1Y#owdBz_`J@zw!#vm~}Gg;d0T z#0eJS!E*t%d|i%v4*qgSH~tjdqJKeI^*8wsgJmJ>y*|t`e2o3LGw2*9gR&HX2qH_C z@(e_c>jn;GKAdI+VX9xeM}o~<@P2jxqkh~7pnkE;2YSTo_X|uygQ*fu;A6(W3>a?-4?so?kxw|()mrEoj3ebjT(V^l(XWZ$U>zt=7aoRT>v*15ZJEn22fjKR=2voW@!z1b z`8!fJ$;g1O(ZYKnE5X*Dxndl=K=yS54tA&@HEcv2tN`%8puVkx8u2ZEsPr7NRL_dE z7}gv7w*}UlsB8oki)rq@f|gZFnAap1RHBj9rgAvAV1%K~XU51l6Gsw zFz#PH1lwP;-8Rl^#`QuT#9LVdhLKfi(_UR1!2 zQ5S$?pCLB}D|x+FO=Y7>7DkqZRGWh(_X%LPL#DRR2((~{PB`|4VwVPWa}*AzrI(d=ju=(34? zavx$}eCdNH*&154D&y2hB?)B^}l|AA^XF=)T_~IKI2Y)o z_Gzia9JiLf*{gPxvxsGbh~O3uz=`R=f*+h#5-MuEfj2x@kUhm$SOVu%>NzZa}vVX$zY*eQget%7iGlEqSvP?_Jg zr5uqd^~5g25g7>J`;|%EjM{Vk>gF{KXlQ^oM7NL$FII6lXuzss^7+NAwT{(v)VAiow5om9=)h;p>tZR1NJvbIoTsUkw(sm_%~3$?+o*yleX^`hKm>mIe0}&keBc2bOl%I3 zEv#MmDTqaIBR;-fiEH+&XTAOwA|3hV8r$aNhZZu{M`aL8*s!D{w>srn2R?8C3OI|I@njm(dQPo&^xUm{<3 z()_nT$05O(1pKbEaD@x26Z=OS=$ZiDHxR@N?+ze{`<<2d zfsnTlxQVGlE=@P78x(8UU*87j^i3k1)5Tp7@IzP|_g=X}MED6I2)=Ka3#*}ZwLGH&$k+jcc|BJH~F?z`2bsSfBunICizz5`$EONCdde6jr%d} z@D)g)XOd7+^gMr5sIb9acb69oavOSk{8m})k2##YNdN0-ay}tPlaF5iI+)y#K6Eho zDEhBs$^W@=ECpBNzYZnBqaSoAL3_oY9yylmU$4L2R*?gtZdUx?6Cn=_x=&b{d+cLQ z0VNdj;P$2C`~!GFH%wka)%Nha@OI&=CFahJCOctc5L~McaKjHBW9DRaIsRi3j_>{u zUs!4wm(1Ct>{llz0GhL>rpf&94 z8@V8;Yo#Ff6XJQ{`!f_dIECK@H!oh#<7D5NLg)x{^{>=UMoCfZNtBRB)bee-^tGKN z>aqqy@x5hcBd@>v4d0>K)|G?sjvx>`2>x=Vi|bt^FCZp?#D@SVe+nWo`w17NLD^0C z`U`(VyDMPw+F#I2i%usiY4S!EW#~IjA(Eayl1vrEm0<-)tEztV#Q^>ixly?!n1Sya z#O*wMhXA)KsDuyW%Pq75>)<9VH_k9;A7+R?Q>=xE->rHt?%KiEin1Os*X+_eMSQIv zp;carjqbI!3vyybikeZ~%`3A*+o`T36})j!sv z2@gvr82JGESR*~#OTWOO5$p*&xD-?z%V9C0iSM522(XR6^JYft!qcI@gWJpN+41}_ z`|+P*RDZuI`U-?~l+1u-tlwTm*I!-?HttLBJ?(-)Q7DC7T2FyE^guN`+!EKjhw)jk z9*nIyzW4;tg z^860vH1})1z!LjcFTnzw^rJNM0J=jqPuoA3a^3+yN<1&o0#e9FiRJ-xhiLrG^XJDB z%{$=diH1hwZs|Ld-xLG(_ti=G`rhO7c4w#QYY}0$6P}s;E35S#|DM4Wi6?Wg9Tj#+ z2b=P@c=uODGk=4O6$&!McC~gC~TjsiTUjn{3L<~&%NOA zvPC_TyFopLC`m8~-`10mxDsdq4*9?{BlIYP7iW>A%>V?qa7gIWqxy%RoUl9Z5k3p_ z^j*;*h^;%QYa;j1?XGWiZ$)UK8ZjS|S`i`sDWnMdRi89Lnvsu76#;1Xq>KAg_k*R3 z;P}4>?-k$b(A7?NJDcqbzb`jx! zzgJ1vA6WQR)sO6YW1g>hmY+N=NUV);1c9gD;1{xLHO)3UIM3Z*zYy!1L+=9l=C0!NbtUw16e(pkYexD8AI-k6Zf;gZs_7&=_ z@>+XH<6T~+8l5JTL_K^3uzs&DnGGjiSt5+Y^6#<)LJ{`0Cp)@&D`b#4ml#% z52Y>i2x|b}Jxmw0o4e{>|MCmG`~y1QzWDDJ^}r#|$`unZ8ayd>rWN+)`2^`dUAyHB zIOgUKo!6gUfBzi$+vgBUKD2Cz1N|SmLIOwrw`@H`EE}RT&Hoc98}g@DiSQm?CYfP1ngtb*a(1?^A%z5ls=oomTsTbxgOtBs9bueq zhDHqb|MKif|&csGD!Y{C2B$MF5i;QNt%-xki7!!dOWE{c<|92gxdyd1{0PzOWo17v1&Qjt;lbU;#xGRzEC-?6n zz`r=xYT2@ZS13UBJm6>;RRLQ9)t>O*QebH)sQP%b+p@~`d%4bwRd+og#gRG)q5n%= z(e|eR1h4#Oci+&>F1};nrb*A+L9;vhf#5@O48FAk>xXyVT6<&h<}3%OJ1X+t%26as zb5?IgccJf9xGA8)*tWqV0J}A}-Uy=k>q|wE7cU>VVwUW1T(<^j%Y(i~KdQUuWdG}mk#^k1b6SL6 zQiOZ;eAnz+LTu#C)5w1M0vJD3F*{wV_Xd7{voOC_#~18+l`rRe4*0cdsI&vT|_MCVYQ!%g9%+lZRz}A`kmZ2syqu)chQfu>FfL zD8ub;dCoo}gAn2(9+ZE)X0ZEqhCcxHkaI8?xv?Y1XIym6uA=44!2~{gkR-6J zxN{@|=B9_H93i&$hp^sc4YwzP3~(2)vjy}J0`gbY2$GJ7`%~s*_<6vjjD~Q*6N9bE zzWEBNU+ez7S=-XO((IvE0KvtOItiin(K`laG!$g;1B*BiseB1teD2TfZQ=#`jldk0 z#m$3q-ivg9hQsz%h*2DVZkJH`W3eZtjF55me!|u+{9NxGwHB$% zyiZ)WPtGK^H+zBKx8|c!d}QtY)3A-ZZV34KE)Jw#Py$0l^1364E(jD-^W?~GWWImb zVf8hqe6sCK0-~NJ2L_HKIK05K@S)v#DiLT8oxt&M#Ypwf0$U z2+3(=9B*4mJT0topo@XR(0FXq_%}+Jt-*r!=4I9`D2;B78@?m>_}fee@ZbBvjss<9 z?gh0WnMZxM3KXUJ2G#N-{r}J|p8_=i7-6~M*)eqYQw>A;hLJqdeP~4&3z2I*7cYW- zguekzJl5}rD27L-=(EANH)4BxI*c&;CjXv$H$ywL6|aPjog;Ymhz%$R9cEj3K})ke zXs?N9#;PWj3^S?Vp}~PkR*7VSU(of2yBlh^?n!HSsjOsO!fb>8$*T3G;i*7nMVy-b zzeKzfg=%q;=FVdaf3Q?fa5wvpVN|(31{k_BKSvI@TN_d9GV`6gIzRmQmX;HZ>U&J` zDg-Nb-Q%7_Fr+s_8+)pTC@Q*^9Y)3~n!lc4sKyJ`dv9+_KuFiW2c$o#uZjK*9IW`(1+M@f1~opMY5RQ)GY_i{V<8_J_!HpknJ=8XvI! zU|0`ZtFC65u#*L7MK^35@XZ6^&F?es7Ga1zgiN}BZ@zx=jSSyt`K^=f`qjloLXOfP zGhu`cvM?(ezGD{lGvDcJWT(aHV>eff9kNOo+RgWZY$FIH&?anY$MzfO0tt}(0sJ3b z>qLh6kHx9}VYt-2MH|@0|ASZ*>COL{EGkrtCQ3Zl)v2L?5r;={Mc;BEjh~wZ7YzR9 z9enl3t#D+nNABzEi}$(l^4s&gFbwq0-S{44*X-W_iFX}>^@ObX7<2uXpou>JZwi{> z6!LNOM;6Q9k+B0F5Xzk4mp6y{hco!lEiOW*H(C%=SP>KG&_9H8-;P?kQ5AIorbs1} zM13ceR{EP?7oWLeFK-6Bx~&~v55DIsc-cHD`17+JWM|57!8fs zfDSJFv03+3!%0^=%Xsv~onGOoyz&aB7xDu5g3p@aT=@3xdfB=R&fBu5*Wq=JoOTd) zilCXF{0$sXub&*8-h*#_e#78N#<*7np!t@#K0u2T+O&T8rMEi+$;OaA!O_^sT}m+e z+77u?+)IGuwX_<#y9?VdqQ2hj;WQw5$^H(m0eD;d^|E+DMCZ&DvI}@2q-gs)jL0W> zCkYS)XsksFg~DgRSfDWs)*O~*7A;@riV7MrkevZ~!R1dj6hkP1irg><8=ZO-JbsJ)Objs=Ge^f}{r ztN(T_`FF5p^c9%y-{GFNqnp1(i1hg4V*^NcaChSiS-#`jr1qUca6Uhd?`6lsOTP$8SQ5M#K2@o%8j2uJ)ijfNtSj z>v(5qs9(3w6*}iEmbpa6W_aT(3Q)5mv%#*@;a#3!g8^_6(u9)_JE3Lc)<-0$J zHpZe2;T8Oa`$f;Og<{xT4?GP$M6r}TQ?jmg4pKJkT{IKug~0qc6X zra_{lLp-Og`3&y!@V4-4L+2zFx@f42c#DMTAl>6chsqaaPCgU6ce5YgnS_)MPw( ziNaGBZ&xglm0vGH*vEwgjUs?d61uq@-jZ!vWB3J{JA?Rq{)kzdlxckhj;i{g1W)iA z*uo~9*0-twZz(DQ-E9HIjn9v*Gs{!`2QM^#(aFHVzrW_t^atL1|M?Xq69_+}b?~w< z&5iL(EQTMxuLTWEFS>{g<;uc))2;7}STdf-yu}mX|FId+pqXd!pv$u0H6vhA{aWf((a=h=GF8q?q4HctzZ4u zc%#H%=S#PSeQ&U~`t9p0cw~kX!83N>a1kx+>3w4CPBCGBBnpukJQT(95O4VGw-%-s_vSkxJOYRPg;(Yvb2qnI7`{y2d0`3X2;SX8>dDv4F;S6WDcVD@U^9!^ zeN@@Jk{K0!L97dIA)gRwrBvC~V>Y^>K(-AR8ekhbx=qPmd`M??T9*`6GAifkPMHCf zb_R25@abq@_-C;rxG+S3hk>m@Kx9Q)@ZQ?cGwC3y`eyB3<@)?)H<0leNR*A};1%$V zzw)hXA&4kZ&1DS+@GUs1F3cjIbQHwy@9TYI%z*j|WNchH2f`Qi-44~<4Wj&<){U$P zk1ad-J1)DsupU@;-+PTkzMtO0BH(s+CYSuo+Gkkn#fEE zV8KBcf%R(vL{4N|zHBvu(pJJW2O0eytO6?y$8-KOS|w|J&KO7_V=`Z z{MdTLVd1kl7XPCW=YP*g=pPf@{B+L?!C0917J#c}@4Wg*`J!9X6ExC)03IQp*=uL~ zPCz{t-H*Vu9En{?+yj?F=wv^Dr z88PKJJQdl}qkH-r20C*q(a{{Yb^+%e=kpup7K#Q z>F9sgD*Ws#h=Kog!eFi>@h{*$3iJ;|l)B2CeaBi>->~lgp29hKcZ5|ZatleAy4ZK= z3-|rmaFr7>o|l*Q4}eBmyYYwD^a+dId@nA=`wKU`N>(8v1FYk(@jbLCc%iMnFk zsIpG3pX2NtRQ-WmDdS`4Tet5L>TLvEr39dWLv-&a(10V1R0Q>QQR43sMe#kh{2y|s z(ZBNBzjJ>3-!r-WpChyV2c@;&!|`SodblhZWJUiNN$yYETE2}$-Od!+eSwkt>K;A4|&CVk`Jy)Lre(u+32n7^b~ zSQ47WJZPAf@_Lm^)H_Wnx+7s^H-o0OkzIV-(z45kx zOZ#&az3-CO^KCCd0LG2RAut`=Y$zZr+W-3gPZ3LG^5r_iIG3O|?h9P53cQ2c(0(@U ziivJ$Q%TYyA_6&s;UodTNV0P7@HU_};P|Hm6yzB>K<~}dJ0wJjA#IQuv9)6__C9?u z={aaNMmDe;X60KYhT*GZEWv098##PP1UKc)B<7F!C7qY+_dJc^OoLoR`vx8l6}Y*A z#~<&~hdH;n{)ImGh~NvLA-OX>3A6LT8)zQA0{CN9$q{C_=H!QNXt_}k+cz}Ar8B=0 z228{ukR501lnqP@Ak%=Efq+@f+*!A%eq=Z{ZeeHBjO6$Hm6%! z+jAs$9DVL!8szH>WFZImB_O3K?2r?V4`pNDJQoNGe$j&?@i4q|WvMe-<66=F0V(DY z@%w7%C7dkq1NyXsJvdE)4V8=Z28+_etCsLrw**VOj0GlzHGrEhI2c7-X6T!*a2l9V zRUIe-qi@bPn>MX%3?2o(M;vDr8+J9%3|ezf4`OuRr^4 z5wK**EW!DM8_e^1_}hMqRrn1nfAj?ZYqo-)z-+lbH>G(4R(*jpHhU&m7)J@inL~{D z8ZYdIZ3$4WQwAP5TjzT3v%K{4HIS7b$QbR@_go!cI26#(yIuD}TOmVTp&?b1f(jxQB&+CVu-t_#cQU}xSO5NR z)++zcpYYH3?zquxb-6D7lNUAyvdO6t17YIE!S*{wIyA-nY(%DeMKxjY<4%WG3urb( zsa@|8YO?_pGH^1XvC;9Bb-wlhoK^i}54JLZr`Sc^9Cs;Iv}}RzMYhXyxK@vAHt>@s zHrWu+6j0|gm;>p8Z(!@=REn%Y16+0J#%RD8aCtXy^;0#FlM5v z?`HsKbD{5Hmi##~7ZerX1cul_QKCkq2Tm3U@VdxAj~g8TovM=aE(*3btZ@(#?xA29 z556`ohHYabuPc-oh*ppFJ)9JGqj%V&iOWlYF<@L!0wjz--@{Fa{a>ac0##xc=*BxZ z1DvyP5x`?flTN0)p_R$0T7^KZ0t`-(ws&?!@vSb-=Uo` z^75Z(#~Jp6|9XMvDZC>J2L+>-UjB3De&lW&)Fxj3bLW2s8v@OAC&&^dB8pipjle_L z)H}DYXelB9o2Eul#XeZ*bzNWWHzmB9BClu>y}@{pl4AO4fL_9FFx`IoFZ%#%`C1t%T2m9Y*w(w|k_@T{v0PBEx-a8YV9WbfH=96n-g;TQ6;B~xztjk&v zFZPdX3Of7E%S#^_kbT9mJ)%r-M0m^;Q+M$``|tv@ju_y618*s?_Ap??D%#YR2mp_> z>*@t(7!mawOu^DxJ~Ezc*m&G0NAO4oBsO4{x^Ms}z~oklzwZEdPGxw=kjHeBjRkZu zcLfk2=0i!qTGFU9!4?lJ)fQoG)fNUT2=gg?^RG`@_}X>k{v*&NYnpy^Gw)v`KeGVf zS=XeWzeIkf`&_-pHU2j>TPqqky^!J5fZt%NFZ>M*YypK65y=N|#!v(2m+rXRWBKbl z5d_Qy#Ciwg=U}C|&@wFD=z;jet|un{)*BqF0o88@XViI%M3ZY|Ae?IoiD*z|G>U*o zNN>b$QOj#|FKHk&M%QMCh8?8~39IjviyaHu@pS(i8L2K7LoEEEV#DJiKph=lAp8WX zjIu^{5lxhy?aisC{KGq}2nTC)ly&3cckU8Sv)$kKhTXDGfFWk|ly-&#M9xnv*w{?K zD%cKLzW<1Wr-n<+#pUKb#{&jp?yS%XcMPWY=mX<&dVx&Kt(>&B5;tXa-=JzC1$I z_iKe1n+wnY=^12a??oFTG~6hnWaToU`f@*0#h=6HL64yDV`=sU6{^uBd^)4pAO8ed z^u{e<88=LBr}Ov6s0}|IX)f)ql*R>nzZubWhI>xFD}#9t5+LD;xJ$zeXoSi%bW zAR{}J+7+z0xpZwer#763`&Y!Qu|DscKugKDi4;OoJJ^b#>sh0)(h+_(tm{-n>pGR6 zuLlhmhOPHL6Rg!>J_HAe1W=0$qT*Eet@kURaERixZ>ZLtG!t zK>;aIxY`sXgk3AqRg%fsO+H+Llj2#j)>v*4{q}@;9IN)Pu60U4=i}?u)y>_dTXvP` z!fIQWr!8uNO$LqT77w(uU{I^>dWyzQ;U;(u`yN{4@|s9IIVU7g_m64cB^s`o*9aZH z`xz>x1oT=*Uh4Nod}GXih0$nh!F=l>MG@!AV&&qm|10v}u5Mm`cU=n6*=uMZU_Oy@ zZP|KUR+U7hZpe&K=wk|pxN6VM7$&E}QAk^#NDSgnVX?{Kq@0vFz|wgDv)4#jRv zf?_r6oi}iAJqFD64#}MY8BLf1>BJa(vPbXsnfdqqvx*K*!6u^a^UR5XJFL86g!*&| z6=I^Q;bbVb0Ifu2BdG6h3z`pl(f@Z+tKA!?2CR9E26V~m5f+f2pAg0c6iAHF@dV}={t$yF(Kh9D@7L*siYxyUPAE7Mp@d??6{h+ja91+imPHBhc*V-mv`P?rn{o3`L^g9}0WTDkTweTMbArQO zal=Bq%mt+*39|r@5I|_$j;aFnqexLO1$5G2Spq_X^A@3@bunUD7hxWkJ>G?2M5Yqd z{kU0(5)&kmm4@Jb{Km}yg@v>rW#(_mL?QK-jwcImg+w9o78j?5#B83CQi*i1lfMNY z;kv9h=!C7%-;YwPDjkry5lyZ#-NSfJKi$4Fv2w|5I-AJ7WfJk}TRN4Vz6tqc{;iNp zC1zqWla_?s_aRmZtmv1|kvHfrzHK%}auKR^@jsldzCWcvOa_4(KSi1v*jw893o=04 z#cM4kMnom`{Tt9AjQ2SU?Bj9*Iibf#Sck`3%f;(t4O<_f7aj&r0z5EysCv(9Rjrl) zQ2CW$=Y02HB8y)}z5N<_A%H>V8_R5E#H{36Y}0|L7%`#}NF1Yo$$0k1^*IbCgZNlz zS+XG5GtNHMR;F51WWmZSN2fgzR02R|ed?nW?P5XpBhr@Cg~dH3JDpRnG|$WQd{^PZQ-d7J+;1@DLD`NI$47!7$G;F|D*Z?GfM z0!=DfzK^fP`@HfNcl_n530-Yds4c$qhOodwrrDOFk*CLXUU|8tBey%985>DN3B8!R zhMnP>boB8fC;!vOrotIhn~EVIw!63kyTN<(GSY<%KzOF{HrI2~fgC5ZA9> zN#u_+GH`Ike^?kmZ-)nAJiAi@9z3tHPSCvCKM-t@o8_v50ul6Qd(-^<9%*4On3dfh z0qq?Jn}M!YRV7pM*I+dQS11!EF*s#^hXJAjc+f-y8N7E8{Qs+|(6(_~PgFb%G`hcyjCC8QE_}XVWA|dkd5sgKPJMxAqqJU258?-HKU#w_b zo3Ms$%M~qqsS~<{#}km%o^aQff^p!_2TMF@K6cIU2j>f`BtLetESm42mKzhVmg;}{ zX~PjUAD=VVk1NmlC*64#Uf$5apn~_WE%D%%_}=vV*0uU9F@w6n_n@e)wIY&QM6`rm z%U5SwzhI3S9I^{QV<3-yKY|A1&3+VBJp%62$d~|F72Fqt!6qt5^lPD$m9*fzdr-OR#aeFEjhzd_Ww7KkTaNkDXXIQo$%I zmj}%4Zm;=nYy0x?)==AzS$%6Zs)2w%`Do9o;=6RHC^3aQNbiKeB~KRsEZtTF!v2|C!6rl z+OA`du3%uhvMWm4e~;c5*a*6_;ZF;tYdtt;eg$u#n{rZ&}EviHDY>({_k+TUT5x;d=B`nkLmEPW);l4mN z5C5EkrLQ4-i|6|*KAya)TgxIWsoUD6*VLkKx`4x2RF=#E`7X>TF@n|;r2zl&s^~R$n}Moy?FM! z&9Dseji9KzM=vaXi1@FEdn@b@ojl^o{U@0_>f*i*lrWNy&Z+(Dhv)V?Z15*`b~t|{ z0=~=Q!uoi4t$dWxktMbeN`#AdWLks(ze|nqeu(tA)6EAc5|B`D5QHerhSMVm`XO=< zdkLjRcqbnq21y#fL60!uJ)9)O4j!UPSYM%px!IL(Z$=ya%6}+_wWA(3H}Ls z{+rzv00s2Y^=D*^e;EP+Q$HFn4n?iHSr(H+n)iFF%g(GY5cp0}GFE_vz635&`ctR^ z6*xNVTSL8VZPpsb#Y39EI8V~=x%Xr+Hqu#nUtz6IE4HGgE1HS#gV=#H(hj(6?Q~NY zbrlt_!Ogv2zyLpZrm99F8F`y}&%S$aq&`~{eWh2BdpOkUNZY++m~WmYcya?^0^2SC z#ofXM#HZ&+x?DN(Q-p>(PXrnY1QVKYrm)Zu{F>)DZ9|Q#HGRS@4q}69i;NDQsXd0N zW>|)5v!~*PYS6MOFIF-=Y4a>4vn8rXXJ{D~fd;^3mZipA3Or}^vT+o8R2+WidM@$I zn4yj=MN#c`C4bC~OKP2Av#DyMUWPDgquiz6=4guY{a2(;JQXi9L#EuNN-A}11DyI4 z%`n2WI_Ykvm#9gpO$ehR1GQgYPQran_v-JLWW*S@E6p zu|lEeHTE=U2*bu1!kDHShl$pf+sVRNEEmq>QD-wvrcbpZwZ{GOy-GZ>8KxgvMud+f2Y5F7lGJvMvPneWLLF!JLNJ>%fBlk;pz z$N9E#gfN&k!mZ36tAqZ9?eR2QrV@RYq50Y%S-J>ibw5dU4$~#u=BYILjy~~~{(7*Q z4hwq-V^Re3PapAn3x3cWs!MTQxJ;9iIL9^)qDCLYbtx_kA)Oq06d#}mm`_&m&k&sR=F}c~e&}C8=t+~i- z`{(3ATMy4NlbaS+%lIr+-IdLynAv6^jQDUqNDb>Fs$E%0oleuJmgvcRR4VJ;Lq}bf zN_}eCk6mVqRw3DnCaOxO(@|D~bIjOs3%)ppFrqngFuSO1a(>im%|oHyUC7|5W~GD7 zt8qF}+UD5gSfVGjQnscp)?=l>u!&SAE^58L-cLgq<4wD(P4xJf(gaECu*LekRIc@A zl+1(uTVBd?nF0Hao-e66T(^~OpDh=uq0JxAyZ|22qhy+vW%#T_x5XlLp=PLkJI$8l zc3+)r>O)QxNBRk;17_+i^m}ZoAd4tctb*K~&m`-DI8MfO~~w3CfX zKhrGQW8%@6APkxAaMN{9?Ng(kywyjIi>R2xq<+@=jM}67sC_5T_Ih-kXV-EkOP3a_ zhCZuwj!h+hKzO8PsruTDZ)Q17#t&lI+)PvSrJih@r%VCv4Y=of!f@7Z$JsN$?KHY@ zh#p|Sn|x6O|H*p*$KcCsnPH4F*c&DK$kKGFf9zlAj*I3;N}rU3N+&KBb%aM9;4wRA zOt=TF{kI<{3uZk<@4#L?is!--&@K*s5^;erAU-}^;yi_T!HflX!~j1B%=TDpyU!rD zPPeI|EL;1wHW)|GHL*GvoaTjL^3Yh-GyD0nx!H<`L9^MM4bIDRVzxG#>1KYl7%sLu zNt_KPn|MK(H75{8ekJl|JKm4#wNpBuuF8poD5jZJymW5T+9o>YO4H_P%xo{hmKTK% zC7;uIEn!YCF}5^TN)X1Sy5^O#rpm(-(>0ro)}h^`i^+40U8c5lM=PHT?4+Aui)yD4 z%d44=k*bW6>SQr14EOt02l27~Dxc~X3cXhKtS6FUKh956TB1@t#Hy3cv3uT5Q_Z-Z zt^np&?XHfE#5$dvcL&_S91R9t0qwboGT0na$+BLI&CXOeCZ9Lzypt_)sgA}p_4P$P zi`}h$iC<`@RZHmMdn%}aD&E~*9d zn5`bP!IqlT%Ddqq#u#Hkl7*JkD($F2_e4P$=l-!->aD1)*~IOAQ&-wp0Y;i;7LDaluk8xxeCdHv2(wvoyv~#wbgqyr zUyhBVkWD4%79-Quwb7-}X@&00qNnuvu-tATjEqpqjhKu!V&vtN zS>?FVaoyZ38v91Ep>($S6uVq%Vs3rfRm*@UR-`4v(8HQc9f6!9b2T)#?QA8k}%mzF)(c&&GvH^GhlLm|uol zUgr`XNoO3qWT4I|gU?<}>A6|>@k66@R4c)Hy(EE|vS549u^d*|(iu@$0y zeFab*&DJdhOK^7y?hXfs;BE(ZmxH^LAi>?;-Q7L7%YlOi65I*yl#3j)gsVxdDT1jfYDNrdUy0El{+usaqasiPRD+=a#|!c zO|Bt#u}K@pmfNn)qu-pSEyj;AR6O8Dw9+$Qt>!^iSaJQ@8COpyqs(AId&1PWd3yh1b-~T!;}X?1q)YsY?!f{c2GJoat!< z)ZQi%By8EvO?9-a71y8^#VCEvHHEt}N$L*0#g$v+9M_`~AW5;0{#N*1jDxAucwK%n zMa2mDygl#LAo~#t(5I5g?v>~XqHtYEX63iBTrOu~Br5jlq+VLiO z;sH%2#CW2}P%y4o0D$1Sibpg?e5Z;%4pEQM$#of2Zy4E&vB;JqH%zZ%!hLnPm8f_D zK{VD6#PoA!@8%B>8ks_kE<@io-#`JF{u*k z6@$4eht!$?H7ZQXExzg`C#5Q(Q!pg~R^^uu+JY2(4G6pY_=>lIp-|@WQChJu92*^* zV1ln=MJ>G-&GJ3|7G2{}WnOJM_Sm3-)b|Rs!%eCkv~#z^a_+mlbgru$8!35)d%W_Y z0v|S;GEshaGj1D^q^ayV>^H>Uox|mcgdi(a zNz?dk#FaJ_1uT_rq7lk#!5LF^&GK#C978XALv#^7>(M#|7fEFp^O zQoug?B_1q83%w%A)Tqmzj?c|j`c108Vz^rf9pgGTH?6veI{kC^Lno{I%@O#EM&n5= z?PI&dzs?{py*d>kbLumG-8D^%b%{3}7Jr^2A}O74%EP$Qbcax+#5AA}mb;5T$<9(YNt7o`d{*b-)M~5{?d5d zvqWnciZwz^nfJk4-%BYEd`REeu*+Q4&UGAFB~8mJ1H!mwn;>1vny%=t@A7n$EU>!5#pCavZke=nVi0-5uS#$)ToK(xt_qmzZNN^+z!({i<#naM+9E!`8vN4CI;2|QOqzkC`=T%ldLDY+>DL~1DT?%2 zraG%A?Lr#G@XQ`0WKmYR_RmhdxrFizu@HO|0=Az4ekgyMIW?pN&%UILE>@33a`cE= zC3%rw>q@BgJ9ZQr9Ryt2;N3{3m|aHCN6~Dn9dDQ}nb9X4IYRc1fMlh*pEx5=MZZ8B z&GggrYyrUwG^>iS>zxT4@A8i0#S$ckl$j=G4~Xv~ikN@w<;uPI-Vl5@g7eMAb3;6jp9g5##{JRy_#mX55>&?nJK`3DW z=hJC6NF&u$=a2BuP}iRVVqGA@bN{-WT22%5T=**}lPwjdWe&U^F^UHL9Hme8=2sK# zJj4#t5euQD$%Qie2R5t4y2MMF5nhprv~sjscD1gL>_~f2)Sh9fCn~1^)uDUs$BaU2E#52ArjOXm5Y|M z$W+Bkbps&dI<5}EJ30F2JEYUA^!XK*)e}C((v{DQUmkLLLs;U$Gr$$~1?~JUZezYR zEKjfWpqKu?XP;IH}C^|HVD@7yxM0LW}2wQ^U^ji$^G-#Myy7{mZhDddoL>l2hH?` zBJg@z!!dK$Royw28eLc=t6B}jy7iAfY-XWML=86!wnJs!JXv)v#+5b2c(qJ5b0`+Sk2r&;{>AXSL>NqW*4!h#487B49^Fju`;-Wt3^b?wC zh9qQOpiEd@_Ibjy|<$b^E1S#^c-lw+dw`EoyG^8&irK8!|3O8IdEt185rMEK;~ zWW!OeY&hC9kM=r*=`)4+xTj{<#z+_G&s#cDPYh|Q4Rxz13j}c2qg)fn%y)-n$19^= z_?Gagd}8Fh_4_{h_}VWl^e$?w%KZ*E4?B&GAjr|J-B{ypk#LYmVfEqiV99YEepK0C zJ6fbmSvs_QzG-`SoSOU?>bv`7NquixRXD*I;ntCzr*a%}BS8#EiPxg6|Sy7T6g zRz!MDpr)2$J2o?{Hoi+Z_;tDy#@h19;&Cj3Y;K;=M?6-98O2?-AhT!JWOeXrP)=D#)JagoXY~uRoNN{ zMG+d~j+fZX{m>F9-mn-)V~Z5lMBlKOVHi^HuCRQwmLYVohU3@tl03@Pr zv(vY63w^%LtZ2dIY)HB*jeZ7SjnN98cwwmtC?e1metX*9 z96{#At!3|A;TpJ}g9ty(0FzHS=GUl|eFM%B=3#cWWG7Qp3YIvKr!H`rlzAm5L zECtk-Y@NK{CE5)!wQ()U$4$-EKlmsmVk75{Y%MhBsSYM-&EXbHYwMhCUodkXHg6 zlZrT#_22(dN-{W)T^`e~1U6A7n zN4mcNoeb%kQ`N0e(@gWx(v5pudN~ASySQK8LOPvW+ESs$AH_AwsCqt#W9` z>#A=styzk0(TL^ng$OJ4SY3g|%5- z>}4UG9~CkpN5o^}(kw`l3s-5ei;!g3mu||RRwA5Er3aQP!#v|z+SQJZIDuUjy`rxn zO|4wv&DF|6GB~&8tfZX2PuuGT=YZ!4{B^2IoZUv69<8~T1c|A>(mHKRo}4cl@aswO zlh>h5YH;@ESH*aDW>+Y+9wa0$U#0DKB&{Ca?i&6UNMq(9r1p>wC1M`(siN|F($l7&mSE( zf&B{*6#L?O!rZm&at8WZkVAAZP@8F6&|Ww>a@jX2&eUoy{s1G31oOvJ0Fdbi2$Py4h6D;4yco z3Y}as&xtW`13Ey(!`&`S`8|DDscR~`J78hoH5{#&8ZYeD2#HG<>>Zm1LAhcJd!2KI zz@VI(#TZiuZ~oyT@N0=~g`(~lt7h))v0p{0rcbM%5-8 zq{xvr?NG4Pjr^T7<@{p!RW65xwhGYtZEBC|hBM+zT0Vm9`t0IP0ir^jT*j_pA;8l8 z=g4^}aJK5%q~lNT>`|)U_r3g4i!X_NFy%Q&E#~}u|?jO zwNYp5d@giJuPrR0a*v=^8uM_LQ&Kz5cP2cqny>AQI*-D#pC@CDx-|)&#shYXwoFck z2$DH;x^!o)9cDB-VLv~tHtlc z5`@7^H@X7|V?jJtr?0F|iN}ix?WnY_RZi9A{>L1YC~D@r89a;bDxN!FO#xTeAc;oh znQI2Pl`~5zQIcM_#+@O`iyXq-I;0+CSVt2PwUWU@=xolaZVCQTDv!4xHYuSOvtK$w zl2|dMUwcui$DA{TL+dBXey`WLHV(O_W>`NCUzIINIKE>XW?3+bWUtKGnr7Iu1Wsx$ z3C8!7bxFjI<4KuaCeqy@-z}WxWi6f$eN^boSrW*Z>D}Z*hW0gVvc8CVj47?^P_5yx zT#*0Dl$kiv5~<)eu!K22QZQDRh&7Xa%v~^sg6Z13a8|yw=_NvEncf@;(SGA#;o(PI zrzZ{|G@!?~)DuKO8&|DZBXBE%V|~4NSgxGm`~eIsan9B#U=_>BE3pzhc@_0+NYK< z>!2PRk{V%O3AMCkNeJ=(?)o8G=dOFotBQ4Poij4y4QRU=p$6$Vv)Om-^)iItHKe#xUB@^R6Yqo0QjGkDOaUZpYg?PL6Xj5ci#@kP( zX0LCnp5huT=~QeG@Ly5=N*P7x^K?&fR=e@eJf#|`n1LJb`s4%{3PkNkRz~SD%QtFgb~$fsbo|mU1v$%yC1NNi$PKmH1bIXnSclo>g57hNMWBLY`^Ws!_wK z+)(q*q7fRskZBv;j%F*Nr46#{GGrrL$)vPcVNhI$zXPXE)aqA3ZoTEU@yJ$Up5*Fw zl6U!|B?+^FvQ>sTgT0>Wvl1~Af$0*S19OLW!DP%uJ8q?#B!vcUwhjqL>J-8+^hq2Q zvZsyur4x_4n2(=mT}`-G&Vk2n)o7j99xb`~H$GoYS=w0y!tp9qGl6N5s^K+&$d#!y z7q@Tobq1!3IzXiphO3Ct^3HrM{Ei}yJyGrgrZNRdJEkGmHFV&9ue-1&bteM6-a0Z; zNM)|gb=ZCfB~QDUWeH{0jyb6H?g*4>bV_qvfFv`x07t2n+X5UnEb%e6wG29Vb}nip zy4O2et53++eW@17p-Sb{l;V${pH)AmSTAGTTPbeQC20=zhJcL|E^j{9-qE7mCd%xU zm~<<$YWO!25~47#L)0vsfo4wGqDeoIz`+gp$;?X6x&xaAYObuIP6RzoIbJR9SR1-#4bISw(BCdqd#AM zYnScWb8GPrBTV3D7y8m;Sec80F7!}bqy8MWK)@@`ZJ_2|4Kup)1$B;``PrnQT#ZHq zIa}79%C+nvD{5DwyyBt`Rn2|hm>+>6cE$RntB;bc%Q`I#8+VO0+;fJGO#ITX(+m1?C39db@#)DCR11UveMTdAtc~Gmh;&(Te$< z716pjSVk9a;iczS`Lfx}vl2f$+&T}DiN^mxnHZ|Z##s`?Q&u?sjyUc0z1NUO}L>coE_oXHnNJ(Vh@SFO`ff8OpIoS{X0 z)q}KdcdBJ9>K;GMmCctvo?mL~0ly@js%3NtPX68qj%-n)&*xFa`_p#o+h)|f{y_+? zP4UT?gYK)H?BzqX+qY59FEc_MyrTs&RysP4Mt@63f)x0Ptj!&n!Po)5L?vJcJ}#vnwf!p9V1Y{h+ST{66}bp`@&`r;Y>Hvu*_HC%2Hac(EM48 zC5wA_T5B@b@N5aYWL5qSzHFx#Yu4kS%FLzX9LHuAM`VA6Vo|&TCwLF-j!yX@%nwQA zOP$1>YntI>yd!jVUcg`2qvr_Ty}LZvmvNVh5pbukaMdClR0@i+-Dhxtb*Bu;#z_vS zO*wlbHITom#LKxebCH&yGtrue)1d{=tc)I}-GyKe)-K?~0G-PYIyml1|Nim59Y&MJc(CIO2_GSI?J%G+_7Jpx|RD+RSCiWsh9m>EIU^@+&i5_6%vpum~O5gqO{?W_~iXr!FOH(5bJNbr~H0y zri=HpxburZ+?s@y&RT;FQU?IRQWTC*(Y9Zlc!#FQo7V8M{Cs?~qZ#cgJ2z>xz=Z{S zzLS6Zs;`|h+<~KC zcJ4YHLWlDm>aVNX?kLa|JLiuTf+9`3=R)b+5Ns}owCYQ$n-6YQP{yO$%mAw1aCG;* zo2-uCN`qZgyl`nJyCbU(G5G|_R^$|2uYd7|PpKSkI5J^y4fi{o4MyDHjtq#D3Cz~u zY`zSgOE>R`hc8=YOnV8Sdk6S`mxu3A0g$MnxVjyDmqBG@T7Bc{+dumCU3!`at=40q zv{49`V@m0R>Jlq)G7<_gXdL#)fpl@9662S@ z=VR z^S^*0?>0q!q(F8St}@=HE+F%FxcUFU|L2|kS3Ha2|HRwBKMO@a5bq{*P5Fy3dy9UUw|R_-n)ZXid8e;#5_$KG)rfc{1d z^M-~nnog2`HCK1Uu~?tfFK$be05&}g5>2qy%VF}NN?DwI+VZ454r!zw-7NGY5TU~G z?#8?FnibzK16#t>-<}$cCRGSE-qN-RBcDOH3uZq@$?#4bkWak^3}hqyd6>8qf0%fk zL&N)wgEtctxYH?!sL_;QO=7qfoHg$T$c%O!ZYp6F?fhZH=yekebxsgY2fKKY9+`oV zC@brcrq2*A7H5%4;us=gFd&G_u=UBjZk6{n1G$dmcXehAOU8m!pF%|xJxwQB&YbJq zDvJIWy@>FfpVSd7Z^#e-feMx$$JwIzPIN;l{b} zO2w=;J?xUzIUjH3?A2H6%2@|Eg(WK|gvMje7C56@0*2tmr)rIUU4Qs{v5l&X>EE$K zGdHZS*Vs~3+<1tKi35?o7@KR03#x8eYUSc1FtEX&({~e`bd+Zoud55(9224Ig+~zS zl*Yf%# zSo2sK$0j%^aM-&1P3b^9jZwE-8pIj3%XgVSk=AB1yYNx-jsJ;Lpw}5fJ(E{5zSxT$ z6xA!=SsFB*VN6~-4d=%83?Xs7T=&oyDHq#$z^mxF@^*|7@;o?LRzPw7WFUvwxNcwM z=-2W?qJVE)>MmbieK>L{ok5T6!E`{vk$I~XF-v%#G&rD3=}Vi%&->(qc?3fG({w{R z6GYW6lY3$?MoY}TS*Y!PNrhfA<1xh!-STnW@_;2Ke3quF&)9iUNU9u>EQ09dXT7cI zrYbXlwVumN+pACrK@vj(E(Xp01|AT)miEE*PeW3Lj7lGtv48#s+JNPLa^c8{-IO)n zx<>_Q`p;WM@F+E+dKgEcxN|yCFYj*PI7${>c53SSwZa$>B3ULu-!eOvoE`!$kc<=T zvdwU60 zU!6TWq@B=t>bNtMk9|uPLELwEhhORu0JvbUDC^#pg+y_ zOIxSrm`3e!HG`ear-|mek9`xva=;wI!B5Xzv~H{s{Sp56ch5>SLW#q-lb)28NX-nd zCSsFJyBTBO3yS&>pj{a2SMuh>AWgAO&@l#I!BvGaxGegE`{5c7Gq<=3k$ejwcdZY)3m`UNOt>s zG2vx6{^m;}!bk7%8wK^kLv#Q)Irz%oTyPJO#BJ*Vwf1lD=t+59nK5Nsg|)Z)pz z|7ziql2Qsb^6rZm3t9Q*t$3r{mQdBizWMD1=2 zenhZ@4Ewvgn@!WeD^d8 zj#gF{F8{a~1GRzJEH?C>y5_%ZatTnNKmi~cDA7YpR~NhRr+8+t8IAF$^#t|;x0b(~ z(2ar2cvIJ2`#lGv6{;JEHNTcVMh!Hv{5pF>JzT9bH!OIiQD;&A{TPNJ%sIH*elxPH zl6}YauE6+1eWn^f;s-aH2`{3A>fXY=c=n4*d%3zl?70hcjYMb94nLD@TTp?)GWF4; z8XcQ^cEBAlV!bn>qU&3`L&xx)Im>LUB^vm%a9pmsl5U#AVQ7^Fr>e8hy3nj7F2S7p zGOATE#CDn}VxrN|r@7lYf%QZeyAr|EXH}aS6xXMJ5XO;bYaOz;S3t{I_~!2Fr<3>w zND;8Lbf%?BBomo~f2D=pYAN_sFO&FrHn=u;bX0qyy%w)2N%^?&u|Hvkg?LuB^Alo{ zLrDo$+n@qZXc5_8BlgZeOxSOByBINj>Fdl&zitU%_|{F%Z(W`Wo~J#YZGGEKIDIa_ zF1pOJ({haR!eW1ZRKiC*Ob7l-Dm6Yv6rHeJwcRM{{8$v0#XH2#*P0O!_xxw$Cyne+ z1ShN!`Gte0H%COn!AkdOPB}7elBH$rqxyy6l!p{9_FsGYZOkzaCVB437z7S)PJ;Ku z5rID-dghrcW@N&1**qgEgzG>R4!tKwx_M*nIc#1O{1VJvI_6vn;eaGd<-Dh79?gq? zg06oBB=Zs+T7S!CN|2DCp!}(!porg>iL03l$jOb_+|k|yT*493;Q`xzJ4(uvXE#fN^1zzc6> z%O1hVr=ugT@qIu&|MkC$3GJK> zey?ZY7a#(YP#+E`IM=#fQEa9h*r_HGu2UE31Bx;vDvUj>S{OAYuR94Bt$4)J3!ELm zq#9h%=!_m0XtV5kir;X;gAa~kK0bU-;i1?)a;Wt9`MqNQz*Fh()uTnLnv&~7^|uN* zTTh{?N&7(5E3Sm&j2g$E`}B^|9B9frLe>7Ehj$*z+}p{1Eo zb(49yhJ$HDYvor%LyvXmXJ$wfy?zZ z{2EqYf{Gvv(Xi*M?6wwm^c5EkoQq&+90ls0!hm+M-$>yYOyUq{+h`N#Gb*Do69uZn zrE%i@NBBpawUBRW&f@FN%4Qxo1twOo1;s5yRmjx&_d#{o#(MIO>4#8%oQeD; z;@uWBQRMN&Jh0}bN52q4go>lv&B>(L18N(@p=tf9S25mRAhp_7?`)w2A{#+v-Zw81 z(=z9`&zO>S`32Tit!T+JR-1U+{8>cl1Qi^PH5h3z5*KK^8|qna{UJtUoI=!|_zNAC z`aJOp3KoV2;$@Yl^fg;Gp?qg@nMEAcM=UM$RSe`;$Vct)TNd;+{0cFy_=F((+_3M6 z9stC~>a#((sai=V6iy6DT}$$KDKf6*Dg~Oc6)lA|s5lSU_(pX(5zK04YH+N_T;PXJ zumpuu4UUY?H3j!^O>B;(i>Lc^B}cZ>yc;`jy|&c{Eut$C7X_)di@e|Sp$9PSxF1m_ zZJNFtM0|9G$}TX?Xroy_c{ukTy_dpD<>W#ANzT@@`L$NJq!B)RE9-`x1?2vu)mM}(xd)iK@EA&7ppTYhSNt<4lLP+} z5V!1g*x@nlS^jrF!*npxy;o5O)@tc4(9j9?ZJMd-i-Ig&X77ieR#8$GPisCMy3EU@nV*q{%Nx!Nc)`zkN%yZ zt>w0?#Z}}@07DDV{7%=g#9PC>IYm0Ys%A>h=>E{G!ra(ON80?rr^-ktgdKZvXkj_# zZdFIqxB_RLNz|WV$5JbmvcAP7)4yUBhb=VR zx(bog@${V|&@HCUQGN6yn9=_zussOMJ7wqaPF7s-_(5o=45O@;f$5X$mn_@!UBFaH zRxh6vX^<_wg0!mr%b=zRP!*1b!pY7^-vl?*Hm!UCS}Rcc)^z$)Mvp3?0Ay%z*mw%E z$*|hnky9d>D@@Fl#SHa=cS<0}ppg^su}v+)ytifdj$=4fP!d1?B`n|v1toaoB&k2s zvQ8fPPpk$N?RM7irVoOi%h%Y3eq@2bkva+b@NRnp5e+@OzfIcuh}UpuG27iNc0%EY zq|B%jKyI)YS%O|Or@Rno=lWnIO75Og_44p-04e^?i*vA}C*7*u*n2hHlxG=;C5ODv z4s>3=?MMHP0YFL@O&+8DB68?c{F&bEJ6?P{vwQPbJJ1Lc z$X^#=3WLG(1;nJT6fLFA?*A%AU*QE|73KyX8y}#Oj$QW?V5#KjjGNro66w z_gI-#bgR%8fU2ga(j~yoD>A+mLZlPCQ!)9od2t_5LZ5{-#inhjlHNvln)G$$&O%-s zv=`2^D?9XI(~WRObr7U-rPnm0((!CK|662Iv(4CAcYGtvijJfj=_7y>S| z*+@omoE)w^_cVi!c!+w(a5#CFPZ1|sDzUhtsg^kc@pOnW9{K=SdpvgY6XA0@Fr2kl|CN2)*>84cLo zq%V|K4C3s$J21?HQVB&JUK^38V{{FDPC@>K0$wk}g)%d#M8+oC3%~@v^aYW3ZB`kF z?8uh2YNU+`H7w(D%$z(Zaa)NJ*mqqHxF|-U zr{<1N^xS7|ljLGGVrSo3TRJ;9R><2tW!pP@5g4s>qksOrn&n7fK$g#KywG!o}hPa{9NC|D7EC2MrDNkCFO!v;TuC{7?A*mht@?PDlm)ANk*Z;{LZ3 e;NLh=8tDITLhvuf6BY^<3jRIU3}yd^@%%rEq`@x$ literal 0 HcmV?d00001 diff --git a/workload/scripts/DSCStorageScripts.zip b/workload/scripts/DSCStorageScripts.zip index 38b8b3c1496d90328221050d6459e25eb3c88811..a02aca446fd5064a9c62f6b0506c451f1f2ab599 100644 GIT binary patch delta 4392 zcmV+@5!ddbOm0000(Z*FF3XLWL6bZKvH zE^u=(d01O9r0r^CVWMtxW3Z${pU0XY=uNQVO20LJ86r;YPt@ z7)5Z;KqN7se9sij0+38f(!1hPK@tb7(Ch_k{OJo8uvmp&B>ShWvtLN@#uMK9wACY3 zTIu^44Kc+;?~NA+9vXkUg-hrtk+Aa*8P8iU3UP`}xSAwUG!<9tjoS8#d8q_?`T;tw z_I03LouJ?sxxY;+y1i*i&B_z(C^r@u=2XGSvC=y(^Ai!O?F>KtaN|WsDf&7`Mrmd= zs9>02p0B6L%u}m|RE*PfR$G^ehtOv;!5>1*`i8U({!RoNMm&EBuHuJK@OX{d8`9+_ z_xjA^c^(H1DH%o~deE5o>0OiAB^a@>$LU=|8nS{iOT>oDrrgk{a6skxPBM`N?BqMB znt4(_auJ-i&dIgY*09pMH21IASgx^)rB&~=^`vEHJ%j!<`o^&qA7gdZ@&i5Odnq;g zNrNi)dP`Hfp6P!yO{ukZo#vETJ5Y1#p6f=y09WMh&!)BBIiSKw}?V(UIe9J7JSMSqZBu}rP& z&)i{gRfL{(3oXW<=gHK$5`v3?PqJo$Etp_2#^w^bn0=eB8T^i$)(@)CIR9R1t3ux2 z;K+xIiyMEYMi@e$l7jU1I%peTuQ5?*O}3GJ=n+zJQZc5;_G`XeGST12pW2m8pYVV| z#C+U=@nXU-W!DbU}r*X7x zSGh;*K3Qt6oQOM$+6LD8Y@S{1vw_;ObG~cu8O(o~R2jEOFu50@kP0xK5H29ZL8cNx z<8*y}LAf7;%giNJi8sZZL6^IFiL_*R_0+}Vl0>RY8PO#_Os<_z_h|9eBuFG?=EdPu zFiBz2u?Qu4hd_xrxE$K_#B+2Wam(^1J@i*)t>c44i%8 z^=f~2xo>amyg2Sudws!I9d+^sozEBFP62L`ccPq)n&;UhBmdmQ_nDLnY=7IG$3Hy5KXL(+ z`LzohCf1>T3zSUJQ(>N}SteTY?eqSS?+IiJV@JD!`HLt5rK1(wX8%4|>du^BFUNCAtz2iTuU}KbI)i_a zhC~GKuU@mGq@ zJNo~Dxa3t9e#G!}S&%f;E7!f+*&X6ZPl$yOG#3|_?#ms6T{IYV@WTsL69N;ib~0D<6&>{%3IG7^Apigz005V7G65Zb)md$C+eQ-pYy@0jgx@)UzeQl#}aSih?Fr(l#WQ-6gHaIsf<0>@FozqWqG&z@0xNlsIoY zFVD=Z{&skh5j6pXHMUm$CnyC9{e(!29o(x7q zVi=?l28w}ym_oPzOWy|-vNVuf97AMe{YtWwl@%CS5GV*B3Box~kvD~W&Mdumuz&dX zgZ(U!LDE4D{~6O0%bDz425A(ape39_E0+a3`k4sc2QkO**-+%eB92G$EXnd^$GlXz zFyX;sO7EN)0Wag@xq#a*Q8Co&~Wz#0#FG z7ju^8gXm?Y`o)b3CC_p$(ifLK4tuz1IEa4&hvlOlP~q{2ABiTAzt#yk1$6}acdJ*AX? zOA!@hhh`p&1v1Q895)L&@m_n6i0IyVwk4=X3CoWA7#;d;A>^k=>8_X(1yZavAMEof zbaufHxa>D*cl&+6eFR@H!z%%`Iw+>yyK{_?`p5D{@(2>G6eGIVvM>J4vkMUhl<=75 z=sCAH=W#U1Spqi4$G*w(D(5-M0~6l90C_m{Ak^KcFe9>-c{DUjYi zYOdFqOpphkFlj?0?~d?T>DLMJcPwZJW=%I8aKbFcw9UVbhRK8~zI)=GgRH%ku?Vzj&s9Sdp+{E{A*T z)(1_oUalZiiJs+-(IgtHBZzU-h?dp$ghihAnq=tI)H;GJsLds&Hfc0yZ!6by8XWsD zlCvP?cN$!R7>bnV<6STUMX<6#qnr*LP` z(^coyktV?q>^NjfMwQ2MGmX$j3NacL_ZEAr5ff>O`KS>^ATFkuDiLst%Vic}ybhro zVf(qWc|;S)YR20!`hi=@IoP*)ssc*z2iJZzh}OH;hMCx@OkRp|G?B~-jy)+F)^c@(NWLIX zo_#h%C9u}P#l2*IN|8?;zX)-fQ&SvwHULa_#i#fllP1(21w^#6Sm+IT{2mw%)&DP^ z{hx4V#HK+J=Z)U9pmTT#Wfhmy8IuWDv_&XDf|mV$y!x8~e7l?I3R@j};Qd+5Xse1U!W_`%nk%_2bLpagZ;6qIa4xvnD4LCb-0Ej4 zYQRJUj@`@+W?{IV5>;w&4S3Wlc}~gftAi{0&AMRE-}D6Rk4`y&lY=IeO$@e z1;zq1>=fF6Kha1*!`n{&MD1k$SIJxn^Cg{);=CzrGl=LOEe@(u^`wP9BDZK~R(8_% z$B*rA8r_eBibwYkUWj9lw=grem$Dog)|ZVacAJ-$P?}(#BNb2G3eA8p!DRt6h!Xh} z=mTAkltT)&@DdVtrH%Ujm}0=#kXbfZCxUckG)mn|-F1LT=@j4SZCZ=JArihNlH9 zCsQMn{#w@x*ClHfqSdzretxUV=wpMG&c?J)+~uj>)`U3~9rmk#GP+aL2iU|6di5f( zakRC6W#N*A(ha20LiUL*Upew6e{Yy_d#6f4dIZ+{)fUo_E$4%TPs+qoFzCe=)0K)o$i=!@30&WUEJ9;TH=n@ zT0fh{O#v)tp)#P=p?51`S9@hbF)5b?F)fot%`llWo)v z*2&H)*${}KKl>aqJ==SB+%bfcxfBb0ZwC`wzST&pb!(lmlu7i>aB}WfdaJ&%-ow^I zU^m00rYEy@IU6z8mx3W}#sc-G8tGFEs4zLIbgVpOf7kM|@`o)i%}Z$SIF=u@0DZTA zM!LPMkTYg*OcvPqIyFUxtlI6qM)eQZgNw;v__5wLAF`pQ($HZKro;+q%p#OgUt>v4 z3TQD8nz5x+6Mwb(M-{GhJU!e-fSo*ado&bl!JEN9b`lZs=@K7^4F`6H<|6Fz{Mab5 zpOC;l(OoEh3gTES)&~fpsG?;nb8zE-f8Q^ESXoc%#H~S^CWz=HRw6E_#uT>ogswK) zAN2)C;}5m9GFvYpMjka^U1sa)j^bprIpCU|XfQk<(U{aS%Svg=A9Qg`pR?-Q6!(tx ze|6Vcw2icKg_`oJBP)iL4A_{|qabkz*QrK6FqlV(jbEFo_3Q9|b<^MUi`APg9nr8> zl()?0&Sh=VaYI8n21R=$c8_Q?P|v~r3hr*;txk?}|AHp(KZN(c1DA#|0Z|Rfbuw2c zg56m+1^@s=m*g=4P&pPP0RT*IXJ=({E^u=(P)h*<6aW+e000O8u68n4^A#QS843UZ i?jZmG8~^|S000000RSKX002FgZ88Bb29PiT00027#%Uk` delta 4628 zcmV+v66@`(;{>AR1c0;wx*dO~Z5&rjT`*QV1^@s@9{>Om0000(Z*FF3XLWL6bZKvH zE^u=(9!Xj`2udL)(9%lhAU zC+dZ=CCA>Pd>KC^5qZ29@_5ff=BLwU1F-e%U&oWFJ+k#DwLT2(0l0rWocoJNILhZC z%>97DoD1;y%JD<^%Kgv}7a$cE&VqsCx;zS1vyo^WUfP43(R4PNjB~}ar7uCc!e1+R z^n(EI8HgwZ)bE&znFo?dNp_c9Du_alWtJUpg+E=vJQgb731qL?IQ^LnuN~p6nvE`* z(nh~bsf#Hlx*wg;bI^a;4O~E5iHM!uB{H9!z{epr=4u=T!9-lH)@swu#-$P%=^eCf z9cy2QI!48B(s=7MbaP#onWZDxQDK}stK8Pg+ct9};j7IQKV5(A1Y}1ZZ0NW^hH+*b z70Gc11`+1@Y7$KywXDg+C{Aa!v6*=AT{ac`!N;tx$y)!fNU(oFz$5Q6eDDPiS7^N^ zTXuA>&pe*zkyn$ELEvKqwW*)n)|p*`kr;cN+}30vDJauOthuZ!41EgwRGx1o6Ul;| zyn?BzBjqC(UbAsVp*0(W0(NQXUl3TX5XIuE*K9m#oe5^pp9XFm>hU377d_vDA+KfB zz>^wH?qJJ{+d6*`YF^y#KG>C<_d?vOna$yj#Lo0D{qqz?t2Gx2)RMu9dlBB+)Y4IOn^UMm#sdU{AeiKl za9K~!)bp&NbZ?RYus+5LC`y>hA(K8{x@?7B7w}cjZ%cpX>WZAYhjF9a0~2b-t++@t zEl?Q{SbaGSaAd~5DX^|MdXZ>1W?+tyZcH+3a{raN3ha$kY}LaR$84Z-(d$Q8EMxC_ zQ+trz6`@F#FaWbMf1DTtBEnuZKH2|wZcT9Imt%$pi5N6iq)7ZTOash!9;H@-?j>yKIR^S zfV)mWw`JY;l;_b08Y%3UUMOJ-QM+OH9MciCjpk#9Yv!e?Ta+v6BI796>aW+qW)cRQ zR#AG$?xTg4N*hTBLCYXp-_5hDV>W18a?ZE?J%xW6lPZxG5hnNC7g7PPC-`&lv6HDt zP`?vkeW2VA!Di-^qQ>iN%xD+ecByI2@cyZT$0Z6>hcco=ahOtDpZ3A(i%Aek%*^xs zsbDsRMW;k5wa>_un1$1!MUOnYYn=Ny-22i4?OW~D4xw$8TmAuBJAwSB|Fm}8h$91Q zS9yQ6*=^~Y>vCD_w~APw$rXF86rj`b?AyxNZ8kOQuyR(I4jMgH1+Pj)tA?#oR+P>v zAGA!$n8jfBS(+E5W676gfOs~|=t|c)f!(cDPI}GrY&IkR?8tSQlyii?&DQH5p5Pz3 zfbs0ghBXr_Uq1#)rs%COP1Ph5OY-geZkK=SD0f+PDyYbRlnW|%Q+tF}8~z4FA4CxA zgD+Dk!p=#gEDaRTg=eA4RBySgS_=M%*BA{Gm)~3#XC4AY$R4{bo8w+E0w3Tmf+wLK zuFx~5_B^%OdXvVIt1c-O`wNy)U-R|?1?y!?mf@wlWbPkSt+4(dT(H2G#r*44l(2tx zf2b)Dt^qU%dYe2WUR>)PZ>Z~ekY6;4;uL!@&#Y$408p8?uG$(W~ ziNJ|{_xAfvtv!;(^~-l7W(%|`{b54OEaaKUgrTFq2LW;`u-Ko_Le{g6aH!S6Gxd3i zoGPVqPtg9or^^ruR&QBF*wko^_xgXicgd-lMe3L&asn)q-sZ4mN?W?evmKsgwmtDa zx7E~+jfkS5H2qhR?8#PY6`_=L|L@9pUdjG@9X~lKcHs>U?{-nxm&SeQV&`U+PfAqc zub7>;^*;o0%KK#bk;BtvK~h&YpZ9)icSt5aAten-b9Qm*yxVfvMu*V`f6RaGgvQmf zi@SXBmo`*4$(w1SO2HZr3(uH0DUEwRVD!^e>f8U>;U-> z1I1W7*GStIEpW(P4)EGZ&%MMpET_G_wpcI{?QkoLT2YGYwE6EhLsGVE%ZZcA0eAh- z$Ras2oR^2sP=7tx->Z54uf6`j@A~*$>&Ph+F}#=fpP$K;O*piIK<06V!!)~d>bHm8 z!KmBs(SmLa0aG007+Rg*e>y&>fX6Hq@(4mB>vxi+tSn|^0aL(W%7SYV^OVN{M=cIolsGiSgC;?) zOWB5o>RQpy&bgdSc7#sOY? zfA-#buV20bfA`F|r;u_X!<_8UiwAOs3$A$-RSS9Tz40Cp(Yp2QnV=q=SRAb|%TAhyHIE3$*;iZ6D9Td~n?HNW${e6CwiV&t+ zDMqwbw*&tY$+-*|B|N4%dd_WMizw`7d!XabE@$s$2*96%@}RM8yR4HFSn z3h}E}e@F8$tQt$Yl&58nBnT5%5ZMt7{niLri1jWI+8C)qG?0;kDV~Rf3U)RMvaIdH z1$kAcF=(Wy3<4=aIFaC8QW^#9R&8jk-PSJERIIvh}0#_UIe?M|eMz`;u;n9ZY1Gp9l4a;h?gk6aU za{!#7Vwtxl+w1u5dB^ug6aZ(jm=cDkg-C}S;kG)iMk=3nO(j#gU#8`U3rCq9gNtx> zB?(GvceMSkTBWiEh~Jy^F)nF!`d7cBlttw>%paAX=-Ra)`u(8E@{@npT<9t_{tY6X<@x$ z%_1a^5(iq|GI=*w+dbBhB5(u^3`eJJe|#91simioCuGfr*ElRzpqZBzHH)Vg&^YR} zPa61O#pszD533e<3VR04u9~k7^%M-jmQBWFRIx2L(Fkp%&_bi)&SGylVls{~A2p&# z#Kjm>B?Mt{xyT}n*8#LbJbrF%9uWgsaJ((l58Oh|{+`uS7Epjcxb{^yT=rgTe`exI zW%7#jfGV|8WcFHbrFm6kw3SDYtF6piU-#%^sbpYhSx02&daGYqg)tP=#M0M|_Ssoh zV5t?`EJ1xL<7QWuBe1n{nq6plM@qEn4MpghO#`cpcFjiZtI<5c8Y)oEzHETInV=m( zjAW7vJd?uSO0M=1$!Fxr({E-{e*vtk;No6zrO2m_p9je1)EMc`8i46jaTniX(gfP0 zfQVKU3yqM+?|>tz{(tf8|AaF`K4y88ReIBc&cOi`Rb0$Ycsdn|x(Ee0p>E#~7O$y4 z?8%tp>1p*6S?REh`O_4CU{0C|<;==MoNJnHy8S zOAPRiRU{|ko5kLG2U~J}e~z)h3_F3wuS6+`ylq`SRa+PTvshdT^9AjV;=C?wJ&5QY zEe^_3HPb>Lkz2GgOFe1h^XJBkO7|mC@#y}+3y}7BGsC&Pm}j_PdD)0!H`h`VN(|;P zQgPSyzz~EHHVc?Rl*lJQKj?a-ASrZ&7m&Cub+mqL1kw!Nym`BNe;b41AXv&`8u_Rm z5<6Yr1Z@*KV+uCSLM8}SjP++e|i?!INa#6u*pK{22!XY`^x99oVzV86Am7i?Ooq5)ez|HhsahD z&flmky$rJ&(3?>IUW(6M)%4XUl+=44Sd{Ay;ecrWePJK?3y#{*3g#-~Q=|*}Zl*$~ zJD}S;EQbRZdp3=h*rU~#&*tE!02W-R2xyt~ZY1oYubfg$e@sV7iwp^9vkY6PjZ&ek z1xKeYU8A6rr$y}~Yqf)Qvb9Rq1Y+nh zLuuuRH{?mge*)fg8qQI}X;AW8v(8Yt`(DxESk3viSbgk(YlvsJch;w~=wO>!KXf}t z(8B4^*KJ9oef&94+{?ZZQ(fG(qPsfuabZfIIhPsmkZ^fF^;jlk! z*sNO|8|A!HOG-E4F;6KlWXh7$=`STUq&#%UP7qA#$+Y{<8rJB`=zwlyB<6dp8Agmi zA`LbwjS*gv;@%>~y*Mi Date: Mon, 18 Sep 2023 15:21:53 -0500 Subject: [PATCH 19/42] updates --- workload/bicep/deploy-baseline.bicep | 8 ++-- .../modules/storageAzureFiles/deploy.bicep | 2 +- workload/portal-ui/portal-ui-baseline.json | 38 +++++++++++-------- 3 files changed, 28 insertions(+), 20 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 5e4402d55..a415845a3 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -56,10 +56,10 @@ param avdIdentityServiceProvider string = 'ADDS' param createIntuneEnrollment bool = false @sys.description('Optional, Identity ID array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') -param avdApplicationGroupIdentitiesIds array = [] +param avdApplicationGroupIdentityId array = [] @sys.description('Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') -param avdApplicationGroupIdentitiesNames array = [] +param avdApplicationGroupIdentityName array = [] @allowed([ 'Group' @@ -1186,7 +1186,7 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if fileShareName: varFslogixFileShareName fileShareMultichannel: (fslogixStoragePerformance == 'Premium') ? true : false storageSku: varFslogixStorageSku - SecurityPrincipalNames: avdApplicationGroupIdentitiesNames + SecurityPrincipalName: avdApplicationGroupIdentityName fileShareQuotaSize: fslogixFileShareQuotaSize storageAccountName: varFslogixStorageName storageToDomainScript: varStorageToDomainScript @@ -1230,7 +1230,7 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr fileShareName: varMsixFileShareName fileShareMultichannel: (msixStoragePerformance == 'Premium') ? true : false storageSku: varMsixStorageSku - SecurityPrincipalNames: avdApplicationGroupIdentitiesNames + SecurityPrincipalName: avdApplicationGroupIdentityName fileShareQuotaSize: msixFileShareQuotaSize storageAccountName: varMsixStorageName storageToDomainScript: varStorageToDomainScript diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 78bcf4827..5e516b408 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -17,7 +17,7 @@ param identityServiceProvider string param serviceObjectsRgName string @sys.description('Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') -param SecurityPrincipalNames array = [] +param SecurityPrincipalName array = [] @sys.description('Storage account name.') param storageAccountName string diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index d54635a9f..e47070d50 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -199,33 +199,41 @@ } }, { - "name": "identityAvdUserAccessGroupsDropDown", + "name": "identityAvdUserAccessGroupDropDown", "type": "Microsoft.Common.DropDown", - "visible": "[not(steps('identity').identityAvdAccess.identityAvdUserAccessGroupsCheckBox)]", - "label": "Groups", + "visible": "[not(steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox)]", + "label": "Group", "defaultValue": "", "filter": true, - "toolTip": "Select the desired group(s) to give access to Azure Virtual Desktop resources and if applicable to FSLogix file share.", - "multiselect": true, + "toolTip": "Select the desired group to give access to Azure Virtual Desktop resources and if applicable to FSLogix file share.", + "multiselect": false, "constraints": { "allowedValues": "[map(steps('identity').identityAvdAccess.groupsApi.value, (item) => parse(concat('{\"label\":\"', item.displayName, '\",\"value\": {\"name\":\"', item.displayName, '\",\"id\":\"', item.id, '\"}}')))]" } }, { - "name": "identityAvdUserAccessGroupsCheckBox", + "name": "identityAvdUserAccessGroupCheckBox", "type": "Microsoft.Common.CheckBox", "visible": true, - "label": "Provide groups IDs instead", + "label": "Manually enter group name/ID", "defaultValue": false, - "toolTip": "When the desired groups are not listed in the drop down, selecting this box will allow for entering the group's ObjectIDs." + "toolTip": "When the desired group are not listed in the drop down, selecting this box will allow for entering the group's ObjectIDs." + }, + { + "name": "identityAvdUserAccessGroupTextBox1", + "type": "Microsoft.Common.TextBox", + "visible": "[steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox]", + "label": "Name", + "toolTip": "Group name to be granted access to Azure Virtual Desktop published items and to create sessions on VMs and single sign-on (SSO) when using AAD as identity provider.", + "placeholder": "Example: AVD-users" }, { - "name": "identityAvdUserAccessGroupsTextBox", + "name": "identityAvdUserAccessGroupTextBox2", "type": "Microsoft.Common.TextBox", - "visible": "[steps('identity').identityAvdAccess.identityAvdUserAccessGroupsCheckBox]", - "label": "ObjectIDs", - "toolTip": "Comma separated list of security groups (ObjectIDs) to be granted access to Azure Virtual Desktop published items and to create sessions on VMs and single sign-on (SSO) when using AAD as identity provider.", - "placeholder": "Example: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX,XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" + "visible": "[steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox]", + "label": "ObjectID", + "toolTip": "ObjectID to be granted access to Azure Virtual Desktop published items and to create sessions on VMs and single sign-on (SSO) when using AAD as identity provider.", + "placeholder": "Example: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" } ] }, @@ -2365,8 +2373,8 @@ "opsTeamTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsOpsTeamTag, 'no')]", "ownerTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsOwnerTag, 'no')]", "costCenterTag": "[if(equals(steps('resourceTagging').resourceTaggingSelection, true), steps('resourceTagging').resourceTags.tagsCostCenterTag, 'no')]", - "avdApplicationGroupIdentitiesIds": "[if(equals(steps('identity').identityAvdAccess.identityAvdUserAccessGroupsCheckBox, true), split(steps('identity').identityAvdAccess.identityAvdUserAccessGroupsTextBox, ','), map(steps('identity').identityAvdAccess.identityAvdUserAccessGroupsDropDown, (item) => item.id))]", - "avdDeployMonitoring": "[steps('monitoring').deployMonitoring]", + "avdApplicationGroupIdentityId": "[if(equals(steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox, true), steps('identity').identityAvdAccess.identityAvdUserAccessGroupTextBox2, steps('identity').identityAvdAccess.identityAvdUserAccessGroupDropDown.id)]", + "avdApplicationGroupIdentityName": "[if(equals(steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox, true), steps('identity').identityAvdAccess.identityAvdUserAccessGroupTextBox1, steps('identity').identityAvdAccess.identityAvdUserAccessGroupDropDown.name)]", "avdDeployMonitoring": "[steps('monitoring').deployMonitoring]", "deployAlaWorkspace": "[if(equals(steps('monitoring').deployMonitoring, true), steps('monitoring').deployMonitoringAlaWorkspace, false)]", "avdAlaWorkspaceDataRetention": "[if(equals(steps('monitoring').deployMonitoringAlaWorkspace, true), steps('monitoring').deployMonitoringNewAlaWorkspaceRetention, 0)]", "alaExistingWorkspaceResourceId": "[if(equals(steps('monitoring').deployMonitoringAlaWorkspace, false), steps('monitoring').alaWorkspaceExistingWorkspacesSelection.id, 'no')]", From f716c70b95f3b656d8b3f75ac0a72a48f7d44a68 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 15:30:10 -0500 Subject: [PATCH 20/42] updates --- workload/bicep/deploy-baseline.bicep | 12 ++++++------ .../bicep/modules/storageAzureFiles/deploy.bicep | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index a415845a3..46fb2156a 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -55,11 +55,11 @@ param avdIdentityServiceProvider string = 'ADDS' @sys.description('Required, Eronll session hosts on Intune. (Default: false)') param createIntuneEnrollment bool = false -@sys.description('Optional, Identity ID array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') -param avdApplicationGroupIdentityId array = [] +@sys.description('Optional, Identity ID to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') +param avdApplicationGroupIdentityId string = '' -@sys.description('Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') -param avdApplicationGroupIdentityName array = [] +@sys.description('Optional, Identity name to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') +param avdApplicationGroupIdentityName string = '' @allowed([ 'Group' @@ -987,7 +987,7 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = { startVmOnConnect: (avdHostPoolType == 'Pooled') ? avdDeployScalingPlan : avdStartVmOnConnect workloadSubsId: avdWorkloadSubsId identityServiceProvider: avdIdentityServiceProvider - applicationGroupIdentitiesIds: avdApplicationGroupIdentitiesIds + applicationGroupIdentitiesIds: array(avdApplicationGroupIdentityId) applicationGroupIdentityType: avdApplicationGroupIdentityType tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' @@ -1018,7 +1018,7 @@ module identity './modules/identity/deploy.bicep' = { enableStartVmOnConnect: avdStartVmOnConnect identityServiceProvider: avdIdentityServiceProvider createStorageDeployment: varCreateStorageDeployment - appGroupIdentitiesIds: avdApplicationGroupIdentitiesIds + appGroupIdentitiesIds: array(avdApplicationGroupIdentityId) tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags } dependsOn: [ diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 5e516b408..5acce5c0d 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -17,7 +17,7 @@ param identityServiceProvider string param serviceObjectsRgName string @sys.description('Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') -param SecurityPrincipalName array = [] +param SecurityPrincipalName string @sys.description('Storage account name.') param storageAccountName string @@ -111,7 +111,7 @@ var varAvdFileShareMetricsDiagnostic = [ ] var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' var vardirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' -var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalNames ${SecurityPrincipalNames}' +var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalNames ${SecurityPrincipalName}' // =========== // // Deployments // // =========== // From 4cde8027ebe7edab4ceea9484aebe0112890f809 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 18 Sep 2023 20:31:16 +0000 Subject: [PATCH 21/42] Generate Parameter Markdowns [danycontre/705b4e20] --- .../autoGenerated/deploy-baseline.bicep.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/workload/docs/autoGenerated/deploy-baseline.bicep.md b/workload/docs/autoGenerated/deploy-baseline.bicep.md index f6905ce1d..fdd890098 100644 --- a/workload/docs/autoGenerated/deploy-baseline.bicep.md +++ b/workload/docs/autoGenerated/deploy-baseline.bicep.md @@ -17,8 +17,8 @@ avdVmLocalUserName | Yes | AVD session host local username. avdVmLocalUserPassword | Yes | AVD session host local password. avdIdentityServiceProvider | No | Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS) createIntuneEnrollment | No | Required, Eronll session hosts on Intune. (Default: false) -avdApplicationGroupIdentitiesIds | No | Optional, Identity ID array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") -avdApplicationGroupIdentitiesNames | No | Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") +avdApplicationGroupIdentityId | No | Optional, Identity ID to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") +avdApplicationGroupIdentityName | No | Optional, Identity name to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") avdApplicationGroupIdentityType | No | Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group) avdIdentityDomainName | Yes | AD domain name. identityDomainGuid | No | AD domain GUID. (Default: "") @@ -208,17 +208,17 @@ Required, Eronll session hosts on Intune. (Default: false) - Default value: `False` -### avdApplicationGroupIdentitiesIds +### avdApplicationGroupIdentityId ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Optional, Identity ID array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") +Optional, Identity ID to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") -### avdApplicationGroupIdentitiesNames +### avdApplicationGroupIdentityName ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") +Optional, Identity name to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") ### avdApplicationGroupIdentityType @@ -1105,11 +1105,11 @@ Enable usage and telemetry feedback to Microsoft. "createIntuneEnrollment": { "value": false }, - "avdApplicationGroupIdentitiesIds": { - "value": [] + "avdApplicationGroupIdentityId": { + "value": "" }, - "avdApplicationGroupIdentitiesNames": { - "value": [] + "avdApplicationGroupIdentityName": { + "value": "" }, "avdApplicationGroupIdentityType": { "value": "Group" From 24fcf6cefc31051d746046beb7f47893e202d61c Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Mon, 18 Sep 2023 15:33:47 -0500 Subject: [PATCH 22/42] updates --- workload/bicep/modules/storageAzureFiles/deploy.bicep | 4 ++-- .../bicep/modules/storageAzureFiles/ntfsPermissions.bicep | 2 +- workload/scripts/Set-NtfsPermissions.ps1 | 1 - 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index ce2eea775..098cb4e8a 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -116,7 +116,7 @@ param storageSolution string param storageCount int = 1 -param storageIndex int = 0 +param storageIndex int = 1 param netBios string = '' @@ -255,7 +255,7 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro _artifactsLocation: _artifactsLocation _artifactsLocationSasToken: _artifactsLocationSasToken //CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "2e21756f-35e3-42f5-b7a5-60154837dc03" -DomainJoinPassword "Admin1234567890!" -DomainJoinUserPrincipalName "admin01@mngenvmcap885230.onmicrosoft.com" -ActiveDirectorySolution "ActiveDirectoryDomainServices" -Environment "AzureCloud" -FslogixSolution "ProfileContainer" -KerberosEncryptionType "AES256" -StorageAccountFullName "stfslnf59d7br" -Netbios "mngenvmcap88523" -OuPath "OU=AVD,OU=Azure,DC=mngenvmcap885230,DC=onmicrosoft,DC=com" -SecurityPrincipalNames "AVD Users" -StorageAccountPrefix "stfslnf59d7br" -StorageAccountResourceGroupName "rg-avd-nf59-dev-use-storage" -StorageCount 1 -StorageIndex 1 -StorageSolution "AzureStorageAccount" -StorageSuffix "core.windows.net" -SubscriptionId "f6d0875c-f868-4019-94d2-bd7c10b761c8" -TenantId "2a3287e8-8fd5-4965-8a7d-2efacfbde54e"' - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution ${ActiveDirectorySolution} -Environment ${environment().name} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -FileShareName ${fileShareName} -Netbios ${netBios} -OuPath "${ouStgPath}" -SecurityPrincipalNames "${securityPrincipalNames}" -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "${managedIdentityClientId}" -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName "${domainJoinUserName}" -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment "${environment().name}" -KerberosEncryptionType "${KerberosEncryption}" -StorageAccountFullName "${storageAccountName}" -FileShareName "${fileShareName}" -Netbios "${netBios}" -OuPath "${ouStgPath}" -SecurityPrincipalNames "${securityPrincipalNames}" -StorageAccountResourceGroupName "${storageObjectsRgName}" -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution "${storageSolution}" -StorageSuffix "${environment().suffixes.storage}" -SubscriptionId "${subscription().subscriptionId}" -TenantId "${subscription().tenantId}"' Location: sessionHostLocation ManagementVmName: managementVmName Timestamp: time diff --git a/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep b/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep index 890c97583..9c78b6d48 100644 --- a/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep +++ b/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep @@ -1,7 +1,7 @@ param _artifactsLocation string @secure() param _artifactsLocationSasToken string -@secure() +//@secure() //TESTING CHANGE BACK param CommandToExecute string //param DeploymentScriptNamePrefix string param Location string diff --git a/workload/scripts/Set-NtfsPermissions.ps1 b/workload/scripts/Set-NtfsPermissions.ps1 index 5f162e9b5..aaa163d7e 100644 --- a/workload/scripts/Set-NtfsPermissions.ps1 +++ b/workload/scripts/Set-NtfsPermissions.ps1 @@ -298,7 +298,6 @@ try # Unmount file share Remove-PSDrive -Name 'Z' -PSProvider 'FileSystem' -Force - Start-Sleep -Seconds 5 Write-Log -Message "Unmounting the Azure file share, $FileShare, succeeded" -Type 'INFO' } } From 9eb79a25bfbeebae36de19f09c2590dae12663fa Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Mon, 18 Sep 2023 15:34:17 -0500 Subject: [PATCH 23/42] Update deploy-baseline.json --- workload/arm/deploy-baseline.json | 864 +++++++++++++++--------------- 1 file changed, 432 insertions(+), 432 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index efbe14e7e..80efbfffb 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8991385264236532554" + "version": "0.21.1.54444", + "templateHash": "5557013711206236146" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -1551,8 +1551,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13424900852533720203" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -1660,8 +1660,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1949461089888612708" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -1790,8 +1790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13758321727740315260" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -2151,8 +2151,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13424900852533720203" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -2260,8 +2260,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1949461089888612708" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -2390,8 +2390,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13758321727740315260" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -2746,8 +2746,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13424900852533720203" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -2855,8 +2855,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1949461089888612708" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -2985,8 +2985,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13758321727740315260" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -3359,8 +3359,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13254490398188493758" + "version": "0.21.1.54444", + "templateHash": "3182944092420253110" } }, "parameters": { @@ -3483,8 +3483,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13424900852533720203" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -3592,8 +3592,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1949461089888612708" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -3722,8 +3722,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13758321727740315260" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -4083,8 +4083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16466569956202275233" + "version": "0.21.1.54444", + "templateHash": "1156178304169403377" } }, "parameters": { @@ -4477,8 +4477,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6244051756844983790" + "version": "0.21.1.54444", + "templateHash": "13379431903908500265" } }, "parameters": { @@ -4621,8 +4621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11523060429621908655" + "version": "0.21.1.54444", + "templateHash": "18035599797024630806" } }, "parameters": { @@ -4755,8 +4755,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18138448975461580741" + "version": "0.21.1.54444", + "templateHash": "15194527127560537713" } }, "parameters": { @@ -4890,8 +4890,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14013632854529536959" + "version": "0.21.1.54444", + "templateHash": "14867461711977977980" } }, "parameters": { @@ -5062,8 +5062,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7208410391413178270" + "version": "0.21.1.54444", + "templateHash": "1856549003153181310" } }, "parameters": { @@ -5209,8 +5209,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1441295184563396187" + "version": "0.21.1.54444", + "templateHash": "3069063252346343891" } }, "parameters": { @@ -5436,8 +5436,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10832170881995198430" + "version": "0.21.1.54444", + "templateHash": "15607599815412583880" } }, "parameters": { @@ -5605,8 +5605,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2843587707978411469" + "version": "0.21.1.54444", + "templateHash": "15387093705469323985" } }, "parameters": { @@ -5756,8 +5756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9516912265776834381" + "version": "0.21.1.54444", + "templateHash": "3735355062180278453" } }, "parameters": { @@ -5970,8 +5970,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13855427510225605048" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -6279,8 +6279,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15302323840134075513" + "version": "0.21.1.54444", + "templateHash": "13887797196136912022" } }, "parameters": { @@ -6611,8 +6611,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4452963820746554211" + "version": "0.21.1.54444", + "templateHash": "12317712979554879023" } }, "parameters": { @@ -6794,8 +6794,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13076250381232532789" + "version": "0.21.1.54444", + "templateHash": "1777331299932618478" } }, "parameters": { @@ -6973,8 +6973,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14734864167323382820" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -7242,8 +7242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6388442941679862584" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { @@ -7323,8 +7323,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11981001948941619649" + "version": "0.21.1.54444", + "templateHash": "17066253197438681775" } }, "parameters": { @@ -7795,8 +7795,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1441295184563396187" + "version": "0.21.1.54444", + "templateHash": "3069063252346343891" } }, "parameters": { @@ -8028,8 +8028,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1441295184563396187" + "version": "0.21.1.54444", + "templateHash": "3069063252346343891" } }, "parameters": { @@ -8344,8 +8344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6055794334432896498" + "version": "0.21.1.54444", + "templateHash": "18066116683157093728" } }, "parameters": { @@ -8695,8 +8695,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18312070779863286178" + "version": "0.21.1.54444", + "templateHash": "13355924704185671618" } }, "parameters": { @@ -8972,8 +8972,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17077330315011430282" + "version": "0.21.1.54444", + "templateHash": "369614872700794013" } }, "parameters": { @@ -9217,8 +9217,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15810256612189281963" + "version": "0.21.1.54444", + "templateHash": "8259083650687909209" } }, "parameters": { @@ -9435,8 +9435,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18312070779863286178" + "version": "0.21.1.54444", + "templateHash": "13355924704185671618" } }, "parameters": { @@ -9712,8 +9712,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17077330315011430282" + "version": "0.21.1.54444", + "templateHash": "369614872700794013" } }, "parameters": { @@ -9957,8 +9957,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15810256612189281963" + "version": "0.21.1.54444", + "templateHash": "8259083650687909209" } }, "parameters": { @@ -10163,8 +10163,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15533129024835162443" + "version": "0.21.1.54444", + "templateHash": "16972778608528683628" } }, "parameters": { @@ -10286,8 +10286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2194807908259933046" + "version": "0.21.1.54444", + "templateHash": "4152038459218204517" } }, "parameters": { @@ -10493,8 +10493,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9060023460609217515" + "version": "0.21.1.54444", + "templateHash": "18134341385828267149" } }, "parameters": { @@ -10633,8 +10633,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15433672522856459960" + "version": "0.21.1.54444", + "templateHash": "15918129007023123856" } }, "parameters": { @@ -10842,8 +10842,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9060023460609217515" + "version": "0.21.1.54444", + "templateHash": "18134341385828267149" } }, "parameters": { @@ -10982,8 +10982,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15433672522856459960" + "version": "0.21.1.54444", + "templateHash": "15918129007023123856" } }, "parameters": { @@ -11208,8 +11208,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16391435070898772883" + "version": "0.21.1.54444", + "templateHash": "3501235843806909866" } }, "parameters": { @@ -11559,8 +11559,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15658666815760358482" + "version": "0.21.1.54444", + "templateHash": "4385347612687619252" } }, "parameters": { @@ -11752,8 +11752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11765890115463110578" + "version": "0.21.1.54444", + "templateHash": "15642916335871461785" } }, "parameters": { @@ -11975,8 +11975,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10093469174160917596" + "version": "0.21.1.54444", + "templateHash": "4623538711374397842" } }, "parameters": { @@ -12141,8 +12141,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10093469174160917596" + "version": "0.21.1.54444", + "templateHash": "4623538711374397842" } }, "parameters": { @@ -12302,8 +12302,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17359386532940218799" + "version": "0.21.1.54444", + "templateHash": "826837070159019998" } }, "parameters": { @@ -12539,8 +12539,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6566216791736784247" + "version": "0.21.1.54444", + "templateHash": "903283518806229825" } }, "parameters": { @@ -12627,8 +12627,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6566216791736784247" + "version": "0.21.1.54444", + "templateHash": "903283518806229825" } }, "parameters": { @@ -12715,8 +12715,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6566216791736784247" + "version": "0.21.1.54444", + "templateHash": "903283518806229825" } }, "parameters": { @@ -12803,8 +12803,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6566216791736784247" + "version": "0.21.1.54444", + "templateHash": "903283518806229825" } }, "parameters": { @@ -12985,8 +12985,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16887146126532845929" + "version": "0.21.1.54444", + "templateHash": "8064453292228188216" } }, "parameters": { @@ -13275,8 +13275,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13751111734870253294" + "version": "0.21.1.54444", + "templateHash": "10470857386601832257" } }, "parameters": { @@ -13679,8 +13679,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18049817812681767445" + "version": "0.21.1.54444", + "templateHash": "15758203474913146406" } }, "parameters": { @@ -13900,8 +13900,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7243327688954436435" + "version": "0.21.1.54444", + "templateHash": "2171521487477022833" } }, "parameters": { @@ -14166,8 +14166,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4893014638403786150" + "version": "0.21.1.54444", + "templateHash": "11635969849932067949" } }, "parameters": { @@ -14344,8 +14344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1136039423442605560" + "version": "0.21.1.54444", + "templateHash": "9771114878684828045" } }, "parameters": { @@ -14554,8 +14554,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7235970953761064746" + "version": "0.21.1.54444", + "templateHash": "2822002657983746088" } }, "parameters": { @@ -14796,8 +14796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9018764467732457380" + "version": "0.21.1.54444", + "templateHash": "12071774351316031070" } }, "parameters": { @@ -15020,8 +15020,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "379315209917035931" + "version": "0.21.1.54444", + "templateHash": "17977254391325929741" } }, "parameters": { @@ -15301,8 +15301,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3278048928000577121" + "version": "0.21.1.54444", + "templateHash": "5284850760210698082" } }, "parameters": { @@ -15538,8 +15538,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17312161537241247734" + "version": "0.21.1.54444", + "templateHash": "18318447449709080836" } }, "parameters": { @@ -15719,8 +15719,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14285784396449865300" + "version": "0.21.1.54444", + "templateHash": "7754983815852819350" } }, "parameters": { @@ -15842,8 +15842,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7489087194642478460" + "version": "0.21.1.54444", + "templateHash": "5263933546195004806" } }, "parameters": { @@ -16035,8 +16035,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14285784396449865300" + "version": "0.21.1.54444", + "templateHash": "7754983815852819350" } }, "parameters": { @@ -16158,8 +16158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7489087194642478460" + "version": "0.21.1.54444", + "templateHash": "5263933546195004806" } }, "parameters": { @@ -16363,8 +16363,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13855427510225605048" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -16664,8 +16664,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -17244,8 +17244,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -17822,8 +17822,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -18406,8 +18406,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -18986,8 +18986,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -19566,8 +19566,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -20146,8 +20146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -20720,8 +20720,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -21360,8 +21360,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4419098572865202916" + "version": "0.21.1.54444", + "templateHash": "132995777022452151" } }, "parameters": { @@ -21521,8 +21521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4452963820746554211" + "version": "0.21.1.54444", + "templateHash": "12317712979554879023" } }, "parameters": { @@ -21710,8 +21710,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14734864167323382820" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -21980,8 +21980,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6388442941679862584" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { @@ -22074,8 +22074,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14734864167323382820" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -22344,8 +22344,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6388442941679862584" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { @@ -22414,8 +22414,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -22998,8 +22998,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -23579,8 +23579,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14285784396449865300" + "version": "0.21.1.54444", + "templateHash": "7754983815852819350" } }, "parameters": { @@ -23702,8 +23702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7489087194642478460" + "version": "0.21.1.54444", + "templateHash": "5263933546195004806" } }, "parameters": { @@ -23906,8 +23906,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13855427510225605048" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -24203,8 +24203,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11988167751495063235" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -24813,8 +24813,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4336683637724916675" + "version": "0.21.1.54444", + "templateHash": "4320117328434371279" } }, "parameters": { @@ -24954,8 +24954,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15278159916904409392" + "version": "0.21.1.54444", + "templateHash": "12710254814965349908" } }, "parameters": { @@ -25332,8 +25332,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3475838612797695045" + "version": "0.21.1.54444", + "templateHash": "6740418827739952012" } }, "parameters": { @@ -25464,8 +25464,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3575334071183911619" + "version": "0.21.1.54444", + "templateHash": "1740953456073265015" } }, "parameters": { @@ -25601,8 +25601,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4251680927905962776" + "version": "0.21.1.54444", + "templateHash": "15814620610091788537" } }, "parameters": { @@ -25796,8 +25796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3502508382555568849" + "version": "0.21.1.54444", + "templateHash": "161566500283768812" } }, "parameters": { @@ -25979,8 +25979,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3968881335142586299" + "version": "0.21.1.54444", + "templateHash": "8510219443070850278" } }, "parameters": { @@ -26182,8 +26182,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14223673717204993341" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -26379,8 +26379,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15469970921150490766" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -26514,8 +26514,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11548486149222715894" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -26728,8 +26728,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18089760146236492183" + "version": "0.21.1.54444", + "templateHash": "12411629325302614699" } }, "parameters": { @@ -26959,8 +26959,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3502508382555568849" + "version": "0.21.1.54444", + "templateHash": "161566500283768812" } }, "parameters": { @@ -27142,8 +27142,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3968881335142586299" + "version": "0.21.1.54444", + "templateHash": "8510219443070850278" } }, "parameters": { @@ -27345,8 +27345,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4293782236966149999" + "version": "0.21.1.54444", + "templateHash": "15837328238442399759" } }, "parameters": { @@ -27556,8 +27556,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5913399027157330378" + "version": "0.21.1.54444", + "templateHash": "17435508871327946334" } }, "parameters": { @@ -27632,8 +27632,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10065918419981417666" + "version": "0.21.1.54444", + "templateHash": "7222366309271203422" } }, "parameters": { @@ -27704,8 +27704,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3475838612797695045" + "version": "0.21.1.54444", + "templateHash": "6740418827739952012" } }, "parameters": { @@ -27835,8 +27835,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14948408905344933172" + "version": "0.21.1.54444", + "templateHash": "13165233376501361165" } }, "parameters": { @@ -28103,8 +28103,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15278159916904409392" + "version": "0.21.1.54444", + "templateHash": "12710254814965349908" } }, "parameters": { @@ -28481,8 +28481,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3475838612797695045" + "version": "0.21.1.54444", + "templateHash": "6740418827739952012" } }, "parameters": { @@ -28613,8 +28613,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3575334071183911619" + "version": "0.21.1.54444", + "templateHash": "1740953456073265015" } }, "parameters": { @@ -28750,8 +28750,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4251680927905962776" + "version": "0.21.1.54444", + "templateHash": "15814620610091788537" } }, "parameters": { @@ -28945,8 +28945,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3502508382555568849" + "version": "0.21.1.54444", + "templateHash": "161566500283768812" } }, "parameters": { @@ -29128,8 +29128,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3968881335142586299" + "version": "0.21.1.54444", + "templateHash": "8510219443070850278" } }, "parameters": { @@ -29331,8 +29331,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14223673717204993341" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -29528,8 +29528,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15469970921150490766" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -29663,8 +29663,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11548486149222715894" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -29877,8 +29877,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18089760146236492183" + "version": "0.21.1.54444", + "templateHash": "12411629325302614699" } }, "parameters": { @@ -30129,8 +30129,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12318171305825941715" + "version": "0.21.1.54444", + "templateHash": "9827695024186149778" } }, "parameters": { @@ -30410,8 +30410,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1253319411655473766" + "version": "0.21.1.54444", + "templateHash": "13490517945116714650" } }, "parameters": { @@ -31258,8 +31258,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14647474702270197476" + "version": "0.21.1.54444", + "templateHash": "3084383436001824498" } }, "parameters": { @@ -31419,8 +31419,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18395782528227461356" + "version": "0.21.1.54444", + "templateHash": "18200832178111445541" } }, "parameters": { @@ -31752,8 +31752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11249227806125160411" + "version": "0.21.1.54444", + "templateHash": "7328126239184883887" } }, "parameters": { @@ -32007,8 +32007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17418930732786956710" + "version": "0.21.1.54444", + "templateHash": "15419094596647888624" } }, "parameters": { @@ -32305,8 +32305,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12768288729117926344" + "version": "0.21.1.54444", + "templateHash": "10645923556503351364" } }, "parameters": { @@ -32521,8 +32521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32724,8 +32724,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32922,8 +32922,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33125,8 +33125,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33318,8 +33318,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33511,8 +33511,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33708,8 +33708,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33913,8 +33913,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -34111,8 +34111,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -34312,8 +34312,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10936395871082409190" + "version": "0.21.1.54444", + "templateHash": "10405060501220354608" } }, "parameters": { @@ -34478,8 +34478,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5187922792757343332" + "version": "0.21.1.54444", + "templateHash": "11877341194593849245" } }, "parameters": { @@ -34695,8 +34695,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13855427510225605048" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -35079,8 +35079,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14952724665705198985" + "version": "0.21.1.54444", + "templateHash": "9397044205333860843" } }, "parameters": { @@ -35298,7 +35298,7 @@ }, "storageIndex": { "type": "int", - "defaultValue": 0 + "defaultValue": 1 }, "netBios": { "type": "string", @@ -35385,8 +35385,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13495975469470590842" + "version": "0.21.1.54444", + "templateHash": "10707961832808434144" } }, "parameters": { @@ -35946,8 +35946,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12642833522973709137" + "version": "0.21.1.54444", + "templateHash": "11907799862370162022" } }, "parameters": { @@ -36141,8 +36141,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14223673717204993341" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -36338,8 +36338,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15469970921150490766" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -36473,8 +36473,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11548486149222715894" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -36680,8 +36680,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8978422488445485344" + "version": "0.21.1.54444", + "templateHash": "4253610036228558936" } }, "parameters": { @@ -36804,8 +36804,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2330136999068913944" + "version": "0.21.1.54444", + "templateHash": "2607160455374616389" } }, "parameters": { @@ -36962,8 +36962,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7449133026505545668" + "version": "0.21.1.54444", + "templateHash": "17862607141263296646" } }, "parameters": { @@ -37191,8 +37191,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4064255398341808902" + "version": "0.21.1.54444", + "templateHash": "1372202156919204831" } }, "parameters": { @@ -37305,8 +37305,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15443293367642845531" + "version": "0.21.1.54444", + "templateHash": "11262013761717354542" } }, "parameters": { @@ -37433,8 +37433,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8600687658951622621" + "version": "0.21.1.54444", + "templateHash": "5334204341302869645" } }, "parameters": { @@ -37671,8 +37671,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6459501732950302720" + "version": "0.21.1.54444", + "templateHash": "252706870723960720" } }, "parameters": { @@ -37903,8 +37903,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5400935325886589806" + "version": "0.21.1.54444", + "templateHash": "7008197552909900283" } }, "parameters": { @@ -38032,8 +38032,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17068545632348399169" + "version": "0.21.1.54444", + "templateHash": "12515062620278558169" } }, "parameters": { @@ -38271,8 +38271,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3413157219428562304" + "version": "0.21.1.54444", + "templateHash": "18008382091828972844" } }, "parameters": { @@ -38472,8 +38472,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9552083555094216543" + "version": "0.21.1.54444", + "templateHash": "14624220085780750615" } }, "parameters": { @@ -38569,8 +38569,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16848435230262465953" + "version": "0.21.1.54444", + "templateHash": "256624618142232879" } }, "parameters": { @@ -38805,8 +38805,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1170033636184107564" + "version": "0.21.1.54444", + "templateHash": "1243731349630169383" } }, "parameters": { @@ -39004,8 +39004,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7313526175877847342" + "version": "0.21.1.54444", + "templateHash": "15439721503188480715" } }, "parameters": { @@ -39175,7 +39175,7 @@ "value": "[parameters('_artifactsLocationSasToken')]" }, "CommandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution {3} -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName {7} -Netbios {8} -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName \"{2}\" -ActiveDirectorySolution \"{3}\" -Environment \"{4}\" -KerberosEncryptionType \"{5}\" -StorageAccountFullName \"{6}\" -FileShareName \"{7}\" -Netbios \"{8}\" -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName \"{11}\" -StorageCount {12} -StorageIndex {13} -StorageSolution \"{14}\" -StorageSuffix \"{15}\" -SubscriptionId \"{16}\" -TenantId \"{17}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, "Location": { "value": "[parameters('sessionHostLocation')]" @@ -39193,8 +39193,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13139569657588595151" + "version": "0.21.1.54444", + "templateHash": "16960560892689102067" } }, "parameters": { @@ -39205,7 +39205,7 @@ "type": "securestring" }, "CommandToExecute": { - "type": "securestring" + "type": "string" }, "Location": { "type": "string" @@ -39358,8 +39358,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14952724665705198985" + "version": "0.21.1.54444", + "templateHash": "9397044205333860843" } }, "parameters": { @@ -39577,7 +39577,7 @@ }, "storageIndex": { "type": "int", - "defaultValue": 0 + "defaultValue": 1 }, "netBios": { "type": "string", @@ -39664,8 +39664,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13495975469470590842" + "version": "0.21.1.54444", + "templateHash": "10707961832808434144" } }, "parameters": { @@ -40225,8 +40225,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12642833522973709137" + "version": "0.21.1.54444", + "templateHash": "11907799862370162022" } }, "parameters": { @@ -40420,8 +40420,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14223673717204993341" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -40617,8 +40617,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15469970921150490766" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -40752,8 +40752,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11548486149222715894" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -40959,8 +40959,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8978422488445485344" + "version": "0.21.1.54444", + "templateHash": "4253610036228558936" } }, "parameters": { @@ -41083,8 +41083,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2330136999068913944" + "version": "0.21.1.54444", + "templateHash": "2607160455374616389" } }, "parameters": { @@ -41241,8 +41241,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7449133026505545668" + "version": "0.21.1.54444", + "templateHash": "17862607141263296646" } }, "parameters": { @@ -41470,8 +41470,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4064255398341808902" + "version": "0.21.1.54444", + "templateHash": "1372202156919204831" } }, "parameters": { @@ -41584,8 +41584,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15443293367642845531" + "version": "0.21.1.54444", + "templateHash": "11262013761717354542" } }, "parameters": { @@ -41712,8 +41712,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8600687658951622621" + "version": "0.21.1.54444", + "templateHash": "5334204341302869645" } }, "parameters": { @@ -41950,8 +41950,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6459501732950302720" + "version": "0.21.1.54444", + "templateHash": "252706870723960720" } }, "parameters": { @@ -42182,8 +42182,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5400935325886589806" + "version": "0.21.1.54444", + "templateHash": "7008197552909900283" } }, "parameters": { @@ -42311,8 +42311,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17068545632348399169" + "version": "0.21.1.54444", + "templateHash": "12515062620278558169" } }, "parameters": { @@ -42550,8 +42550,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "3413157219428562304" + "version": "0.21.1.54444", + "templateHash": "18008382091828972844" } }, "parameters": { @@ -42751,8 +42751,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9552083555094216543" + "version": "0.21.1.54444", + "templateHash": "14624220085780750615" } }, "parameters": { @@ -42848,8 +42848,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "16848435230262465953" + "version": "0.21.1.54444", + "templateHash": "256624618142232879" } }, "parameters": { @@ -43084,8 +43084,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1170033636184107564" + "version": "0.21.1.54444", + "templateHash": "1243731349630169383" } }, "parameters": { @@ -43283,8 +43283,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7313526175877847342" + "version": "0.21.1.54444", + "templateHash": "15439721503188480715" } }, "parameters": { @@ -43454,7 +43454,7 @@ "value": "[parameters('_artifactsLocationSasToken')]" }, "CommandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId {0} -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName {2} -ActiveDirectorySolution {3} -Environment {4} -KerberosEncryptionType {5} -StorageAccountFullName {6} -FileShareName {7} -Netbios {8} -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName {11} -StorageCount {12} -StorageIndex {13} -StorageSolution {14} -StorageSuffix {15} -SubscriptionId {16} -TenantId {17}', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName \"{2}\" -ActiveDirectorySolution \"{3}\" -Environment \"{4}\" -KerberosEncryptionType \"{5}\" -StorageAccountFullName \"{6}\" -FileShareName \"{7}\" -Netbios \"{8}\" -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName \"{11}\" -StorageCount {12} -StorageIndex {13} -StorageSolution \"{14}\" -StorageSuffix \"{15}\" -SubscriptionId \"{16}\" -TenantId \"{17}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, "Location": { "value": "[parameters('sessionHostLocation')]" @@ -43472,8 +43472,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13139569657588595151" + "version": "0.21.1.54444", + "templateHash": "16960560892689102067" } }, "parameters": { @@ -43484,7 +43484,7 @@ "type": "securestring" }, "CommandToExecute": { - "type": "securestring" + "type": "string" }, "Location": { "type": "string" @@ -43571,8 +43571,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5831184865109646282" + "version": "0.21.1.54444", + "templateHash": "6119438582302440926" } }, "parameters": { @@ -43650,8 +43650,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13801170412739028614" + "version": "0.21.1.54444", + "templateHash": "16350576771018439160" } }, "parameters": { @@ -43808,8 +43808,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "2845847199363525157" + "version": "0.21.1.54444", + "templateHash": "12543587259073888483" } }, "parameters": { @@ -44125,8 +44125,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15175254568957323524" + "version": "0.21.1.54444", + "templateHash": "700207138697825503" } }, "parameters": { @@ -44531,8 +44531,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1253319411655473766" + "version": "0.21.1.54444", + "templateHash": "13490517945116714650" } }, "parameters": { @@ -45379,8 +45379,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14647474702270197476" + "version": "0.21.1.54444", + "templateHash": "3084383436001824498" } }, "parameters": { @@ -45540,8 +45540,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18395782528227461356" + "version": "0.21.1.54444", + "templateHash": "18200832178111445541" } }, "parameters": { @@ -45873,8 +45873,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11249227806125160411" + "version": "0.21.1.54444", + "templateHash": "7328126239184883887" } }, "parameters": { @@ -46128,8 +46128,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17418930732786956710" + "version": "0.21.1.54444", + "templateHash": "15419094596647888624" } }, "parameters": { @@ -46426,8 +46426,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12768288729117926344" + "version": "0.21.1.54444", + "templateHash": "10645923556503351364" } }, "parameters": { @@ -46642,8 +46642,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46845,8 +46845,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47043,8 +47043,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47246,8 +47246,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47439,8 +47439,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47632,8 +47632,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47829,8 +47829,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -48034,8 +48034,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -48232,8 +48232,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -48433,8 +48433,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10936395871082409190" + "version": "0.21.1.54444", + "templateHash": "10405060501220354608" } }, "parameters": { @@ -48599,8 +48599,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5187922792757343332" + "version": "0.21.1.54444", + "templateHash": "11877341194593849245" } }, "parameters": { @@ -48816,8 +48816,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13855427510225605048" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -49149,8 +49149,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -49348,8 +49348,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13855427510225605048" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -49679,8 +49679,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13430172728355935351" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -49879,8 +49879,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13855427510225605048" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -50188,8 +50188,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15404259888082344964" + "version": "0.21.1.54444", + "templateHash": "7945282169717240757" } }, "parameters": { @@ -50288,8 +50288,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7632917119886354766" + "version": "0.21.1.54444", + "templateHash": "11980268490224207781" } }, "parameters": { @@ -50404,8 +50404,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "489773717856929481" + "version": "0.21.1.54444", + "templateHash": "17060282136194389196" } }, "parameters": { @@ -50497,8 +50497,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "4452963820746554211" + "version": "0.21.1.54444", + "templateHash": "12317712979554879023" } }, "parameters": { @@ -50672,8 +50672,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14734864167323382820" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -50941,8 +50941,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "6388442941679862584" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { From dc2db3cd582d01c76e500083cfb0a44917494856 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 15:46:54 -0500 Subject: [PATCH 24/42] updates --- workload/portal-ui/portal-ui-baseline.json | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json index e47070d50..38fa8e11f 100644 --- a/workload/portal-ui/portal-ui-baseline.json +++ b/workload/portal-ui/portal-ui-baseline.json @@ -215,24 +215,24 @@ "name": "identityAvdUserAccessGroupCheckBox", "type": "Microsoft.Common.CheckBox", "visible": true, - "label": "Manually enter group name/ID", + "label": "Provide group details", "defaultValue": false, - "toolTip": "When the desired group are not listed in the drop down, selecting this box will allow for entering the group's ObjectIDs." + "toolTip": "When the desired group is not listed in the drop down, selecting this box will allow for entering the group's ObjectID and name. this information will be used to setup AVD access and FSLogix's file share NTFS permissions." }, { "name": "identityAvdUserAccessGroupTextBox1", "type": "Microsoft.Common.TextBox", "visible": "[steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox]", "label": "Name", - "toolTip": "Group name to be granted access to Azure Virtual Desktop published items and to create sessions on VMs and single sign-on (SSO) when using AAD as identity provider.", + "toolTip": "Group name to be granted access to Azure Virtual Desktop published items and FSLogix NTFS permissions.", "placeholder": "Example: AVD-users" }, { "name": "identityAvdUserAccessGroupTextBox2", "type": "Microsoft.Common.TextBox", "visible": "[steps('identity').identityAvdAccess.identityAvdUserAccessGroupCheckBox]", - "label": "ObjectID", - "toolTip": "ObjectID to be granted access to Azure Virtual Desktop published items and to create sessions on VMs and single sign-on (SSO) when using AAD as identity provider.", + "label": "Object ID", + "toolTip": "Group objectID to be granted access to Azure Virtual Desktop published items and FSLogix NTFS permissions.", "placeholder": "Example: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" } ] From f5c4714f7edcaf26d2e9ef31471dc0ba76807460 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 15:53:14 -0500 Subject: [PATCH 25/42] updates --- .../DSCStorageScripts/Configuration.ps1 | 8 ++-- .../script-domainjoinstorage.ps1 | 38 +++---------------- 2 files changed, 10 insertions(+), 36 deletions(-) diff --git a/workload/scripts/DSCStorageScripts/Configuration.ps1 b/workload/scripts/DSCStorageScripts/Configuration.ps1 index 76bfd176f..84d7f4c05 100644 --- a/workload/scripts/DSCStorageScripts/Configuration.ps1 +++ b/workload/scripts/DSCStorageScripts/Configuration.ps1 @@ -20,9 +20,9 @@ param [ValidateNotNullOrEmpty()] [string] $ShareName, - [Parameter(Mandatory = $true)] + [Parameter(Mandatory = $false)] [ValidateNotNullOrEmpty()] - [String]$SecurityPrincipalNames, + [string]$SecurityPrincipalName, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -88,7 +88,7 @@ Configuration DomainJoinFileShare [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] - [String]$SecurityPrincipalNames, + [string]$SecurityPrincipalName, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -216,4 +216,4 @@ $config = @{ ) } -DomainJoinFileShare -ConfigurationData $config -StorageAccountName $StorageAccountName -StorageAccountRG $StorageAccountRG -SubscriptionId $SubscriptionId -ShareName $ShareName -DomainName $DomainName -IdentityServiceProvider $IdentityServiceProvider -AzureCloudEnvironment $AzureCloudEnvironment -CustomOuPath $CustomOuPath -OUName $OUName -CreateNewOU $CreateNewOU -DomainAdminUserName $DomainAdminUserName -DomainAdminUserPassword $DomainAdminUserPassword -ClientId $ClientId -SecurityPrincipalNames $SecurityPrincipalNames -StoragePurpose $StoragePurpose -Verbose; \ No newline at end of file +DomainJoinFileShare -ConfigurationData $config -StorageAccountName $StorageAccountName -StorageAccountRG $StorageAccountRG -SubscriptionId $SubscriptionId -ShareName $ShareName -DomainName $DomainName -IdentityServiceProvider $IdentityServiceProvider -AzureCloudEnvironment $AzureCloudEnvironment -CustomOuPath $CustomOuPath -OUName $OUName -CreateNewOU $CreateNewOU -DomainAdminUserName $DomainAdminUserName -DomainAdminUserPassword $DomainAdminUserPassword -ClientId $ClientId -SecurityPrincipalName $SecurityPrincipalName -StoragePurpose $StoragePurpose -Verbose; \ No newline at end of file diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index be1200993..7857cf165 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -16,7 +16,7 @@ param( [Parameter(Mandatory = $false)] [ValidateNotNullOrEmpty()] - [String]$SecurityPrincipalNames, + [string]$SecurityPrincipalName, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] @@ -184,23 +184,6 @@ Catch { Throw $_ } -try { - Write-Log "Getting security principals" - # Convert Security Principal Names from a JSON array to a PowerShell array - [array]$SecurityPrincipalNames = $SecurityPrincipalNames.Replace("'",'"') | ConvertFrom-Json - Write-Log -Message "Security Principal Names:" -Type 'INFO' - #$SecurityPrincipalNames | Add-Content -Path 'C:\cse.txt' -Force - - # Determine Principal for assignment - #$SecurityPrincipalName = $SecurityPrincipalNames[$i] - #$Group = $Netbios + '\' + $SecurityPrincipalName - #Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' -} -catch { - Write-Log -Message $_ -Type 'ERROR' -} - - Try { Write-Log "setting up general NTFS permission" @@ -215,21 +198,12 @@ Try { $acl.purgeaccessrules($users) $creatorowner = new-object system.security.accesscontrol.filesystemaccessrule("creator owner","modify","containerinherit,objectinherit","inheritonly","allow") $acl.addaccessrule($creatorowner) + # AVD group permissions + $Group = 'd2lsolutions.com' + '\' + $SecurityPrincipalName + Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' + $domainGroup = new-object system.security.accesscontrol.filesystemaccessrule("$group","modify","none","none","allow") + $aclProvidedGroups.setaccessrule($domainGroup) $acl | set-acl -path "${DriveLetter}:" - - for($i = 0; $i -lt $StorageCount; $i++) { - # Determine Principal for assignment - $SecurityPrincipalName = $SecurityPrincipalNames[$i] - $Group = $Netbios + '\' + $SecurityPrincipalName - Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' - - Write-Log "setting up provided identities NTFS permission" - $aclProvidedGroups = get-acl -path "${DriveLetter}:" - $domainusers = new-object system.security.accesscontrol.filesystemaccessrule("$group","modify","none","none","allow") - $aclProvidedGroups.setaccessrule($domainusers) - $acl | set-acl -path "${DriveLetter}:" - } - # Unmount file share Remove-PSDrive -Name $DriveLetter -PSProvider 'FileSystem' -Force Start-Sleep -Seconds 5 From aad85689e79bbcb21e858a899c5a884633b5522a Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Mon, 18 Sep 2023 16:15:59 -0500 Subject: [PATCH 26/42] updates --- workload/bicep/deploy-baseline.bicep | 6 +++--- workload/bicep/modules/storageAzureFiles/deploy.bicep | 3 +-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index c3fb65f99..c33316a6f 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -66,12 +66,12 @@ param avdApplicationGroupIdentitiesIds array = [] @sys.description('Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)') param avdApplicationGroupIdentityType string = 'Group' -param securityPrincipalNames string = 'myavdusers' //testing +param securityPrincipalNames string //testing new param @sys.description('AD domain name.') param avdIdentityDomainName string -param netBios string = 'mngenvmcap88523' //testing +param netBios string //testing new param @sys.description('AD domain GUID. (Default: "")') param identityDomainGuid string = '' @@ -571,7 +571,7 @@ var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFsLogixScriptArguments = (avdIdentityServiceProvider == 'AAD') ? '-volumeshare ${varFslogixSharePath} -storageAccountName ${varFslogixStorageName} -identityDomainName ${avdIdentityDomainName}' : '-volumeshare ${varFslogixSharePath}' var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/moisesjgomez/avdaccelerator/set-ntfspermissions/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/ntfs-setup/workload/' var varFslogixScriptUri = (avdIdentityServiceProvider == 'AAD') ? '${varBaseScriptUri}scripts/Set-FSLogixRegKeysAAD.ps1' : '${varBaseScriptUri}scripts/Set-FSLogixRegKeys.ps1' var varFsLogixScript = (avdIdentityServiceProvider == 'AAD') ? './Set-FSLogixRegKeysAad.ps1' : './Set-FSLogixRegKeys.ps1' //var varCompRgDeploCleanScript = './cleanUpRgDeployments.ps1' diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 098cb4e8a..df3d393b2 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -105,7 +105,7 @@ param managedIdentityClientId string param KerberosEncryption string @sys.description('Location of script. Default is located in workload/scripts') -param _artifactsLocation string = 'https://github.com/moisesjgomez/avdaccelerator/tree/ntfs-permissions/workload/scripts/' +param _artifactsLocation string = 'https://github.com/Azure/avdaccelerator/tree/ntfs-setup/workload/scripts/' @description('SAS Token to access script.') param _artifactsLocationSasToken string = '' @@ -254,7 +254,6 @@ module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServicePro params: { _artifactsLocation: _artifactsLocation _artifactsLocationSasToken: _artifactsLocationSasToken - //CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "2e21756f-35e3-42f5-b7a5-60154837dc03" -DomainJoinPassword "Admin1234567890!" -DomainJoinUserPrincipalName "admin01@mngenvmcap885230.onmicrosoft.com" -ActiveDirectorySolution "ActiveDirectoryDomainServices" -Environment "AzureCloud" -FslogixSolution "ProfileContainer" -KerberosEncryptionType "AES256" -StorageAccountFullName "stfslnf59d7br" -Netbios "mngenvmcap88523" -OuPath "OU=AVD,OU=Azure,DC=mngenvmcap885230,DC=onmicrosoft,DC=com" -SecurityPrincipalNames "AVD Users" -StorageAccountPrefix "stfslnf59d7br" -StorageAccountResourceGroupName "rg-avd-nf59-dev-use-storage" -StorageCount 1 -StorageIndex 1 -StorageSolution "AzureStorageAccount" -StorageSuffix "core.windows.net" -SubscriptionId "f6d0875c-f868-4019-94d2-bd7c10b761c8" -TenantId "2a3287e8-8fd5-4965-8a7d-2efacfbde54e"' CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "${managedIdentityClientId}" -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName "${domainJoinUserName}" -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment "${environment().name}" -KerberosEncryptionType "${KerberosEncryption}" -StorageAccountFullName "${storageAccountName}" -FileShareName "${fileShareName}" -Netbios "${netBios}" -OuPath "${ouStgPath}" -SecurityPrincipalNames "${securityPrincipalNames}" -StorageAccountResourceGroupName "${storageObjectsRgName}" -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution "${storageSolution}" -StorageSuffix "${environment().suffixes.storage}" -SubscriptionId "${subscription().subscriptionId}" -TenantId "${subscription().tenantId}"' Location: sessionHostLocation ManagementVmName: managementVmName From 9689847c5c55a102e0319c70e5fe5b0891a220ea Mon Sep 17 00:00:00 2001 From: moisesjgomez <51566179+moisesjgomez@users.noreply.github.com> Date: Mon, 18 Sep 2023 16:19:16 -0500 Subject: [PATCH 27/42] Update deploy-baseline.json --- workload/arm/deploy-baseline.json | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 80efbfffb..95f1d4957 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.21.1.54444", - "templateHash": "5557013711206236146" + "templateHash": "7193359885627322863" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -120,8 +120,7 @@ } }, "securityPrincipalNames": { - "type": "string", - "defaultValue": "myavdusers" + "type": "string" }, "avdIdentityDomainName": { "type": "string", @@ -130,8 +129,7 @@ } }, "netBios": { - "type": "string", - "defaultValue": "mngenvmcap88523" + "type": "string" }, "identityDomainGuid": { "type": "string", @@ -1300,7 +1298,7 @@ "varZtKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varZtKvName'))]", "varFsLogixScriptArguments": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), format('-volumeshare {0} -storageAccountName {1} -identityDomainName {2}', variables('varFslogixSharePath'), variables('varFslogixStorageName'), parameters('avdIdentityDomainName')), format('-volumeshare {0}', variables('varFslogixSharePath')))]", "varFslogixSharePath": "[format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName'))]", - "varBaseScriptUri": "https://raw.githubusercontent.com/moisesjgomez/avdaccelerator/set-ntfspermissions/workload/", + "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/ntfs-setup/workload/", "varFslogixScriptUri": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), format('{0}scripts/Set-FSLogixRegKeysAAD.ps1', variables('varBaseScriptUri')), format('{0}scripts/Set-FSLogixRegKeys.ps1', variables('varBaseScriptUri')))]", "varFsLogixScript": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), './Set-FSLogixRegKeysAad.ps1', './Set-FSLogixRegKeys.ps1')]", "varAvdAgentPackageLocation": "[format('https://wvdportalstorageblob.blob.{0}/galleryartifacts/Configuration_09-08-2022.zip', environment().suffixes.storage)]", @@ -35080,7 +35078,7 @@ "_generator": { "name": "bicep", "version": "0.21.1.54444", - "templateHash": "9397044205333860843" + "templateHash": "17145130864687829338" } }, "parameters": { @@ -35274,7 +35272,7 @@ }, "_artifactsLocation": { "type": "string", - "defaultValue": "https://github.com/moisesjgomez/avdaccelerator/tree/ntfs-permissions/workload/scripts/", + "defaultValue": "https://github.com/Azure/avdaccelerator/tree/ntfs-setup/workload/scripts/", "metadata": { "description": "Location of script. Default is located in workload/scripts" } @@ -39359,7 +39357,7 @@ "_generator": { "name": "bicep", "version": "0.21.1.54444", - "templateHash": "9397044205333860843" + "templateHash": "17145130864687829338" } }, "parameters": { @@ -39553,7 +39551,7 @@ }, "_artifactsLocation": { "type": "string", - "defaultValue": "https://github.com/moisesjgomez/avdaccelerator/tree/ntfs-permissions/workload/scripts/", + "defaultValue": "https://github.com/Azure/avdaccelerator/tree/ntfs-setup/workload/scripts/", "metadata": { "description": "Location of script. Default is located in workload/scripts" } From f41bcb5893799249cb8bb6d5b23c66a7af9f6e47 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 16:27:26 -0500 Subject: [PATCH 28/42] updates --- workload/bicep/deploy-baseline.bicep | 12 ++++++------ .../bicep/modules/avdManagementPlane/deploy.bicep | 6 +++--- workload/bicep/modules/identity/deploy.bicep | 8 ++++---- .../bicep/modules/storageAzureFiles/deploy.bicep | 4 ++-- 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 46fb2156a..f0310b1d0 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -56,10 +56,10 @@ param avdIdentityServiceProvider string = 'ADDS' param createIntuneEnrollment bool = false @sys.description('Optional, Identity ID to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') -param avdApplicationGroupIdentityId string = '' +param securityPrincipalId string = '' @sys.description('Optional, Identity name to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') -param avdApplicationGroupIdentityName string = '' +param securityPrincipalName string = '' @allowed([ 'Group' @@ -987,7 +987,7 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = { startVmOnConnect: (avdHostPoolType == 'Pooled') ? avdDeployScalingPlan : avdStartVmOnConnect workloadSubsId: avdWorkloadSubsId identityServiceProvider: avdIdentityServiceProvider - applicationGroupIdentitiesIds: array(avdApplicationGroupIdentityId) + securityPrincipalIds: array(securityPrincipalId) applicationGroupIdentityType: avdApplicationGroupIdentityType tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' @@ -1018,7 +1018,7 @@ module identity './modules/identity/deploy.bicep' = { enableStartVmOnConnect: avdStartVmOnConnect identityServiceProvider: avdIdentityServiceProvider createStorageDeployment: varCreateStorageDeployment - appGroupIdentitiesIds: array(avdApplicationGroupIdentityId) + securityPrincipalIds: array(securityPrincipalId) tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags } dependsOn: [ @@ -1186,7 +1186,7 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if fileShareName: varFslogixFileShareName fileShareMultichannel: (fslogixStoragePerformance == 'Premium') ? true : false storageSku: varFslogixStorageSku - SecurityPrincipalName: avdApplicationGroupIdentityName + securityPrincipalName: securityPrincipalName fileShareQuotaSize: fslogixFileShareQuotaSize storageAccountName: varFslogixStorageName storageToDomainScript: varStorageToDomainScript @@ -1230,7 +1230,7 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr fileShareName: varMsixFileShareName fileShareMultichannel: (msixStoragePerformance == 'Premium') ? true : false storageSku: varMsixStorageSku - SecurityPrincipalName: avdApplicationGroupIdentityName + securityPrincipalName: securityPrincipalName fileShareQuotaSize: msixFileShareQuotaSize storageAccountName: varMsixStorageName storageToDomainScript: varStorageToDomainScript diff --git a/workload/bicep/modules/avdManagementPlane/deploy.bicep b/workload/bicep/modules/avdManagementPlane/deploy.bicep index 370e4ad72..9ed02c350 100644 --- a/workload/bicep/modules/avdManagementPlane/deploy.bicep +++ b/workload/bicep/modules/avdManagementPlane/deploy.bicep @@ -16,7 +16,7 @@ param computeTimeZone string param identityServiceProvider string @sys.description('Identity ID to grant RBAC role to access AVD application group.') -param applicationGroupIdentitiesIds array +param securityPrincipalIds array @sys.description('Identity type to grant RBAC role to access AVD application group.') param applicationGroupIdentityType string @@ -240,10 +240,10 @@ module applicationGroups '../../../../carml/1.3.0/Microsoft.DesktopVirtualizatio hostpoolName: hostPoolName tags: tags applications: (applicationGroup.applicationGroupType == 'RemoteApp') ? varRAppApplicationGroupsApps : [] - roleAssignments: !empty(applicationGroupIdentitiesIds) ? [ + roleAssignments: !empty(securityPrincipalIds) ? [ { roleDefinitionIdOrName: 'Desktop Virtualization User' - principalIds: applicationGroupIdentitiesIds + principalIds: securityPrincipalIds principalType: applicationGroupIdentityType } ]: [] diff --git a/workload/bicep/modules/identity/deploy.bicep b/workload/bicep/modules/identity/deploy.bicep index bf0e18e3b..5ca6d207d 100644 --- a/workload/bicep/modules/identity/deploy.bicep +++ b/workload/bicep/modules/identity/deploy.bicep @@ -28,7 +28,7 @@ param enableStartVmOnConnect bool param identityServiceProvider string @sys.description('Required, Identity ID to grant RBAC role to access AVD application group.') -param appGroupIdentitiesIds array +param securityPrincipalIds array @sys.description('Deploy scaling plan.') param deployScalingPlan bool @@ -182,7 +182,7 @@ module storageContributorRoleAssign '../../../../carml/1.3.0/Microsoft.Authoriza }] // Storage File Data SMB Share Contributor -module storageSmbShareContributorRoleAssign '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in appGroupIdentitiesIds: if (createStorageDeployment && (identityServiceProvider == 'AAD') && (!empty(appGroupIdentitiesIds))) { +module storageSmbShareContributorRoleAssign '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in securityPrincipalIds: if (createStorageDeployment && (identityServiceProvider == 'AAD') && (!empty(securityPrincipalIds))) { name: 'Stora-SmbContri-RolAssign-${take('${appGroupIdentitiesId}', 6)}-${time}' scope: resourceGroup('${subscriptionId}', '${storageObjectsRgName}') params: { @@ -192,7 +192,7 @@ module storageSmbShareContributorRoleAssign '../../../../carml/1.3.0/Microsoft.A }] // VM AAD access roles compute RG -module aadIdentityLoginRoleAssign '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in appGroupIdentitiesIds: if (identityServiceProvider == 'AAD' && !empty(appGroupIdentitiesIds)) { +module aadIdentityLoginRoleAssign '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in securityPrincipalIds: if (identityServiceProvider == 'AAD' && !empty(securityPrincipalIds)) { name: 'VM-Login-Comp-${take('${appGroupIdentitiesId}', 6)}-${time}' scope: resourceGroup('${subscriptionId}', '${computeObjectsRgName}') params: { @@ -202,7 +202,7 @@ module aadIdentityLoginRoleAssign '../../../../carml/1.3.0/Microsoft.Authorizati }] // VM AAD access roles service objects RG -module aadIdentityLoginAccessServiceObjects '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in appGroupIdentitiesIds: if (identityServiceProvider == 'AAD' && !empty(appGroupIdentitiesIds)) { +module aadIdentityLoginAccessServiceObjects '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in securityPrincipalIds: if (identityServiceProvider == 'AAD' && !empty(securityPrincipalIds)) { name: 'VM-Login-Serv-${take('${appGroupIdentitiesId}', 6)}-${time}' scope: resourceGroup('${subscriptionId}', '${serviceObjectsRgName}') params: { diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 5acce5c0d..a30dda18f 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -17,7 +17,7 @@ param identityServiceProvider string param serviceObjectsRgName string @sys.description('Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') -param SecurityPrincipalName string +param securityPrincipalName string @sys.description('Storage account name.') param storageAccountName string @@ -111,7 +111,7 @@ var varAvdFileShareMetricsDiagnostic = [ ] var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' var vardirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' -var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalNames ${SecurityPrincipalName}' +var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalNames ${securityPrincipalName}' // =========== // // Deployments // // =========== // From 5dfcac176546107ba31c6a0859422373a9184c3b Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 18 Sep 2023 21:28:33 +0000 Subject: [PATCH 29/42] Generate Parameter Markdowns [danycontre/af301e87] --- workload/docs/autoGenerated/deploy-baseline.bicep.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/workload/docs/autoGenerated/deploy-baseline.bicep.md b/workload/docs/autoGenerated/deploy-baseline.bicep.md index fdd890098..0e48f0f30 100644 --- a/workload/docs/autoGenerated/deploy-baseline.bicep.md +++ b/workload/docs/autoGenerated/deploy-baseline.bicep.md @@ -17,8 +17,8 @@ avdVmLocalUserName | Yes | AVD session host local username. avdVmLocalUserPassword | Yes | AVD session host local password. avdIdentityServiceProvider | No | Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS) createIntuneEnrollment | No | Required, Eronll session hosts on Intune. (Default: false) -avdApplicationGroupIdentityId | No | Optional, Identity ID to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") -avdApplicationGroupIdentityName | No | Optional, Identity name to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") +securityPrincipalId | No | Optional, Identity ID to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") +securityPrincipalName | No | Optional, Identity name to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") avdApplicationGroupIdentityType | No | Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group) avdIdentityDomainName | Yes | AD domain name. identityDomainGuid | No | AD domain GUID. (Default: "") @@ -208,13 +208,13 @@ Required, Eronll session hosts on Intune. (Default: false) - Default value: `False` -### avdApplicationGroupIdentityId +### securityPrincipalId ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) Optional, Identity ID to grant RBAC role to access AVD application group and NTFS permissions. (Default: "") -### avdApplicationGroupIdentityName +### securityPrincipalName ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -1105,10 +1105,10 @@ Enable usage and telemetry feedback to Microsoft. "createIntuneEnrollment": { "value": false }, - "avdApplicationGroupIdentityId": { + "securityPrincipalId": { "value": "" }, - "avdApplicationGroupIdentityName": { + "securityPrincipalName": { "value": "" }, "avdApplicationGroupIdentityType": { From 1eb591aae3c4dc67c8047e8fe92d093177290dd7 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 16:36:55 -0500 Subject: [PATCH 30/42] Update deploy-baseline.bicep --- workload/bicep/deploy-baseline.bicep | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index c33316a6f..fdbe6cd19 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -66,11 +66,10 @@ param avdApplicationGroupIdentitiesIds array = [] @sys.description('Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)') param avdApplicationGroupIdentityType string = 'Group' -param securityPrincipalNames string //testing new param - @sys.description('AD domain name.') param avdIdentityDomainName string +@sys.description('Netbios name, will be used to set NTFS file share permissions.') param netBios string //testing new param @sys.description('AD domain GUID. (Default: "")') @@ -571,7 +570,7 @@ var varZtKvPrivateEndpointName = 'pe-${varZtKvName}-vault' // var varFsLogixScriptArguments = (avdIdentityServiceProvider == 'AAD') ? '-volumeshare ${varFslogixSharePath} -storageAccountName ${varFslogixStorageName} -identityDomainName ${avdIdentityDomainName}' : '-volumeshare ${varFslogixSharePath}' var varFslogixSharePath = '\\\\${varFslogixStorageName}.file.${environment().suffixes.storage}\\${varFslogixFileShareName}' -var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/ntfs-setup/workload/' +var varBaseScriptUri = 'https://raw.githubusercontent.com/Azure/avdaccelerator/ntfs-update/workload/' var varFslogixScriptUri = (avdIdentityServiceProvider == 'AAD') ? '${varBaseScriptUri}scripts/Set-FSLogixRegKeysAAD.ps1' : '${varBaseScriptUri}scripts/Set-FSLogixRegKeys.ps1' var varFsLogixScript = (avdIdentityServiceProvider == 'AAD') ? './Set-FSLogixRegKeysAad.ps1' : './Set-FSLogixRegKeys.ps1' //var varCompRgDeploCleanScript = './cleanUpRgDeployments.ps1' @@ -1176,7 +1175,6 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if createOuForStorageString: varCreateOuForStorageString managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : '' domainJoinUserName: avdDomainJoinUserName - domainJoinUserPassword: avdDomainJoinUserPassword //change to keyvault wrklKvName: varWrklKvName serviceObjectsRgName: varServiceObjectsRgName identityDomainName: avdIdentityDomainName From ae2b3d72cf499c75e7bef882197bc8c568f9c6ed Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 16:44:40 -0500 Subject: [PATCH 31/42] updates --- workload/arm/deploy-baseline.json | 3552 ++++++++++------- workload/bicep/deploy-baseline.bicep | 4 +- .../modules/storageAzureFiles/deploy.bicep | 6 - 3 files changed, 2082 insertions(+), 1480 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index dc367dca8..95f1d4957 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16059823249270768996" + "version": "0.21.1.54444", + "templateHash": "7193359885627322863" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -14,32 +14,32 @@ "deploymentPrefix": { "type": "string", "defaultValue": "AVD1", + "minLength": 2, + "maxLength": 4, "metadata": { "description": "The name of the resource group to deploy. (Default: AVD1)" - }, - "maxLength": 4, - "minLength": 2 + } }, "deploymentEnvironment": { "type": "string", "defaultValue": "Dev", - "metadata": { - "description": "The name of the resource group to deploy. (Default: Dev)" - }, "allowedValues": [ "Dev", "Test", "Prod" - ] + ], + "metadata": { + "description": "The name of the resource group to deploy. (Default: Dev)" + } }, "diskEncryptionKeyExpirationInDays": { "type": "int", "defaultValue": 60, + "minValue": 30, + "maxValue": 730, "metadata": { "description": "This value is used to set the expiration date on the disk encryption key. (Default: 60)" - }, - "minValue": 30, - "maxValue": 730 + } }, "avdSessionHostLocation": { "type": "string", @@ -84,14 +84,14 @@ "avdIdentityServiceProvider": { "type": "string", "defaultValue": "ADDS", - "metadata": { - "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" - }, "allowedValues": [ "ADDS", "AADDS", "AAD" - ] + ], + "metadata": { + "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" + } }, "createIntuneEnrollment": { "type": "bool", @@ -110,14 +110,17 @@ "avdApplicationGroupIdentityType": { "type": "string", "defaultValue": "Group", - "metadata": { - "description": "Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)" - }, "allowedValues": [ "Group", "ServicePrincipal", "User" - ] + ], + "metadata": { + "description": "Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)" + } + }, + "securityPrincipalNames": { + "type": "string" }, "avdIdentityDomainName": { "type": "string", @@ -125,6 +128,9 @@ "description": "AD domain name." } }, + "netBios": { + "type": "string" + }, "identityDomainGuid": { "type": "string", "defaultValue": "", @@ -156,13 +162,13 @@ "avdHostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "AVD host pool type. (Default: Pooled)" - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Pooled)" + } }, "hostPoolPreferredAppGroupType": { "type": "string", @@ -178,24 +184,24 @@ "avdPersonalAssignType": { "type": "string", "defaultValue": "Automatic", - "metadata": { - "description": "AVD host pool type. (Default: Automatic)" - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "AVD host pool type. (Default: Automatic)" + } }, "avdHostPoolLoadBalancerType": { "type": "string", "defaultValue": "BreadthFirst", - "metadata": { - "description": "AVD host pool load balacing type. (Default: BreadthFirst)" - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type. (Default: BreadthFirst)" + } }, "avhHostPoolMaxSessions": { "type": "int", @@ -323,6 +329,17 @@ "description": "Deploy Fslogix setup. (Default: true)" } }, + "fslogixStorageSolution": { + "type": "string", + "defaultValue": "AzureStorageAccount", + "allowedValues": [ + "AzureStorageAccount", + "AzureNetappFiles" + ], + "metadata": { + "description": "Fslogix Storage Solution. Default is Azure Storage Account." + } + }, "createMsixDeployment": { "type": "bool", "defaultValue": false, @@ -330,6 +347,17 @@ "description": "Deploy MSIX App Attach setup. (Default: false)" } }, + "appAttachStorageSolution": { + "type": "string", + "defaultValue": "AzureStorageAccount", + "allowedValues": [ + "AzureStorageAccount", + "AzureNetappFiles" + ], + "metadata": { + "description": "App attach Storage Solution. Default is Azure Storage Account." + } + }, "fslogixFileShareQuotaSize": { "type": "int", "defaultValue": 1, @@ -344,6 +372,17 @@ "description": "MSIX file share size. (Default: 1)" } }, + "kerberosEncryption": { + "type": "string", + "defaultValue": "AES256", + "allowedValues": [ + "AES256", + "RC4" + ], + "metadata": { + "description": "Kerberos Encryption. Default is AES256." + } + }, "avdDeploySessionHosts": { "type": "bool", "defaultValue": true, @@ -396,11 +435,11 @@ "avdDeploySessionHostsCount": { "type": "int", "defaultValue": 1, + "minValue": 1, + "maxValue": 100, "metadata": { "description": "Quantity of session hosts to deploy. (Default: 1)" - }, - "maxValue": 100, - "minValue": 1 + } }, "avdSessionHostCountIndex": { "type": "int", @@ -440,24 +479,24 @@ "fslogixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" + } }, "msixStoragePerformance": { "type": "string", "defaultValue": "Premium", - "metadata": { - "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" - }, "allowedValues": [ "Standard", "Premium" - ] + ], + "metadata": { + "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" + } }, "diskZeroTrust": { "type": "bool", @@ -490,14 +529,14 @@ "securityType": { "type": "string", "defaultValue": "TrustedLaunch", - "metadata": { - "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" - }, "allowedValues": [ "Standard", "TrustedLaunch", "ConfidentialVM" - ] + ], + "metadata": { + "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" + } }, "secureBootEnabled": { "type": "bool", @@ -516,9 +555,6 @@ "avdOsImage": { "type": "string", "defaultValue": "win11_22h2", - "metadata": { - "description": "AVD OS image SKU. (Default: win11-21h2)" - }, "allowedValues": [ "win10_21h2", "win10_21h2_office", @@ -528,7 +564,10 @@ "win11_21h2_office", "win11_22h2", "win11_22h2_office" - ] + ], + "metadata": { + "description": "AVD OS image SKU. (Default: win11-21h2)" + } }, "managementVmOsImage": { "type": "string", @@ -575,194 +614,194 @@ "avdServiceObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-service-objects", + "maxLength": 90, "metadata": { "description": "AVD service resources resource group custom name. (Default: rg-avd-app1-dev-use2-service-objects)" - }, - "maxLength": 90 + } }, "avdNetworkObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-network", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-network)" - }, - "maxLength": 90 + } }, "avdComputeObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-pool-compute", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-pool-compute)" - }, - "maxLength": 90 + } }, "avdStorageObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-storage", + "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-storage)" - }, - "maxLength": 90 + } }, "avdMonitoringRgCustomName": { "type": "string", "defaultValue": "rg-avd-dev-use2-monitoring", + "maxLength": 90, "metadata": { "description": "AVD monitoring resource group custom name. (Default: rg-avd-dev-use2-monitoring)" - }, - "maxLength": 90 + } }, "avdVnetworkCustomName": { "type": "string", "defaultValue": "vnet-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD virtual network custom name. (Default: vnet-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdAlaWorkspaceCustomName": { "type": "string", "defaultValue": "log-avd-app1-dev-use2", + "maxLength": 64, "metadata": { "description": "AVD Azure log analytics workspace custom name. (Default: log-avd-app1-dev-use2)" - }, - "maxLength": 64 + } }, "avdVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD virtual network subnet custom name. (Default: snet-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "private endpoints virtual network subnet custom name. (Default: snet-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD network security group custom name. (Default: nsg-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint network security group custom name. (Default: nsg-pe-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdRouteTableCustomName": { "type": "string", "defaultValue": "route-avd-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "privateEndpointRouteTableCustomName": { "type": "string", "defaultValue": "route-pe-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "Private endpoint route table custom name. (Default: route-avd-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdApplicationSecurityGroupCustomName": { "type": "string", "defaultValue": "asg-app1-dev-use2-001", + "maxLength": 80, "metadata": { "description": "AVD application security custom name. (Default: asg-app1-dev-use2-001)" - }, - "maxLength": 80 + } }, "avdWorkSpaceCustomName": { "type": "string", "defaultValue": "vdws-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom name. (Default: vdws-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdWorkSpaceCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD workspace custom friendly (Display) name. (Default: App1 - Dev - East US 2 - 001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomName": { "type": "string", "defaultValue": "vdpool-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom name. (Default: vdpool-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdHostPoolCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD host pool custom friendly (Display) name. (Default: App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdScalingPlanCustomName": { "type": "string", "defaultValue": "vdscaling-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD scaling plan custom name. (Default: vdscaling-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomName": { "type": "string", "defaultValue": "vdag-desktop-app1-dev-use2-001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom name. (Default: vdag-desktop-app1-dev-use2-001)" - }, - "maxLength": 64 + } }, "avdApplicationGroupCustomFriendlyName": { "type": "string", "defaultValue": "Desktops - App1 - Dev - East US 2 - 001", + "maxLength": 64, "metadata": { "description": "AVD desktop application group custom friendly (Display) name. (Default: Desktops - App1 - East US - Dev - 001)" - }, - "maxLength": 64 + } }, "avdSessionHostCustomNamePrefix": { "type": "string", "defaultValue": "vmapp1duse2", + "maxLength": 11, "metadata": { "description": "AVD session host prefix custom name. (Default: vmapp1duse2)" - }, - "maxLength": 11 + } }, "avsetCustomNamePrefix": { "type": "string", "defaultValue": "avail", + "maxLength": 9, "metadata": { "description": "AVD availability set custom name. (Default: avail)" - }, - "maxLength": 9 + } }, "storageAccountPrefixCustomName": { "type": "string", "defaultValue": "st", + "maxLength": 2, "metadata": { "description": "AVD FSLogix and MSIX app attach storage account prefix custom name. (Default: st)" - }, - "maxLength": 2 + } }, "fslogixFileShareCustomName": { "type": "string", @@ -781,34 +820,34 @@ "avdWrklKvPrefixCustomName": { "type": "string", "defaultValue": "kv", + "maxLength": 5, "metadata": { - "description": "AVD keyvault prefix custom name (with Zero Trust to store credentials to domain join and local admin). (Default: kv)" - }, - "maxLength": 5 + "description": "AVD keyvault prefix custom name. (Default: kv)" + } }, "ztDiskEncryptionSetCustomNamePrefix": { "type": "string", "defaultValue": "des-zt", + "maxLength": 6, "metadata": { "description": "AVD disk encryption set custom name. (Default: des-zt)" - }, - "maxLength": 6 + } }, "ztManagedIdentityCustomName": { "type": "string", "defaultValue": "id-zt", + "maxLength": 5, "metadata": { "description": "AVD managed identity for zero trust to encrypt managed disks using a customer managed key. (Default: id-zt)" - }, - "maxLength": 5 + } }, "ztKvPrefixCustomName": { "type": "string", - "defaultValue": "kv-key", + "defaultValue": "kv-zt", + "maxLength": 5, "metadata": { - "description": "AVD key vault custom name for zero trust and store store disk encryption key (Default: kv-key)" - }, - "maxLength": 6 + "description": "AVD key vault name custom name for zero trust (Default: kv-zt)" + } }, "createResourceTags": { "type": "bool", @@ -827,29 +866,29 @@ "workloadTypeTag": { "type": "string", "defaultValue": "Light", - "metadata": { - "description": "Reference to the size of the VM for your workloads (Default: Light)" - }, "allowedValues": [ "Light", "Medium", "High", "Power" - ] + ], + "metadata": { + "description": "Reference to the size of the VM for your workloads (Default: Light)" + } }, "dataClassificationTag": { "type": "string", "defaultValue": "Non-business", - "metadata": { - "description": "Sensitivity of data hosted (Default: Non-business)" - }, "allowedValues": [ "Non-business", "Public", "General", "Confidential", "Highly-confidential" - ] + ], + "metadata": { + "description": "Sensitivity of data hosted (Default: Non-business)" + } }, "departmentTag": { "type": "string", @@ -861,16 +900,16 @@ "workloadCriticalityTag": { "type": "string", "defaultValue": "Low", - "metadata": { - "description": "Criticality of the workload. (Default: Low)" - }, "allowedValues": [ "Low", "Medium", "High", "Mission-critical", "Custom" - ] + ], + "metadata": { + "description": "Criticality of the workload. (Default: Low)" + } }, "workloadCriticalityCustomValueTag": { "type": "string", @@ -1243,7 +1282,7 @@ "varScalingPlanExclusionTag": "[format('exclude-{0}', variables('varScalingPlanName'))]", "varScalingPlanWeekdaysScheduleName": "[format('Weekdays-{0}', variables('varManagementPlaneNamingStandard'))]", "varScalingPlanWeekendScheduleName": "[format('Weekend-{0}', variables('varManagementPlaneNamingStandard'))]", - "varWrklKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('avdWrklKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), if(parameters('diskZeroTrust'), format('kv-sec-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), format('kv-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar'))))]", + "varWrklKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('avdWrklKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), format('kv-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')))]", "varWrklKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varWrklKvName'))]", "varSessionHostNamePrefix": "[if(parameters('avdUseCustomNaming'), parameters('avdSessionHostCustomNamePrefix'), format('vm{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varSessionHostLocationAcronym')))]", "varAvsetNamePrefix": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}', parameters('avsetCustomNamePrefix'), variables('varComputeStorageResourcesNamingStandard')), format('avail-{0}', variables('varComputeStorageResourcesNamingStandard')))]", @@ -1255,11 +1294,11 @@ "varMsixStorageName": "[if(parameters('avdUseCustomNaming'), format('{0}msx{1}{2}{3}', parameters('storageAccountPrefixCustomName'), variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')), format('stmsx{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')))]", "varManagementVmName": "[format('vmmgmt{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varSessionHostLocationAcronym'))]", "varAlaWorkspaceName": "[if(parameters('avdUseCustomNaming'), parameters('avdAlaWorkspaceCustomName'), format('log-avd-{0}-{1}', variables('varDeploymentEnvironmentLowercase'), variables('varManagementPlaneLocationAcronym')))]", - "varZtKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('ztKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), format('kv-key-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')))]", + "varZtKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('ztKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), format('kv-zt-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')))]", "varZtKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varZtKvName'))]", "varFsLogixScriptArguments": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), format('-volumeshare {0} -storageAccountName {1} -identityDomainName {2}', variables('varFslogixSharePath'), variables('varFslogixStorageName'), parameters('avdIdentityDomainName')), format('-volumeshare {0}', variables('varFslogixSharePath')))]", "varFslogixSharePath": "[format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName'))]", - "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/main/workload/", + "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/ntfs-setup/workload/", "varFslogixScriptUri": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), format('{0}scripts/Set-FSLogixRegKeysAAD.ps1', variables('varBaseScriptUri')), format('{0}scripts/Set-FSLogixRegKeys.ps1', variables('varBaseScriptUri')))]", "varFsLogixScript": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), './Set-FSLogixRegKeysAad.ps1', './Set-FSLogixRegKeys.ps1')]", "varAvdAgentPackageLocation": "[format('https://wvdportalstorageblob.blob.{0}/galleryartifacts/Configuration_09-08-2022.zip', environment().suffixes.storage)]", @@ -1275,20 +1314,11 @@ "varDivisionAvsetValue": "[div(parameters('avdDeploySessionHostsCount'), variables('varMaxAvsetMembersCount'))]", "varDivisionAvsetRemainderValue": "[mod(parameters('avdDeploySessionHostsCount'), variables('varMaxAvsetMembersCount'))]", "varAvsetCount": "[if(greater(variables('varDivisionAvsetRemainderValue'), 0), add(variables('varDivisionAvsetValue'), 1), variables('varDivisionAvsetValue'))]", - "varHostPoolAgentUpdateSchedule": [ - { - "dayOfWeek": "Tuesday", - "hour": 18 - }, - { - "dayOfWeek": "Friday", - "hour": 17 - } - ], "varScalingPlanSchedules": [ { "daysOfWeek": [ "Monday", + "Tuesday", "Wednesday", "Thursday", "Friday" @@ -1323,40 +1353,6 @@ "minute": 0 } }, - { - "daysOfWeek": [ - "Tuesday" - ], - "name": "[format('{0}-agent-updates', variables('varScalingPlanWeekdaysScheduleName'))]", - "offPeakLoadBalancingAlgorithm": "DepthFirst", - "offPeakStartTime": { - "hour": 20, - "minute": 0 - }, - "peakLoadBalancingAlgorithm": "DepthFirst", - "peakStartTime": { - "hour": 9, - "minute": 0 - }, - "rampDownCapacityThresholdPct": 90, - "rampDownForceLogoffUsers": true, - "rampDownLoadBalancingAlgorithm": "DepthFirst", - "rampDownMinimumHostsPct": 0, - "rampDownNotificationMessage": "You will be logged off in 30 min. Make sure to save your work.", - "rampDownStartTime": { - "hour": 19, - "minute": 0 - }, - "rampDownStopHostsWhen": "ZeroActiveSessions", - "rampDownWaitTimeMinutes": 30, - "rampUpCapacityThresholdPct": 80, - "rampUpLoadBalancingAlgorithm": "BreadthFirst", - "rampUpMinimumHostsPct": 20, - "rampUpStartTime": { - "hour": 7, - "minute": 0 - } - }, { "daysOfWeek": [ "Saturday", @@ -1469,6 +1465,7 @@ }, "varStorageAzureFilesDscAgentPackageLocation": "https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip", "varStorageToDomainScriptUri": "[format('{0}scripts/Manual-DSC-Storage-Scripts.ps1', variables('varBaseScriptUri'))]", + "varStorageSetupScriptUri": "[format('{0}scripts/Set-NTFSPermissions.ps1', variables('varBaseScriptUri'))]", "varStorageToDomainScript": "./Manual-DSC-Storage-Scripts.ps1", "varOuStgPath": "[if(not(empty(parameters('storageOuPath'))), format('\"{0}\"', parameters('storageOuPath')), format('\"{0}\"', variables('varDefaultStorageOuPath')))]", "varDefaultStorageOuPath": "[if(equals(parameters('avdIdentityServiceProvider'), 'AADDS'), 'AADDC Computers', 'Computers')]", @@ -1488,12 +1485,6 @@ "ServiceWorkload": "AVD", "CreationTimeUTC": "[parameters('time')]" }, - "varWorkloadKeyvaultTag": { - "Purpose": "Secrets for local admin and domain join credentials" - }, - "varZtKeyvaultTag": { - "Purpose": "Disk encryption keys for zero trust" - }, "varTelemetryId": "[format('pid-2ce4228c-d72c-43fb-bb5b-cd8f3ba2138e-{0}', parameters('avdManagementPlaneLocation'))]", "verResourceGroups": [ { @@ -1558,8 +1549,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8823794279696588123" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -1579,14 +1570,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -1667,8 +1658,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10196623923433376428" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -1681,13 +1672,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -1797,8 +1788,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12106659644963784818" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -2158,8 +2149,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8823794279696588123" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -2179,14 +2170,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2267,8 +2258,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10196623923433376428" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -2281,13 +2272,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2397,8 +2388,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12106659644963784818" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -2753,8 +2744,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8823794279696588123" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -2774,14 +2765,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -2862,8 +2853,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10196623923433376428" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -2876,13 +2867,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -2992,8 +2983,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12106659644963784818" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -3366,8 +3357,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13997721719566643375" + "version": "0.21.1.54444", + "templateHash": "3182944092420253110" } }, "parameters": { @@ -3490,8 +3481,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8823794279696588123" + "version": "0.21.1.54444", + "templateHash": "16305048561599990873" } }, "parameters": { @@ -3511,14 +3502,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -3599,8 +3590,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10196623923433376428" + "version": "0.21.1.54444", + "templateHash": "6750369994052504038" } }, "parameters": { @@ -3613,13 +3604,13 @@ }, "level": { "type": "string", - "metadata": { - "description": "Required. Set lock level." - }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Required. Set lock level." + } }, "notes": { "type": "string", @@ -3729,8 +3720,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12106659644963784818" + "version": "0.21.1.54444", + "templateHash": "1146156557420886689" } }, "parameters": { @@ -4090,8 +4081,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8596842132721557367" + "version": "0.21.1.54444", + "templateHash": "1156178304169403377" } }, "parameters": { @@ -4180,8 +4171,8 @@ "dataRetention": { "type": "int", "defaultValue": 365, - "maxValue": 730, "minValue": 0, + "maxValue": 730, "metadata": { "description": "Optional. Number of days data will be retained for." } @@ -4240,8 +4231,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -4284,14 +4275,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -4484,8 +4475,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16114201815220186510" + "version": "0.21.1.54444", + "templateHash": "13379431903908500265" } }, "parameters": { @@ -4628,8 +4619,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9475182064400951000" + "version": "0.21.1.54444", + "templateHash": "18035599797024630806" } }, "parameters": { @@ -4762,8 +4753,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4737981453812272169" + "version": "0.21.1.54444", + "templateHash": "15194527127560537713" } }, "parameters": { @@ -4897,8 +4888,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3112143349780297195" + "version": "0.21.1.54444", + "templateHash": "14867461711977977980" } }, "parameters": { @@ -5069,15 +5060,15 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "123582376075481853" + "version": "0.21.1.54444", + "templateHash": "1856549003153181310" } }, "parameters": { "name": { "type": "string", - "maxLength": 63, "minLength": 4, + "maxLength": 63, "metadata": { "description": "Required. The data export rule name." } @@ -5216,8 +5207,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16949430988646737619" + "version": "0.21.1.54444", + "templateHash": "3069063252346343891" } }, "parameters": { @@ -5443,8 +5434,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16367350850509170627" + "version": "0.21.1.54444", + "templateHash": "15607599815412583880" } }, "parameters": { @@ -5488,8 +5479,8 @@ "retentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 730, "minValue": -1, + "maxValue": 730, "metadata": { "description": "Optional. The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention." } @@ -5511,8 +5502,8 @@ "totalRetentionInDays": { "type": "int", "defaultValue": -1, - "maxValue": 2555, "minValue": -1, + "maxValue": 2555, "metadata": { "description": "Optional. The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention." } @@ -5612,8 +5603,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4259405973831985687" + "version": "0.21.1.54444", + "templateHash": "15387093705469323985" } }, "parameters": { @@ -5763,8 +5754,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8241310064803100775" + "version": "0.21.1.54444", + "templateHash": "3735355062180278453" } }, "parameters": { @@ -5977,8 +5968,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14509232230386518393" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -6119,14 +6110,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -6286,8 +6277,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "18140433925264498395" + "version": "0.21.1.54444", + "templateHash": "13887797196136912022" } }, "parameters": { @@ -6618,8 +6609,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2291336375760157964" + "version": "0.21.1.54444", + "templateHash": "12317712979554879023" } }, "parameters": { @@ -6801,8 +6792,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16175402431461753105" + "version": "0.21.1.54444", + "templateHash": "1777331299932618478" } }, "parameters": { @@ -6980,8 +6971,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12228099095722756446" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -7249,8 +7240,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7109016207306775504" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { @@ -7330,8 +7321,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1941283932562101832" + "version": "0.21.1.54444", + "templateHash": "17066253197438681775" } }, "parameters": { @@ -7802,8 +7793,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16949430988646737619" + "version": "0.21.1.54444", + "templateHash": "3069063252346343891" } }, "parameters": { @@ -8035,8 +8026,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16949430988646737619" + "version": "0.21.1.54444", + "templateHash": "3069063252346343891" } }, "parameters": { @@ -8351,8 +8342,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16161040747925174642" + "version": "0.21.1.54444", + "templateHash": "18066116683157093728" } }, "parameters": { @@ -8702,8 +8693,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16587720134751287236" + "version": "0.21.1.54444", + "templateHash": "13355924704185671618" } }, "parameters": { @@ -8744,8 +8735,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -8774,14 +8765,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -8979,8 +8970,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12788403587110473233" + "version": "0.21.1.54444", + "templateHash": "369614872700794013" } }, "parameters": { @@ -9224,8 +9215,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7097336330611846796" + "version": "0.21.1.54444", + "templateHash": "8259083650687909209" } }, "parameters": { @@ -9442,8 +9433,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16587720134751287236" + "version": "0.21.1.54444", + "templateHash": "13355924704185671618" } }, "parameters": { @@ -9484,8 +9475,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -9514,14 +9505,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -9719,8 +9710,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12788403587110473233" + "version": "0.21.1.54444", + "templateHash": "369614872700794013" } }, "parameters": { @@ -9964,8 +9955,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7097336330611846796" + "version": "0.21.1.54444", + "templateHash": "8259083650687909209" } }, "parameters": { @@ -10170,8 +10161,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1026634425206978147" + "version": "0.21.1.54444", + "templateHash": "16972778608528683628" } }, "parameters": { @@ -10191,358 +10182,358 @@ "lock": { "type": "string", "defaultValue": "", + "allowedValues": [ + "", + "CanNotDelete", + "ReadOnly" + ], "metadata": { "description": "Optional. Specify the type of lock." + } + }, + "roleAssignments": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "tags": { + "type": "object", + "defaultValue": {}, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Network/applicationSecurityGroups", + "apiVersion": "2022-07-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": {} + }, + { + "condition": "[not(empty(parameters('lock')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', parameters('name'))]", + "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", + "properties": { + "level": "[parameters('lock')]", + "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + ] + }, + { + "copy": { + "name": "applicationSecurityGroup_roleAssignments", + "count": "[length(parameters('roleAssignments'))]" + }, + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-AppSecurityGroup-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", + "principalIds": { + "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" + }, + "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", + "roleDefinitionIdOrName": { + "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" + }, + "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", + "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", + "resourceId": { + "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "4152038459218204517" + } + }, + "parameters": { + "principalIds": { + "type": "array", + "metadata": { + "description": "Required. The IDs of the principals to assign the role to." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource ID of the resource to apply the role assignment to." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. Id of the delegated managed identity resource." + } + } + }, + "variables": { + "builtInRoleNames": { + "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", + "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", + "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", + "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", + "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", + "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", + "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", + "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", + "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", + "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", + "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", + "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", + "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", + "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", + "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", + "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", + "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", + "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", + "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", + "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", + "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", + "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", + "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", + "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", + "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", + "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", + "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", + "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", + "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", + "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", + "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", + "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", + "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" + } + }, + "resources": [ + { + "copy": { + "name": "roleAssignment", + "count": "[length(parameters('principalIds'))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', last(split(parameters('resourceId'), '/')))]", + "name": "[guid(resourceId('Microsoft.Network/applicationSecurityGroups', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", + "properties": { + "description": "[parameters('description')]", + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", + "principalId": "[parameters('principalIds')[copyIndex()]]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + ] + } + ], + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The resource group the application security group was deployed into." }, + "value": "[resourceGroup().name]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the application security group." + }, + "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the application security group." + }, + "value": "[parameters('name')]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference(resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name')), '2022-07-01', 'full').location]" + } + } + } + } + }, + { + "condition": "[parameters('createVnet')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Route-Table-AVD-{0}', parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", + "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('avdRouteTableName')]" + }, + "location": { + "value": "[parameters('sessionHostLocation')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')))), createObject('value', createArray()))]" + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "18134341385828267149" + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name given for the hub route table." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all resources." + } + }, + "routes": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. An Array of Routes to be established within the hub route table." + } + }, + "disableBgpRoutePropagation": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Switch to disable BGP route propagation." + } + }, + "lock": { + "type": "string", + "defaultValue": "", "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] - }, - "roleAssignments": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "tags": { - "type": "object", - "defaultValue": {}, - "metadata": { - "description": "Optional. Tags of the resource." - } - }, - "enableDefaultTelemetry": { - "type": "bool", - "defaultValue": true, - "metadata": { - "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." - } - } - }, - "resources": [ - { - "condition": "[parameters('enableDefaultTelemetry')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2021-04-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", - "properties": { - "mode": "Incremental", - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "resources": [] - } - } - }, - { - "type": "Microsoft.Network/applicationSecurityGroups", - "apiVersion": "2022-07-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": {} - }, - { - "condition": "[not(empty(parameters('lock')))]", - "type": "Microsoft.Authorization/locks", - "apiVersion": "2020-05-01", - "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', parameters('name'))]", - "name": "[format('{0}-{1}-lock', parameters('name'), parameters('lock'))]", - "properties": { - "level": "[parameters('lock')]", - "notes": "[if(equals(parameters('lock'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]" - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - ] - }, - { - "copy": { - "name": "applicationSecurityGroup_roleAssignments", - "count": "[length(parameters('roleAssignments'))]" - }, - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('{0}-AppSecurityGroup-Rbac-{1}', uniqueString(deployment().name, parameters('location')), copyIndex())]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "description": "[if(contains(parameters('roleAssignments')[copyIndex()], 'description'), createObject('value', parameters('roleAssignments')[copyIndex()].description), createObject('value', ''))]", - "principalIds": { - "value": "[parameters('roleAssignments')[copyIndex()].principalIds]" - }, - "principalType": "[if(contains(parameters('roleAssignments')[copyIndex()], 'principalType'), createObject('value', parameters('roleAssignments')[copyIndex()].principalType), createObject('value', ''))]", - "roleDefinitionIdOrName": { - "value": "[parameters('roleAssignments')[copyIndex()].roleDefinitionIdOrName]" - }, - "condition": "[if(contains(parameters('roleAssignments')[copyIndex()], 'condition'), createObject('value', parameters('roleAssignments')[copyIndex()].condition), createObject('value', ''))]", - "delegatedManagedIdentityResourceId": "[if(contains(parameters('roleAssignments')[copyIndex()], 'delegatedManagedIdentityResourceId'), createObject('value', parameters('roleAssignments')[copyIndex()].delegatedManagedIdentityResourceId), createObject('value', ''))]", - "resourceId": { - "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17311918279735735244" - } - }, - "parameters": { - "principalIds": { - "type": "array", - "metadata": { - "description": "Required. The IDs of the principals to assign the role to." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead." - } - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "Required. The resource ID of the resource to apply the role assignment to." - } - }, - "principalType": { - "type": "string", - "defaultValue": "", - "allowedValues": [ - "ServicePrincipal", - "Group", - "User", - "ForeignGroup", - "Device", - "" - ], - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "defaultValue": "2.0", - "allowedValues": [ - "2.0" - ], - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Id of the delegated managed identity resource." - } - } - }, - "variables": { - "builtInRoleNames": { - "Avere Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a')]", - "Avere Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9')]", - "Azure Center for SAP solutions administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7')]", - "Azure Center for SAP solutions reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '05352d14-a920-4328-a0de-4cbe7430e26b')]", - "Azure Center for SAP solutions service role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aabbc5dd-1af0-458b-a942-81af88f9c138')]", - "Azure Kubernetes Service Policy Add-on Deployment": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18ed5180-3e48-46fd-8541-4ea054d57064')]", - "Backup Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b')]", - "Backup Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324')]", - "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", - "Cosmos DB Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa')]", - "Desktop Virtualization Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a959dbd1-f747-45e3-8ba6-dd80f235f97c')]", - "DevTest Labs User": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64')]", - "DNS Resolver Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d')]", - "DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'befefa01-2a29-4197-83a8-272ff33ce314')]", - "DocumentDB Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450')]", - "Domain Services Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'eeaeda52-9324-47f6-8069-5d5bade478b2')]", - "Domain Services Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '361898ef-9ed1-48c2-849c-a832951106bb')]", - "LocalNGFirewallAdministrator role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2')]", - "Log Analytics Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')]", - "Log Analytics Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')]", - "Managed Application Contributor Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')]", - "Managed Application Operator Role": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')]", - "Managed Applications Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')]", - "Monitoring Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')]", - "Monitoring Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')]", - "Network Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7')]", - "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", - "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", - "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Resource Policy Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", - "Site Recovery Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567')]", - "Site Recovery Operator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca')]", - "SQL Managed Instance Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d')]", - "SQL Security Manager": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3')]", - "Storage Account Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab')]", - "Traffic Manager Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a4b10055-b0c7-44c2-b00f-c7b5b3550cf7')]", - "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]", - "Virtual Machine Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4')]", - "Virtual Machine Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c')]", - "Virtual Machine User Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52')]", - "Windows Admin Center Administrator Login": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'a6333a3e-0164-44c3-b281-7a577aff287f')]" - } - }, - "resources": [ - { - "copy": { - "name": "roleAssignment", - "count": "[length(parameters('principalIds'))]" - }, - "type": "Microsoft.Authorization/roleAssignments", - "apiVersion": "2022-04-01", - "scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', last(split(parameters('resourceId'), '/')))]", - "name": "[guid(resourceId('Microsoft.Network/applicationSecurityGroups', last(split(parameters('resourceId'), '/'))), parameters('principalIds')[copyIndex()], parameters('roleDefinitionIdOrName'))]", - "properties": { - "description": "[parameters('description')]", - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]", - "principalId": "[parameters('principalIds')[copyIndex()]]", - "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", - "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]", - "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", - "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]" - } - } - ] - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - ] - } - ], - "outputs": { - "resourceGroupName": { - "type": "string", - "metadata": { - "description": "The resource group the application security group was deployed into." - }, - "value": "[resourceGroup().name]" - }, - "resourceId": { - "type": "string", - "metadata": { - "description": "The resource ID of the application security group." - }, - "value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]" - }, - "name": { - "type": "string", - "metadata": { - "description": "The name of the application security group." - }, - "value": "[parameters('name')]" - }, - "location": { - "type": "string", - "metadata": { - "description": "The location the resource was deployed into." - }, - "value": "[reference(resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name')), '2022-07-01', 'full').location]" - } - } - } - } - }, - { - "condition": "[parameters('createVnet')]", - "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('Route-Table-AVD-{0}', parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('networkObjectsRgName'))]", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('avdRouteTableName')]" - }, - "location": { - "value": "[parameters('sessionHostLocation')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "routes": "[if(variables('varCreateAvdStaicRoute'), createObject('value', createArray(createObject('name', 'AVDServiceTraffic', 'properties', createObject('addressPrefix', 'WindowsVirtualDesktop', 'hasBgpOverride', true(), 'nextHopType', 'Internet')))), createObject('value', createArray()))]" - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16308363173981707308" - } - }, - "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Required. Name given for the hub route table." - } - }, - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]", - "metadata": { - "description": "Optional. Location for all resources." - } - }, - "routes": { - "type": "array", - "defaultValue": [], - "metadata": { - "description": "Optional. An Array of Routes to be established within the hub route table." - } - }, - "disableBgpRoutePropagation": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "Optional. Switch to disable BGP route propagation." - } - }, - "lock": { - "type": "string", - "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, - "allowedValues": [ - "", - "CanNotDelete", - "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10640,8 +10631,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5826842078108214123" + "version": "0.21.1.54444", + "templateHash": "15918129007023123856" } }, "parameters": { @@ -10849,8 +10840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16308363173981707308" + "version": "0.21.1.54444", + "templateHash": "18134341385828267149" } }, "parameters": { @@ -10884,14 +10875,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -10989,8 +10980,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5826842078108214123" + "version": "0.21.1.54444", + "templateHash": "15918129007023123856" } }, "parameters": { @@ -11215,8 +11206,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9596720600329001052" + "version": "0.21.1.54444", + "templateHash": "3501235843806909866" } }, "parameters": { @@ -11277,27 +11268,27 @@ "vnetEncryptionEnforcement": { "type": "string", "defaultValue": "AllowUnencrypted", - "metadata": { - "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." - }, "allowedValues": [ "AllowUnencrypted", "DropUnencrypted" - ] + ], + "metadata": { + "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." + } }, "flowTimeoutInMinutes": { "type": "int", "defaultValue": 0, + "maxValue": 30, "metadata": { "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." - }, - "maxValue": 30 + } }, "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -11333,14 +11324,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -11566,8 +11557,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15295044205283590639" + "version": "0.21.1.54444", + "templateHash": "4385347612687619252" } }, "parameters": { @@ -11759,8 +11750,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15804363095104832975" + "version": "0.21.1.54444", + "templateHash": "15642916335871461785" } }, "parameters": { @@ -11982,8 +11973,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14113542671107167377" + "version": "0.21.1.54444", + "templateHash": "4623538711374397842" } }, "parameters": { @@ -12148,8 +12139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14113542671107167377" + "version": "0.21.1.54444", + "templateHash": "4623538711374397842" } }, "parameters": { @@ -12309,8 +12300,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "18431427062084145620" + "version": "0.21.1.54444", + "templateHash": "826837070159019998" } }, "parameters": { @@ -12546,8 +12537,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10793736702090211494" + "version": "0.21.1.54444", + "templateHash": "903283518806229825" } }, "parameters": { @@ -12634,8 +12625,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10793736702090211494" + "version": "0.21.1.54444", + "templateHash": "903283518806229825" } }, "parameters": { @@ -12722,8 +12713,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10793736702090211494" + "version": "0.21.1.54444", + "templateHash": "903283518806229825" } }, "parameters": { @@ -12810,8 +12801,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10793736702090211494" + "version": "0.21.1.54444", + "templateHash": "903283518806229825" } }, "parameters": { @@ -12984,9 +12975,6 @@ "alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]", "diagnosticLogsRetentionInDays": { "value": "[parameters('avdAlaWorkspaceDataRetention')]" - }, - "hostPoolAgentUpdateSchedule": { - "value": "[variables('varHostPoolAgentUpdateSchedule')]" } }, "template": { @@ -12995,8 +12983,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15982398525226753115" + "version": "0.21.1.54444", + "templateHash": "8064453292228188216" } }, "parameters": { @@ -13110,13 +13098,13 @@ }, "hostPoolType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Personal", "Pooled" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "preferredAppGroupType": { "type": "string", @@ -13132,23 +13120,23 @@ }, "personalAssignType": { "type": "string", - "metadata": { - "description": "Optional. AVD host pool type." - }, "allowedValues": [ "Automatic", "Direct" - ] + ], + "metadata": { + "description": "Optional. AVD host pool type." + } }, "hostPoolLoadBalancerType": { "type": "string", - "metadata": { - "description": "AVD host pool load balacing type." - }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ] + ], + "metadata": { + "description": "AVD host pool load balacing type." + } }, "hostPoolMaxSessions": { "type": "int", @@ -13162,12 +13150,6 @@ "description": "Optional. AVD host pool start VM on Connect." } }, - "hostPoolAgentUpdateSchedule": { - "type": "array", - "metadata": { - "description": "Optional. AVD host pool start VM on Connect." - } - }, "tags": { "type": "object", "metadata": { @@ -13281,7 +13263,9 @@ "diagnosticLogCategoriesToEnable": { "value": "[variables('varHostPoolDiagnostic')]" }, - "agentUpdate": "[if(not(empty(parameters('hostPoolAgentUpdateSchedule'))), createObject('value', createObject('maintenanceWindows', parameters('hostPoolAgentUpdateSchedule'), 'maintenanceWindowTimeZone', parameters('computeTimeZone'), 'type', 'Scheduled', 'useSessionHostLocalTime', true())), createObject('value', createObject()))]" + "agentUpdate": { + "value": {} + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -13289,8 +13273,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "649450619186273171" + "version": "0.21.1.54444", + "templateHash": "10470857386601832257" } }, "parameters": { @@ -13402,8 +13386,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -13439,14 +13423,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -13621,7 +13605,6 @@ "registrationTokenOperation": "Update" }, "vmTemplate": "[if(not(empty(parameters('vmTemplate'))), null(), string(parameters('vmTemplate')))]", - "agentUpdate": "[parameters('agentUpdate')]", "ring": "[if(not(equals(parameters('ring'), -1)), parameters('ring'), null())]", "ssoadfsAuthority": "[parameters('ssoadfsAuthority')]", "ssoClientId": "[parameters('ssoClientId')]", @@ -13694,8 +13677,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14279396732857224845" + "version": "0.21.1.54444", + "templateHash": "15758203474913146406" } }, "parameters": { @@ -13915,8 +13898,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16629665836116638883" + "version": "0.21.1.54444", + "templateHash": "2171521487477022833" } }, "parameters": { @@ -13974,8 +13957,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -14011,14 +13994,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -14181,8 +14164,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "6664287599840054041" + "version": "0.21.1.54444", + "templateHash": "11635969849932067949" } }, "parameters": { @@ -14220,14 +14203,14 @@ "commandLineSetting": { "type": "string", "defaultValue": "DoNotAllow", - "metadata": { - "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." - }, "allowedValues": [ "Allow", "DoNotAllow", "Require" - ] + ], + "metadata": { + "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." + } }, "commandLineArguments": { "type": "string", @@ -14359,8 +14342,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3347591711902057245" + "version": "0.21.1.54444", + "templateHash": "9771114878684828045" } }, "parameters": { @@ -14569,8 +14552,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12860422037075423458" + "version": "0.21.1.54444", + "templateHash": "2822002657983746088" } }, "parameters": { @@ -14611,8 +14594,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -14648,14 +14631,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -14811,8 +14794,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9797264344352680473" + "version": "0.21.1.54444", + "templateHash": "12071774351316031070" } }, "parameters": { @@ -15035,8 +15018,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10855178142469757598" + "version": "0.21.1.54444", + "templateHash": "17977254391325929741" } }, "parameters": { @@ -15078,12 +15061,12 @@ "hostPoolType": { "type": "string", "defaultValue": "Pooled", - "metadata": { - "description": "Optional. The type of hostpool where this scaling plan should be applied." - }, "allowedValues": [ "Pooled" - ] + ], + "metadata": { + "description": "Optional. The type of hostpool where this scaling plan should be applied." + } }, "exclusionTag": { "type": "string", @@ -15155,8 +15138,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -15316,8 +15299,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7819863254022282170" + "version": "0.21.1.54444", + "templateHash": "5284850760210698082" } }, "parameters": { @@ -15553,8 +15536,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14451756906747934165" + "version": "0.21.1.54444", + "templateHash": "18318447449709080836" } }, "parameters": { @@ -15665,6 +15648,10 @@ "id": "0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb", "name": "Storage File Data SMB Share Contributor" }, + "varDesktopVirtualizationVirtualMachineContributorRole": { + "id": "\ta959dbd1-f747-45e3-8ba6-dd80f235f97c", + "name": "Desktop Virtualization Virtual Machine Contributor" + }, "varDesktopVirtualizationPowerOnContributorRole": { "id": "489581de-a3bd-480d-9518-53dea7416b33", "name": "Desktop Virtualization Power On Contributor" @@ -15730,8 +15717,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15737913196788172522" + "version": "0.21.1.54444", + "templateHash": "7754983815852819350" } }, "parameters": { @@ -15752,14 +15739,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -15853,8 +15840,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "943002000979437913" + "version": "0.21.1.54444", + "templateHash": "5263933546195004806" } }, "parameters": { @@ -16046,8 +16033,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15737913196788172522" + "version": "0.21.1.54444", + "templateHash": "7754983815852819350" } }, "parameters": { @@ -16068,14 +16055,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -16169,8 +16156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "943002000979437913" + "version": "0.21.1.54444", + "templateHash": "5263933546195004806" } }, "parameters": { @@ -16374,8 +16361,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14509232230386518393" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -16516,14 +16503,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -16675,8 +16662,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -17255,8 +17242,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -17833,8 +17820,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -18417,8 +18404,588 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" + } + }, + "parameters": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity)." + } + }, + "resourceGroupName": { + "type": "string", + "defaultValue": "[resourceGroup().name]", + "metadata": { + "description": "Optional. Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment." + } + }, + "subscriptionId": { + "type": "string", + "defaultValue": "[subscription().subscriptionId]", + "metadata": { + "description": "Optional. Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment." + } + }, + "description": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. ID of the delegated managed identity resource." + } + }, + "condition": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to." + } + }, + "conditionVersion": { + "type": "string", + "defaultValue": "2.0", + "allowedValues": [ + "2.0" + ], + "metadata": { + "description": "Optional. Version of the condition. Currently accepted value is \"2.0\"." + } + }, + "principalType": { + "type": "string", + "defaultValue": "", + "allowedValues": [ + "ServicePrincipal", + "Group", + "User", + "ForeignGroup", + "Device", + "" + ], + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + } + }, + "variables": { + "builtInRoleNames": { + "Access Review Operator Service Role": "/providers/Microsoft.Authorization/roleDefinitions/76cc9ee4-d5d3-4a45-a930-26add3d73475", + "AcrDelete": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", + "AcrImageSigner": "/providers/Microsoft.Authorization/roleDefinitions/6cef56e8-d556-48e5-a04f-b8e64114680f", + "AcrPull": "/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d", + "AcrPush": "/providers/Microsoft.Authorization/roleDefinitions/8311e382-0749-4cb8-b61a-304f252e45ec", + "AcrQuarantineReader": "/providers/Microsoft.Authorization/roleDefinitions/cdda3590-29a3-44f6-95f2-9f980659eb04", + "AcrQuarantineWriter": "/providers/Microsoft.Authorization/roleDefinitions/c8d4ff99-41c3-41a8-9f60-21dfdad59608", + "AgFood Platform Sensor Partner Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6b77f0a0-0d89-41cc-acd1-579c22c17a67", + "AgFood Platform Service Admin": "/providers/Microsoft.Authorization/roleDefinitions/f8da80de-1ff9-4747-ad80-a19b7f6079e3", + "AgFood Platform Service Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8508508a-4469-4e45-963b-2518ee0bb728", + "AgFood Platform Service Reader": "/providers/Microsoft.Authorization/roleDefinitions/7ec7ccdc-f61e-41fe-9aaf-980df0a44eba", + "AnyBuild Builder": "/providers/Microsoft.Authorization/roleDefinitions/a2138dac-4907-4679-a376-736901ed8ad8", + "API Management Developer Portal Content Editor": "/providers/Microsoft.Authorization/roleDefinitions/c031e6a8-4391-4de0-8d69-4706a7ed3729", + "API Management Service Contributor": "/providers/Microsoft.Authorization/roleDefinitions/312a565d-c81f-4fd8-895a-4e21e48d571c", + "API Management Service Operator Role": "/providers/Microsoft.Authorization/roleDefinitions/e022efe7-f5ba-4159-bbe4-b44f577e9b61", + "API Management Service Reader Role": "/providers/Microsoft.Authorization/roleDefinitions/71522526-b88f-4d52-b57f-d31fc3546d0d", + "App Configuration Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/5ae67dd6-50cb-40e7-96ff-dc2bfa4b606b", + "App Configuration Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071", + "Application Group Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ca6382a4-1721-4bcf-a114-ff0c70227b6b", + "Application Insights Component Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ae349356-3a1b-4a5e-921d-050484c6347e", + "Application Insights Snapshot Debugger": "/providers/Microsoft.Authorization/roleDefinitions/08954f03-6346-4c2e-81c0-ec3a5cfae23b", + "Attestation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/bbf86eb8-f7b4-4cce-96e4-18cddf81d86e", + "Attestation Reader": "/providers/Microsoft.Authorization/roleDefinitions/fd1bd22b-8476-40bc-a0bc-69b95687b9f3", + "Automation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f353d9bd-d4a6-484e-a77a-8050b599b867", + "Automation Job Operator": "/providers/Microsoft.Authorization/roleDefinitions/4fe576fe-1146-4730-92eb-48519fa6bf9f", + "Automation Operator": "/providers/Microsoft.Authorization/roleDefinitions/d3881f73-407a-4167-8283-e981cbba0404", + "Automation Runbook Operator": "/providers/Microsoft.Authorization/roleDefinitions/5fb5aef8-1081-4b8e-bb16-9d5d0385bab5", + "Autonomous Development Platform Data Contributor (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/b8b15564-4fa6-4a59-ab12-03e1d9594795", + "Autonomous Development Platform Data Owner (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/27f8b550-c507-4db9-86f2-f4b8e816d59d", + "Autonomous Development Platform Data Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/d63b75f7-47ea-4f27-92ac-e0d173aaf093", + "Avere Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4f8fab4f-1852-4a58-a46a-8eaf358af14a", + "Avere Operator": "/providers/Microsoft.Authorization/roleDefinitions/c025889f-8102-4ebf-b32c-fc0c6f0c6bd9", + "Azure Arc Enabled Kubernetes Cluster User Role": "/providers/Microsoft.Authorization/roleDefinitions/00493d72-78f6-4148-b6c5-d3ce8e4799dd", + "Azure Arc Kubernetes Admin": "/providers/Microsoft.Authorization/roleDefinitions/dffb1e0c-446f-4dde-a09f-99eb5cc68b96", + "Azure Arc Kubernetes Cluster Admin": "/providers/Microsoft.Authorization/roleDefinitions/8393591c-06b9-48a2-a542-1bd6b377f6a2", + "Azure Arc Kubernetes Viewer": "/providers/Microsoft.Authorization/roleDefinitions/63f0a09d-1495-4db4-a681-037d84835eb4", + "Azure Arc Kubernetes Writer": "/providers/Microsoft.Authorization/roleDefinitions/5b999177-9696-4545-85c7-50de3797e5a1", + "Azure Arc ScVmm Administrator role": "/providers/Microsoft.Authorization/roleDefinitions/a92dfd61-77f9-4aec-a531-19858b406c87", + "Azure Arc ScVmm Private Cloud User": "/providers/Microsoft.Authorization/roleDefinitions/c0781e91-8102-4553-8951-97c6d4243cda", + "Azure Arc ScVmm Private Clouds Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/6aac74c4-6311-40d2-bbdd-7d01e7c6e3a9", + "Azure Arc ScVmm VM Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e582369a-e17b-42a5-b10c-874c387c530b", + "Azure Arc VMware Administrator role ": "/providers/Microsoft.Authorization/roleDefinitions/ddc140ed-e463-4246-9145-7c664192013f", + "Azure Arc VMware Private Cloud User": "/providers/Microsoft.Authorization/roleDefinitions/ce551c02-7c42-47e0-9deb-e3b6fc3a9a83", + "Azure Arc VMware Private Clouds Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/67d33e57-3129-45e6-bb0b-7cc522f762fa", + "Azure Arc VMware VM Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b748a06d-6150-4f8a-aaa9-ce3940cd96cb", + "Azure Center for SAP solutions administrator": "/providers/Microsoft.Authorization/roleDefinitions/7b0c7e81-271f-4c71-90bf-e30bdfdbc2f7", + "Azure Center for SAP solutions Management role": "/providers/Microsoft.Authorization/roleDefinitions/6d949e1d-41e2-46e3-8920-c6e4f31a8310", + "Azure Center for SAP solutions reader": "/providers/Microsoft.Authorization/roleDefinitions/05352d14-a920-4328-a0de-4cbe7430e26b", + "Azure Center for SAP solutions service role": "/providers/Microsoft.Authorization/roleDefinitions/aabbc5dd-1af0-458b-a942-81af88f9c138", + "Azure Center for SAP solutions Service role for management": "/providers/Microsoft.Authorization/roleDefinitions/0105a6b0-4bb9-43d2-982a-12806f9faddb", + "Azure Connected Machine Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/b64e21ea-ac4e-4cdf-9dc9-5b892992bee7", + "Azure Connected Machine Resource Administrator": "/providers/Microsoft.Authorization/roleDefinitions/cd570a14-e51a-42ad-bac8-bafd67325302", + "Azure Connected Machine Resource Manager": "/providers/Microsoft.Authorization/roleDefinitions/f5819b54-e033-4d82-ac66-4fec3cbf3f4c", + "Azure Connected SQL Server Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/e8113dce-c529-4d33-91fa-e9b972617508", + "Azure Digital Twins Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/bcd981a7-7f74-457b-83e1-cceb9e632ffe", + "Azure Digital Twins Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/d57506d4-4c8d-48b1-8587-93c323f6a5a3", + "Azure Event Hubs Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/f526a384-b230-433a-b45c-95f59c4a2dec", + "Azure Event Hubs Data Receiver": "/providers/Microsoft.Authorization/roleDefinitions/a638d3c7-ab3a-418d-83e6-5f17a39d4fde", + "Azure Event Hubs Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/2b629674-e913-4c01-ae53-ef4638d8f975", + "Azure Extension for SQL Server Deployment": "/providers/Microsoft.Authorization/roleDefinitions/7392c568-9289-4bde-aaaa-b7131215889d", + "Azure Front Door Domain Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0ab34830-df19-4f8c-b84e-aa85b8afa6e8", + "Azure Front Door Domain Reader": "/providers/Microsoft.Authorization/roleDefinitions/0f99d363-226e-4dca-9920-b807cf8e1a5f", + "Azure Front Door Secret Contributor": "/providers/Microsoft.Authorization/roleDefinitions/3f2eb865-5811-4578-b90a-6fc6fa0df8e5", + "Azure Front Door Secret Reader": "/providers/Microsoft.Authorization/roleDefinitions/0db238c4-885e-4c4f-a933-aa2cef684fca", + "Azure Kubernetes Fleet Manager Contributor Role": "/providers/Microsoft.Authorization/roleDefinitions/63bb64ad-9799-4770-b5c3-24ed299a07bf", + "Azure Kubernetes Fleet Manager RBAC Admin": "/providers/Microsoft.Authorization/roleDefinitions/434fb43a-c01c-447e-9f67-c3ad923cfaba", + "Azure Kubernetes Fleet Manager RBAC Cluster Admin": "/providers/Microsoft.Authorization/roleDefinitions/18ab4d3d-a1bf-4477-8ad9-8359bc988f69", + "Azure Kubernetes Fleet Manager RBAC Reader": "/providers/Microsoft.Authorization/roleDefinitions/30b27cfc-9c84-438e-b0ce-70e35255df80", + "Azure Kubernetes Fleet Manager RBAC Writer": "/providers/Microsoft.Authorization/roleDefinitions/5af6afb3-c06c-4fa4-8848-71a8aee05683", + "Azure Kubernetes Service Cluster Admin Role": "/providers/Microsoft.Authorization/roleDefinitions/0ab0b1a8-8aac-4efd-b8c2-3ee1fb270be8", + "Azure Kubernetes Service Cluster Monitoring User": "/providers/Microsoft.Authorization/roleDefinitions/1afdec4b-e479-420e-99e7-f82237c7c5e6", + "Azure Kubernetes Service Cluster User Role": "/providers/Microsoft.Authorization/roleDefinitions/4abbcc35-e782-43d8-92c5-2d3f1bd2253f", + "Azure Kubernetes Service Contributor Role": "/providers/Microsoft.Authorization/roleDefinitions/ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8", + "Azure Kubernetes Service Policy Add-on Deployment": "/providers/Microsoft.Authorization/roleDefinitions/18ed5180-3e48-46fd-8541-4ea054d57064", + "Azure Kubernetes Service RBAC Admin": "/providers/Microsoft.Authorization/roleDefinitions/3498e952-d568-435e-9b2c-8d77e338d7f7", + "Azure Kubernetes Service RBAC Cluster Admin": "/providers/Microsoft.Authorization/roleDefinitions/b1ff04bb-8a4e-4dc4-8eb5-8693973ce19b", + "Azure Kubernetes Service RBAC Reader": "/providers/Microsoft.Authorization/roleDefinitions/7f6c6a51-bcf8-42ba-9220-52d62157d7db", + "Azure Kubernetes Service RBAC Writer": "/providers/Microsoft.Authorization/roleDefinitions/a7ffa36f-339b-4b5c-8bdf-e2c188b2c0eb", + "Azure Maps Contributor": "/providers/Microsoft.Authorization/roleDefinitions/dba33070-676a-4fb0-87fa-064dc56ff7fb", + "Azure Maps Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8f5e0ce6-4f7b-4dcf-bddf-e6f48634a204", + "Azure Maps Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/423170ca-a8f6-4b0f-8487-9e4eb8f49bfa", + "Azure Maps Search and Render Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/6be48352-4f82-47c9-ad5e-0acacefdb005", + "Azure Relay Listener": "/providers/Microsoft.Authorization/roleDefinitions/26e0b698-aa6d-4085-9386-aadae190014d", + "Azure Relay Owner": "/providers/Microsoft.Authorization/roleDefinitions/2787bf04-f1f5-4bfe-8383-c8a24483ee38", + "Azure Relay Sender": "/providers/Microsoft.Authorization/roleDefinitions/26baccc8-eea7-41f1-98f4-1762cc7f685d", + "Azure Service Bus Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/090c5cfd-751d-490a-894a-3ce6f1109419", + "Azure Service Bus Data Receiver": "/providers/Microsoft.Authorization/roleDefinitions/4f6d3b9b-027b-4f4c-9142-0e5a2a2247e0", + "Azure Service Bus Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/69a216fc-b8fb-44d8-bc22-1f3c2cd27a39", + "Azure Spring Apps Connect Role": "/providers/Microsoft.Authorization/roleDefinitions/80558df3-64f9-4c0f-b32d-e5094b036b0b", + "Azure Spring Apps Remote Debugging Role": "/providers/Microsoft.Authorization/roleDefinitions/a99b0159-1064-4c22-a57b-c9b3caa1c054", + "Azure Spring Cloud Config Server Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a06f5c24-21a7-4e1a-aa2b-f19eb6684f5b", + "Azure Spring Cloud Config Server Reader": "/providers/Microsoft.Authorization/roleDefinitions/d04c6db6-4947-4782-9e91-30a88feb7be7", + "Azure Spring Cloud Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/b5537268-8956-4941-a8f0-646150406f0c", + "Azure Spring Cloud Service Registry Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f5880b48-c26d-48be-b172-7927bfa1c8f1", + "Azure Spring Cloud Service Registry Reader": "/providers/Microsoft.Authorization/roleDefinitions/cff1b556-2399-4e7e-856d-a8f754be7b65", + "Azure Stack HCI registration role": "/providers/Microsoft.Authorization/roleDefinitions/bda0d508-adf1-4af0-9c28-88919fc3ae06", + "Azure Stack Registration Owner": "/providers/Microsoft.Authorization/roleDefinitions/6f12a6df-dd06-4f3e-bcb1-ce8be600526a", + "Azure Traffic Controller Configuration Manager": "/providers/Microsoft.Authorization/roleDefinitions/fbc52c3f-28ad-4303-a892-8a056630b8f1", + "Azure Usage Billing Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/f0310ce6-e953-4cf8-b892-fb1c87eaf7f6", + "Azure VM Managed identities restore Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6ae96244-5829-4925-a7d3-5975537d91dd", + "AzureML Compute Operator": "/providers/Microsoft.Authorization/roleDefinitions/e503ece1-11d0-4e8e-8e2c-7a6c3bf38815", + "AzureML Data Scientist": "/providers/Microsoft.Authorization/roleDefinitions/f6c7c914-8db3-469d-8ca1-694a8f32e121", + "AzureML Metrics Writer (preview)": "/providers/Microsoft.Authorization/roleDefinitions/635dd51f-9968-44d3-b7fb-6d9a6bd613ae", + "AzureML Registry User": "/providers/Microsoft.Authorization/roleDefinitions/1823dd4f-9b8c-4ab6-ab4e-7397a3684615", + "Backup Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5e467623-bb1f-42f4-a55d-6e525e11384b", + "Backup Operator": "/providers/Microsoft.Authorization/roleDefinitions/00c29273-979b-4161-815c-10b084fb9324", + "Backup Reader": "/providers/Microsoft.Authorization/roleDefinitions/a795c7a0-d4a2-40c1-ae25-d81f01202912", + "Bayer Ag Powered Services CWUM Solution User Role": "/providers/Microsoft.Authorization/roleDefinitions/a9b99099-ead7-47db-8fcf-072597a61dfa", + "Bayer Ag Powered Services GDU Solution": "/providers/Microsoft.Authorization/roleDefinitions/c4bc862a-3b64-4a35-a021-a380c159b042", + "Bayer Ag Powered Services Imagery Solution": "/providers/Microsoft.Authorization/roleDefinitions/ef29765d-0d37-4119-a4f8-f9f9902c9588", + "Billing Reader": "/providers/Microsoft.Authorization/roleDefinitions/fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64", + "BizTalk Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5e3c6656-6cfa-4708-81fe-0de47ac73342", + "Blockchain Member Node Access (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/31a002a1-acaf-453e-8a5b-297c9ca1ea24", + "Blueprint Contributor": "/providers/Microsoft.Authorization/roleDefinitions/41077137-e803-4205-871c-5a86e6a753b4", + "Blueprint Operator": "/providers/Microsoft.Authorization/roleDefinitions/437d2ced-4a38-4302-8479-ed2bcb43d090", + "CDN Endpoint Contributor": "/providers/Microsoft.Authorization/roleDefinitions/426e0c7f-0c7e-4658-b36f-ff54d6c29b45", + "CDN Endpoint Reader": "/providers/Microsoft.Authorization/roleDefinitions/871e35f6-b5c1-49cc-a043-bde969a0f2cd", + "CDN Profile Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ec156ff8-a8d1-4d15-830c-5b80698ca432", + "CDN Profile Reader": "/providers/Microsoft.Authorization/roleDefinitions/8f96442b-4075-438f-813d-ad51ab4019af", + "Chamber Admin": "/providers/Microsoft.Authorization/roleDefinitions/4e9b8407-af2e-495b-ae54-bb60a55b1b5a", + "Chamber User": "/providers/Microsoft.Authorization/roleDefinitions/4447db05-44ed-4da3-ae60-6cbece780e32", + "Classic Network Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b34d265f-36f7-4a0d-a4d4-e158ca92e90f", + "Classic Storage Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/86e8f5dc-a6e9-4c67-9d15-de283e8eac25", + "Classic Storage Account Key Operator Service Role": "/providers/Microsoft.Authorization/roleDefinitions/985d6b00-f706-48f5-a6fe-d0ca12fb668d", + "Classic Virtual Machine Contributor": "/providers/Microsoft.Authorization/roleDefinitions/d73bb868-a0df-4d4d-bd69-98a00b01fccb", + "ClearDB MySQL DB Contributor": "/providers/Microsoft.Authorization/roleDefinitions/9106cda0-8a86-4e81-b686-29a22c54effe", + "Code Signing Certificate Profile Signer": "/providers/Microsoft.Authorization/roleDefinitions/2837e146-70d7-4cfd-ad55-7efa6464f958", + "Code Signing Identity Verifier": "/providers/Microsoft.Authorization/roleDefinitions/4339b7cf-9826-4e41-b4ed-c7f4505dac08", + "Cognitive Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/25fbc0a9-bd7c-42a3-aa1a-3b75d497ee68", + "Cognitive Services Custom Vision Contributor": "/providers/Microsoft.Authorization/roleDefinitions/c1ff6cc2-c111-46fe-8896-e0ef812ad9f3", + "Cognitive Services Custom Vision Deployment": "/providers/Microsoft.Authorization/roleDefinitions/5c4089e1-6d96-4d2f-b296-c1bc7137275f", + "Cognitive Services Custom Vision Labeler": "/providers/Microsoft.Authorization/roleDefinitions/88424f51-ebe7-446f-bc41-7fa16989e96c", + "Cognitive Services Custom Vision Reader": "/providers/Microsoft.Authorization/roleDefinitions/93586559-c37d-4a6b-ba08-b9f0940c2d73", + "Cognitive Services Custom Vision Trainer": "/providers/Microsoft.Authorization/roleDefinitions/0a5ae4ab-0d65-4eeb-be61-29fc9b54394b", + "Cognitive Services Data Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/b59867f0-fa02-499b-be73-45a86b5b3e1c", + "Cognitive Services Face Recognizer": "/providers/Microsoft.Authorization/roleDefinitions/9894cab4-e18a-44aa-828b-cb588cd6f2d7", + "Cognitive Services Immersive Reader User": "/providers/Microsoft.Authorization/roleDefinitions/b2de6794-95db-4659-8781-7e080d3f2b9d", + "Cognitive Services Language Owner": "/providers/Microsoft.Authorization/roleDefinitions/f07febfe-79bc-46b1-8b37-790e26e6e498", + "Cognitive Services Language Reader": "/providers/Microsoft.Authorization/roleDefinitions/7628b7b8-a8b2-4cdc-b46f-e9b35248918e", + "Cognitive Services Language Writer": "/providers/Microsoft.Authorization/roleDefinitions/f2310ca1-dc64-4889-bb49-c8e0fa3d47a8", + "Cognitive Services LUIS Owner": "/providers/Microsoft.Authorization/roleDefinitions/f72c8140-2111-481c-87ff-72b910f6e3f8", + "Cognitive Services LUIS Reader": "/providers/Microsoft.Authorization/roleDefinitions/18e81cdc-4e98-4e29-a639-e7d10c5a6226", + "Cognitive Services LUIS Writer": "/providers/Microsoft.Authorization/roleDefinitions/6322a993-d5c9-4bed-b113-e49bbea25b27", + "Cognitive Services Metrics Advisor Administrator": "/providers/Microsoft.Authorization/roleDefinitions/cb43c632-a144-4ec5-977c-e80c4affc34a", + "Cognitive Services Metrics Advisor User": "/providers/Microsoft.Authorization/roleDefinitions/3b20f47b-3825-43cb-8114-4bd2201156a8", + "Cognitive Services OpenAI Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a001fd3d-188f-4b5d-821b-7da978bf7442", + "Cognitive Services OpenAI User": "/providers/Microsoft.Authorization/roleDefinitions/5e0bd9bd-7b93-4f28-af87-19fc36ad61bd", + "Cognitive Services QnA Maker Editor": "/providers/Microsoft.Authorization/roleDefinitions/f4cc2bf9-21be-47a1-bdf1-5c5804381025", + "Cognitive Services QnA Maker Reader": "/providers/Microsoft.Authorization/roleDefinitions/466ccd10-b268-4a11-b098-b4849f024126", + "Cognitive Services Speech Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0e75ca1e-0464-4b4d-8b93-68208a576181", + "Cognitive Services Speech User": "/providers/Microsoft.Authorization/roleDefinitions/f2dc8367-1007-4938-bd23-fe263f013447", + "Cognitive Services User": "/providers/Microsoft.Authorization/roleDefinitions/a97b65f3-24c7-4388-baec-2e87135dc908", + "Collaborative Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/daa9e50b-21df-454c-94a6-a8050adab352", + "Collaborative Runtime Operator": "/providers/Microsoft.Authorization/roleDefinitions/7a6f0e70-c033-4fb1-828c-08514e5f4102", + "Compute Gallery Sharing Admin": "/providers/Microsoft.Authorization/roleDefinitions/1ef6a3be-d0ac-425d-8c01-acb62866290b", + "ContainerApp Reader": "/providers/Microsoft.Authorization/roleDefinitions/ad2dd5fb-cd4b-4fd4-a9b6-4fed3630980b", + "Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c", + "Cosmos DB Account Reader Role": "/providers/Microsoft.Authorization/roleDefinitions/fbdf93bf-df7d-467e-a4d2-9458aa1360c8", + "Cosmos DB Operator": "/providers/Microsoft.Authorization/roleDefinitions/230815da-be43-4aae-9cb4-875f7bd000aa", + "CosmosBackupOperator": "/providers/Microsoft.Authorization/roleDefinitions/db7b14f2-5adf-42da-9f96-f2ee17bab5cb", + "CosmosRestoreOperator": "/providers/Microsoft.Authorization/roleDefinitions/5432c526-bc82-444a-b7ba-57c5b0b5b34f", + "Cost Management Contributor": "/providers/Microsoft.Authorization/roleDefinitions/434105ed-43f6-45c7-a02f-909b2ba83430", + "Cost Management Reader": "/providers/Microsoft.Authorization/roleDefinitions/72fafb9e-0641-4937-9268-a91bfd8191a3", + "Data Box Contributor": "/providers/Microsoft.Authorization/roleDefinitions/add466c9-e687-43fc-8d98-dfcf8d720be5", + "Data Box Reader": "/providers/Microsoft.Authorization/roleDefinitions/028f4ed7-e2a9-465e-a8f4-9c0ffdfdc027", + "Data Factory Contributor": "/providers/Microsoft.Authorization/roleDefinitions/673868aa-7521-48a0-acc6-0f60742d39f5", + "Data Labeling - Labeler": "/providers/Microsoft.Authorization/roleDefinitions/c6decf44-fd0a-444c-a844-d653c394e7ab", + "Data Lake Analytics Developer": "/providers/Microsoft.Authorization/roleDefinitions/47b7735b-770e-4598-a7da-8b91488b4c88", + "Data Operator for Managed Disks": "/providers/Microsoft.Authorization/roleDefinitions/959f8984-c045-4866-89c7-12bf9737be2e", + "Data Purger": "/providers/Microsoft.Authorization/roleDefinitions/150f5e0c-0603-4f03-8c7f-cf70034c4e90", + "Deployment Environments User": "/providers/Microsoft.Authorization/roleDefinitions/18e40d4e-8d2e-438d-97e1-9528336e149c", + "Desktop Virtualization Application Group Contributor": "/providers/Microsoft.Authorization/roleDefinitions/86240b0e-9422-4c43-887b-b61143f32ba8", + "Desktop Virtualization Application Group Reader": "/providers/Microsoft.Authorization/roleDefinitions/aebf23d0-b568-4e86-b8f9-fe83a2c6ab55", + "Desktop Virtualization Contributor": "/providers/Microsoft.Authorization/roleDefinitions/082f0a83-3be5-4ba1-904c-961cca79b387", + "Desktop Virtualization Host Pool Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e307426c-f9b6-4e81-87de-d99efb3c32bc", + "Desktop Virtualization Host Pool Reader": "/providers/Microsoft.Authorization/roleDefinitions/ceadfde2-b300-400a-ab7b-6143895aa822", + "Desktop Virtualization Power On Contributor": "/providers/Microsoft.Authorization/roleDefinitions/489581de-a3bd-480d-9518-53dea7416b33", + "Desktop Virtualization Power On Off Contributor": "/providers/Microsoft.Authorization/roleDefinitions/40c5ff49-9181-41f8-ae61-143b0e78555e", + "Desktop Virtualization Reader": "/providers/Microsoft.Authorization/roleDefinitions/49a72310-ab8d-41df-bbb0-79b649203868", + "Desktop Virtualization Session Host Operator": "/providers/Microsoft.Authorization/roleDefinitions/2ad6aaab-ead9-4eaa-8ac5-da422f562408", + "Desktop Virtualization User": "/providers/Microsoft.Authorization/roleDefinitions/1d18fff3-a72a-46b5-b4a9-0b38a3cd7e63", + "Desktop Virtualization User Session Operator": "/providers/Microsoft.Authorization/roleDefinitions/ea4bfff8-7fb4-485a-aadd-d4129a0ffaa6", + "Desktop Virtualization Virtual Machine Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a959dbd1-f747-45e3-8ba6-dd80f235f97c", + "Desktop Virtualization Workspace Contributor": "/providers/Microsoft.Authorization/roleDefinitions/21efdde3-836f-432b-bf3d-3e8e734d4b2b", + "Desktop Virtualization Workspace Reader": "/providers/Microsoft.Authorization/roleDefinitions/0fa44ee9-7a7d-466b-9bb2-2bf446b1204d", + "DevCenter Dev Box User": "/providers/Microsoft.Authorization/roleDefinitions/45d50f46-0b78-4001-a660-4198cbe8cd05", + "DevCenter Project Admin": "/providers/Microsoft.Authorization/roleDefinitions/331c37c6-af14-46d9-b9f4-e1909e1b95a0", + "Device Provisioning Service Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/dfce44e4-17b7-4bd1-a6d1-04996ec95633", + "Device Provisioning Service Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/10745317-c249-44a1-a5ce-3a4353c0bbd8", + "Device Update Administrator": "/providers/Microsoft.Authorization/roleDefinitions/02ca0879-e8e4-47a5-a61e-5c618b76e64a", + "Device Update Content Administrator": "/providers/Microsoft.Authorization/roleDefinitions/0378884a-3af5-44ab-8323-f5b22f9f3c98", + "Device Update Content Reader": "/providers/Microsoft.Authorization/roleDefinitions/d1ee9a80-8b14-47f0-bdc2-f4a351625a7b", + "Device Update Deployments Administrator": "/providers/Microsoft.Authorization/roleDefinitions/e4237640-0e3d-4a46-8fda-70bc94856432", + "Device Update Deployments Reader": "/providers/Microsoft.Authorization/roleDefinitions/49e2f5d2-7741-4835-8efa-19e1fe35e47f", + "Device Update Reader": "/providers/Microsoft.Authorization/roleDefinitions/e9dba6fb-3d52-4cf0-bce3-f06ce71b9e0f", + "DevTest Labs User": "/providers/Microsoft.Authorization/roleDefinitions/76283e04-6283-4c54-8f91-bcf1374a3c64", + "DICOM Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/58a3b984-7adf-4c20-983a-32417c86fbc8", + "DICOM Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/e89c7a3c-2f64-4fa1-a847-3e4c9ba4283a", + "Disk Backup Reader": "/providers/Microsoft.Authorization/roleDefinitions/3e5e47e6-65f7-47ef-90b5-e5dd4d455f24", + "Disk Pool Operator": "/providers/Microsoft.Authorization/roleDefinitions/60fc6e62-5479-42d4-8bf4-67625fcc2840", + "Disk Restore Operator": "/providers/Microsoft.Authorization/roleDefinitions/b50d9833-a0cb-478e-945f-707fcc997c13", + "Disk Snapshot Contributor": "/providers/Microsoft.Authorization/roleDefinitions/7efff54f-a5b4-42b5-a1c5-5411624893ce", + "DNS Resolver Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0f2ebee7-ffd4-4fc0-b3b7-664099fdad5d", + "DNS Zone Contributor": "/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314", + "DocumentDB Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5bd9cd88-fe45-4216-938b-f97437e15450", + "Domain Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/eeaeda52-9324-47f6-8069-5d5bade478b2", + "Domain Services Reader": "/providers/Microsoft.Authorization/roleDefinitions/361898ef-9ed1-48c2-849c-a832951106bb", + "Elastic SAN Owner": "/providers/Microsoft.Authorization/roleDefinitions/80dcbedb-47ef-405d-95bd-188a1b4ac406", + "Elastic SAN Reader": "/providers/Microsoft.Authorization/roleDefinitions/af6a70f8-3c9f-4105-acf1-d719e9fca4ca", + "Elastic SAN Volume Group Owner": "/providers/Microsoft.Authorization/roleDefinitions/a8281131-f312-4f34-8d98-ae12be9f0d23", + "EventGrid Contributor": "/providers/Microsoft.Authorization/roleDefinitions/1e241071-0855-49ea-94dc-649edcd759de", + "EventGrid Data Sender": "/providers/Microsoft.Authorization/roleDefinitions/d5a91429-5739-47e2-a06b-3470a27159e7", + "EventGrid EventSubscription Contributor": "/providers/Microsoft.Authorization/roleDefinitions/428e0ff0-5e57-4d9c-a221-2c70d0e0a443", + "EventGrid EventSubscription Reader": "/providers/Microsoft.Authorization/roleDefinitions/2414bbcf-6497-4faf-8c65-045460748405", + "Experimentation Administrator": "/providers/Microsoft.Authorization/roleDefinitions/7f646f1b-fa08-80eb-a33b-edd6ce5c915c", + "Experimentation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/7f646f1b-fa08-80eb-a22b-edd6ce5c915c", + "Experimentation Metric Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6188b7c9-7d01-4f99-a59f-c88b630326c0", + "Experimentation Reader": "/providers/Microsoft.Authorization/roleDefinitions/49632ef5-d9ac-41f4-b8e7-bbe587fa74a1", + "FHIR Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5a1fc7df-4bf1-4951-a576-89034ee01acd", + "FHIR Data Converter": "/providers/Microsoft.Authorization/roleDefinitions/a1705bd2-3a8f-45a5-8683-466fcfd5cc24", + "FHIR Data Exporter": "/providers/Microsoft.Authorization/roleDefinitions/3db33094-8700-4567-8da5-1501d4e7e843", + "FHIR Data Importer": "/providers/Microsoft.Authorization/roleDefinitions/4465e953-8ced-4406-a58e-0f6e3f3b530b", + "FHIR Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/4c8d0bbc-75d3-4935-991f-5f3c56d81508", + "FHIR Data Writer": "/providers/Microsoft.Authorization/roleDefinitions/3f88fce4-5892-4214-ae73-ba5294559913", + "FHIR SMART User": "/providers/Microsoft.Authorization/roleDefinitions/4ba50f17-9666-485c-a643-ff00808643f0", + "Grafana Admin": "/providers/Microsoft.Authorization/roleDefinitions/22926164-76b3-42b3-bc55-97df8dab3e41", + "Grafana Editor": "/providers/Microsoft.Authorization/roleDefinitions/a79a5197-3a5c-4973-a920-486035ffd60f", + "Grafana Viewer": "/providers/Microsoft.Authorization/roleDefinitions/60921a7e-fef1-4a43-9b16-a26c52ad4769", + "Graph Owner": "/providers/Microsoft.Authorization/roleDefinitions/b60367af-1334-4454-b71e-769d9a4f83d9", + "Guest Configuration Resource Contributor": "/providers/Microsoft.Authorization/roleDefinitions/088ab73d-1256-47ae-bea9-9de8e7131f31", + "HDInsight Cluster Operator": "/providers/Microsoft.Authorization/roleDefinitions/61ed4efc-fab3-44fd-b111-e24485cc132a", + "HDInsight Domain Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8d8d5a11-05d3-4bda-a417-a08778121c7c", + "Hierarchy Settings Administrator": "/providers/Microsoft.Authorization/roleDefinitions/350f8d15-c687-4448-8ae1-157740a3936d", + "Hybrid Server Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/5d1e5ee4-7c68-4a71-ac8b-0739630a3dfb", + "Hybrid Server Resource Administrator": "/providers/Microsoft.Authorization/roleDefinitions/48b40c6e-82e0-4eb3-90d5-19e40f49b624", + "Impact Reader": "/providers/Microsoft.Authorization/roleDefinitions/68ff5d27-c7f5-4fa9-a21c-785d0df7bd9e", + "Impact Reporter": "/providers/Microsoft.Authorization/roleDefinitions/36e80216-a7e8-4f42-a7e1-f12c98cbaf8a", + "Integration Service Environment Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a41e2c5b-bd99-4a07-88f4-9bf657a760b8", + "Integration Service Environment Developer": "/providers/Microsoft.Authorization/roleDefinitions/c7aa55d3-1abb-444a-a5ca-5e51e485d6ec", + "Intelligent Systems Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/03a6d094-3444-4b3d-88af-7477090a9e5e", + "IoT Hub Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4fc6c259-987e-4a07-842e-c321cc9d413f", + "IoT Hub Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/b447c946-2db7-41ec-983d-d8bf3b1c77e3", + "IoT Hub Registry Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4ea46cd5-c1b2-4a8e-910b-273211f9ce47", + "IoT Hub Twin Contributor": "/providers/Microsoft.Authorization/roleDefinitions/494bdba2-168f-4f31-a0a1-191d2f7c028c", + "Key Vault Administrator": "/providers/Microsoft.Authorization/roleDefinitions/00482a5a-887f-4fb3-b363-3b7fe8e74483", + "Key Vault Certificates Officer": "/providers/Microsoft.Authorization/roleDefinitions/a4417e6f-fecd-4de8-b567-7b0420556985", + "Key Vault Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f25e0fa2-a7c8-4377-a976-54943a77a395", + "Key Vault Crypto Officer": "/providers/Microsoft.Authorization/roleDefinitions/14b46e9e-c2b7-41b4-b07b-48a6ebf60603", + "Key Vault Crypto Service Encryption User": "/providers/Microsoft.Authorization/roleDefinitions/e147488a-f6f5-4113-8e2d-b22465e65bf6", + "Key Vault Crypto User": "/providers/Microsoft.Authorization/roleDefinitions/12338af0-0e69-4776-bea7-57ae8d297424", + "Key Vault Reader": "/providers/Microsoft.Authorization/roleDefinitions/21090545-7ca7-4776-b22c-e363652d74d2", + "Key Vault Secrets Officer": "/providers/Microsoft.Authorization/roleDefinitions/b86a8fe4-44ce-4948-aee5-eccb2c155cd7", + "Key Vault Secrets User": "/providers/Microsoft.Authorization/roleDefinitions/4633458b-17de-408a-b874-0445c86b69e6", + "Knowledge Consumer": "/providers/Microsoft.Authorization/roleDefinitions/ee361c5d-f7b5-4119-b4b6-892157c8f64c", + "Kubernetes Agentless Operator": "/providers/Microsoft.Authorization/roleDefinitions/d5a2ae44-610b-4500-93be-660a0c5f5ca6", + "Kubernetes Cluster - Azure Arc Onboarding": "/providers/Microsoft.Authorization/roleDefinitions/34e09817-6cbe-4d01-b1a2-e0eac5743d41", + "Kubernetes Extension Contributor": "/providers/Microsoft.Authorization/roleDefinitions/85cb6faf-e071-4c9b-8136-154b5a04f717", + "Kubernetes Namespace User": "/providers/Microsoft.Authorization/roleDefinitions/ba79058c-0414-4a34-9e42-c3399d80cd5a", + "Lab Assistant": "/providers/Microsoft.Authorization/roleDefinitions/ce40b423-cede-4313-a93f-9b28290b72e1", + "Lab Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5daaa2af-1fe8-407c-9122-bba179798270", + "Lab Creator": "/providers/Microsoft.Authorization/roleDefinitions/b97fb8bc-a8b2-4522-a38b-dd33c7e65ead", + "Lab Operator": "/providers/Microsoft.Authorization/roleDefinitions/a36e6959-b6be-4b12-8e9f-ef4b474d304d", + "Lab Services Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f69b8690-cc87-41d6-b77a-a4bc3c0a966f", + "Lab Services Reader": "/providers/Microsoft.Authorization/roleDefinitions/2a5c394f-5eb7-4d4f-9c8e-e8eae39faebc", + "Load Test Contributor": "/providers/Microsoft.Authorization/roleDefinitions/749a398d-560b-491b-bb21-08924219302e", + "Load Test Owner": "/providers/Microsoft.Authorization/roleDefinitions/45bb0b16-2f0c-4e78-afaa-a07599b003f6", + "Load Test Reader": "/providers/Microsoft.Authorization/roleDefinitions/3ae3fb29-0000-4ccd-bf80-542e7b26e081", + "LocalNGFirewallAdministrator role": "/providers/Microsoft.Authorization/roleDefinitions/a8835c7d-b5cb-47fa-b6f0-65ea10ce07a2", + "LocalRulestacksAdministrator role": "/providers/Microsoft.Authorization/roleDefinitions/bfc3b73d-c6ff-45eb-9a5f-40298295bf20", + "Log Analytics Contributor": "/providers/Microsoft.Authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293", + "Log Analytics Reader": "/providers/Microsoft.Authorization/roleDefinitions/73c42c96-874c-492b-b04d-ab87d138a893", + "Logic App Contributor": "/providers/Microsoft.Authorization/roleDefinitions/87a39d53-fc1b-424a-814c-f7e04687dc9e", + "Logic App Operator": "/providers/Microsoft.Authorization/roleDefinitions/515c2055-d9d4-4321-b1b9-bd0c9a0f79fe", + "Managed Application Contributor Role": "/providers/Microsoft.Authorization/roleDefinitions/641177b8-a67a-45b9-a033-47bc880bb21e", + "Managed Application Operator Role": "/providers/Microsoft.Authorization/roleDefinitions/c7393b34-138c-406f-901b-d8cf2b17e6ae", + "Managed Applications Reader": "/providers/Microsoft.Authorization/roleDefinitions/b9331d33-8a36-4f8c-b097-4f54124fdb44", + "Managed HSM contributor": "/providers/Microsoft.Authorization/roleDefinitions/18500a29-7fe2-46b2-a342-b16a415e101d", + "Managed Identity Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e40ec5ca-96e0-45a2-b4ff-59039f2c2b59", + "Managed Identity Operator": "/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830", + "Managed Services Registration assignment Delete Role": "/providers/Microsoft.Authorization/roleDefinitions/91c1777a-f3dc-4fae-b103-61d183457e46", + "Management Group Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5d58bcaf-24a5-4b20-bdb6-eed9f69fbe4c", + "Management Group Reader": "/providers/Microsoft.Authorization/roleDefinitions/ac63b705-f282-497d-ac71-919bf39d939d", + "Media Services Account Administrator": "/providers/Microsoft.Authorization/roleDefinitions/054126f8-9a2b-4f1c-a9ad-eca461f08466", + "Media Services Live Events Administrator": "/providers/Microsoft.Authorization/roleDefinitions/532bc159-b25e-42c0-969e-a1d439f60d77", + "Media Services Media Operator": "/providers/Microsoft.Authorization/roleDefinitions/e4395492-1534-4db2-bedf-88c14621589c", + "Media Services Policy Administrator": "/providers/Microsoft.Authorization/roleDefinitions/c4bba371-dacd-4a26-b320-7250bca963ae", + "Media Services Streaming Endpoints Administrator": "/providers/Microsoft.Authorization/roleDefinitions/99dba123-b5fe-44d5-874c-ced7199a5804", + "Microsoft Sentinel Automation Contributor": "/providers/Microsoft.Authorization/roleDefinitions/f4c81013-99ee-4d62-a7ee-b3f1f648599a", + "Microsoft Sentinel Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ab8e14d6-4a74-4a29-9ba8-549422addade", + "Microsoft Sentinel Playbook Operator": "/providers/Microsoft.Authorization/roleDefinitions/51d6186e-6489-4900-b93f-92e23144cca5", + "Microsoft Sentinel Reader": "/providers/Microsoft.Authorization/roleDefinitions/8d289c81-5878-46d4-8554-54e1e3d8b5cb", + "Microsoft Sentinel Responder": "/providers/Microsoft.Authorization/roleDefinitions/3e150937-b8fe-4cfb-8069-0eaf05ecd056", + "Microsoft.Kubernetes connected cluster role": "/providers/Microsoft.Authorization/roleDefinitions/5548b2cf-c94c-4228-90ba-30851930a12f", + "Monitoring Contributor": "/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa", + "Monitoring Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/b0d8363b-8ddd-447d-831f-62ca05bff136", + "Monitoring Metrics Publisher": "/providers/Microsoft.Authorization/roleDefinitions/3913510d-42f4-4e42-8a64-420c390055eb", + "Monitoring Reader": "/providers/Microsoft.Authorization/roleDefinitions/43d0d8ad-25c7-4714-9337-8ba259a9fe05", + "MySQL Backup And Export Operator": "/providers/Microsoft.Authorization/roleDefinitions/d18ad5f3-1baf-4119-b49b-d944edb1f9d0", + "Network Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7", + "New Relic APM Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/5d28c62d-5b37-4476-8438-e587778df237", + "Object Anchors Account Owner": "/providers/Microsoft.Authorization/roleDefinitions/ca0835dd-bacc-42dd-8ed2-ed5e7230d15b", + "Object Anchors Account Reader": "/providers/Microsoft.Authorization/roleDefinitions/4a167cdf-cb95-4554-9203-2347fe489bd9", + "Object Understanding Account Owner": "/providers/Microsoft.Authorization/roleDefinitions/4dd61c23-6743-42fe-a388-d8bdd41cb745", + "Object Understanding Account Reader": "/providers/Microsoft.Authorization/roleDefinitions/d18777c0-1514-4662-8490-608db7d334b6", + "Owner": "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635", + "PlayFab Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0c8b84dc-067c-4039-9615-fa1a4b77c726", + "PlayFab Reader": "/providers/Microsoft.Authorization/roleDefinitions/a9a19cc5-31f4-447c-901f-56c0bb18fcaf", + "Policy Insights Data Writer (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/66bb4e9e-b016-4a94-8249-4c0511c2be84", + "Private DNS Zone Contributor": "/providers/Microsoft.Authorization/roleDefinitions/b12aa53e-6015-4669-85d0-8515ebb3ae7f", + "Project Babylon Data Curator": "/providers/Microsoft.Authorization/roleDefinitions/9ef4ef9c-a049-46b0-82ab-dd8ac094c889", + "Project Babylon Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/c8d896ba-346d-4f50-bc1d-7d1c84130446", + "Project Babylon Data Source Administrator": "/providers/Microsoft.Authorization/roleDefinitions/05b7651b-dc44-475e-b74d-df3db49fae0f", + "Purview role 1 (Deprecated)": "/providers/Microsoft.Authorization/roleDefinitions/8a3c2885-9b38-4fd2-9d99-91af537c1347", + "Purview role 2 (Deprecated)": "/providers/Microsoft.Authorization/roleDefinitions/200bba9e-f0c8-430f-892b-6f0794863803", + "Purview role 3 (Deprecated)": "/providers/Microsoft.Authorization/roleDefinitions/ff100721-1b9d-43d8-af52-42b69c1272db", + "Quota Request Operator": "/providers/Microsoft.Authorization/roleDefinitions/0e5f05e5-9ab9-446b-b98d-1e2157c94125", + "Reader": "/providers/Microsoft.Authorization/roleDefinitions/acdd72a7-3385-48ef-bd42-f606fba81ae7", + "Reader and Data Access": "/providers/Microsoft.Authorization/roleDefinitions/c12c1c16-33a1-487b-954d-41c89c60f349", + "Redis Cache Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e0f68234-74aa-48ed-b826-c38b57376e17", + "Remote Rendering Administrator": "/providers/Microsoft.Authorization/roleDefinitions/3df8b902-2a6f-47c7-8cc5-360e9b272a7e", + "Remote Rendering Client": "/providers/Microsoft.Authorization/roleDefinitions/d39065c4-c120-43c9-ab0a-63eed9795f0a", + "Reservation Purchaser": "/providers/Microsoft.Authorization/roleDefinitions/f7b75c60-3036-4b75-91c3-6b41c27c1689", + "Resource Policy Contributor": "/providers/Microsoft.Authorization/roleDefinitions/36243c78-bf99-498c-9df9-86d9f8d28608", + "Role Based Access Control Administrator (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/f58310d9-a9f6-439a-9e8d-f62e7b41a168", + "Scheduled Patching Contributor": "/providers/Microsoft.Authorization/roleDefinitions/cd08ab90-6b14-449c-ad9a-8f8e549482c6", + "Scheduler Job Collections Contributor": "/providers/Microsoft.Authorization/roleDefinitions/188a0f2f-5c9e-469b-ae67-2aa5ce574b94", + "Schema Registry Contributor (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/5dffeca3-4936-4216-b2bc-10343a5abb25", + "Schema Registry Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/2c56ea50-c6b3-40a6-83c0-9d98858bc7d2", + "Search Index Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8ebe5a00-799e-43f5-93ac-243d3dce84a7", + "Search Index Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/1407120a-92aa-4202-b7e9-c0e197c71c8f", + "Search Service Contributor": "/providers/Microsoft.Authorization/roleDefinitions/7ca78c08-252a-4471-8644-bb5ff32d4ba0", + "Security Admin": "/providers/Microsoft.Authorization/roleDefinitions/fb1c8493-542b-48eb-b624-b4c8fea62acd", + "Security Assessment Contributor": "/providers/Microsoft.Authorization/roleDefinitions/612c2aa1-cb24-443b-ac28-3ab7272de6f5", + "Security Detonation Chamber Publisher": "/providers/Microsoft.Authorization/roleDefinitions/352470b3-6a9c-4686-b503-35deb827e500", + "Security Detonation Chamber Reader": "/providers/Microsoft.Authorization/roleDefinitions/28241645-39f8-410b-ad48-87863e2951d5", + "Security Detonation Chamber Submission Manager": "/providers/Microsoft.Authorization/roleDefinitions/a37b566d-3efa-4beb-a2f2-698963fa42ce", + "Security Detonation Chamber Submitter": "/providers/Microsoft.Authorization/roleDefinitions/0b555d9b-b4a7-4f43-b330-627f0e5be8f0", + "Security Manager (Legacy)": "/providers/Microsoft.Authorization/roleDefinitions/e3d13bf0-dd5a-482e-ba6b-9b8433878d10", + "Security Reader": "/providers/Microsoft.Authorization/roleDefinitions/39bc4728-0917-49c7-9d2c-d95423bc2eb4", + "Services Hub Operator": "/providers/Microsoft.Authorization/roleDefinitions/82200a5b-e217-47a5-b665-6d8765ee745b", + "SignalR AccessKey Reader": "/providers/Microsoft.Authorization/roleDefinitions/04165923-9d83-45d5-8227-78b77b0a687e", + "SignalR App Server": "/providers/Microsoft.Authorization/roleDefinitions/420fcaa2-552c-430f-98ca-3264be4806c7", + "SignalR REST API Owner": "/providers/Microsoft.Authorization/roleDefinitions/fd53cd77-2268-407a-8f46-7e7863d0f521", + "SignalR REST API Reader": "/providers/Microsoft.Authorization/roleDefinitions/ddde6b66-c0df-4114-a159-3618637b3035", + "SignalR Service Owner": "/providers/Microsoft.Authorization/roleDefinitions/7e4f1700-ea5a-4f59-8f37-079cfe29dce3", + "SignalR/Web PubSub Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761", + "Site Recovery Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6670b86e-a3f7-4917-ac9b-5d6ab1be4567", + "Site Recovery Operator": "/providers/Microsoft.Authorization/roleDefinitions/494ae006-db33-4328-bf46-533a6560a3ca", + "Site Recovery Reader": "/providers/Microsoft.Authorization/roleDefinitions/dbaa88c4-0c30-4179-9fb3-46319faa6149", + "Spatial Anchors Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/8bbe83f1-e2a6-4df7-8cb4-4e04d4e5c827", + "Spatial Anchors Account Owner": "/providers/Microsoft.Authorization/roleDefinitions/70bbe301-9835-447d-afdd-19eb3167307c", + "Spatial Anchors Account Reader": "/providers/Microsoft.Authorization/roleDefinitions/5d51204f-eb77-4b1c-b86a-2ec626c49413", + "SQL DB Contributor": "/providers/Microsoft.Authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec", + "SQL Managed Instance Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4939a1f6-9ae0-4e48-a1e0-f2cbe897382d", + "SQL Security Manager": "/providers/Microsoft.Authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3", + "SQL Server Contributor": "/providers/Microsoft.Authorization/roleDefinitions/6d8ee4ec-f05a-4a1d-8b00-a9b17e38b437", + "SqlDb Migration Role": "/providers/Microsoft.Authorization/roleDefinitions/189207d4-bb67-4208-a635-b06afe8b2c57", + "SqlMI Migration Role": "/providers/Microsoft.Authorization/roleDefinitions/1d335eef-eee1-47fe-a9e0-53214eba8872", + "SqlVM Migration Role": "/providers/Microsoft.Authorization/roleDefinitions/ae8036db-e102-405b-a1b9-bae082ea436d", + "Storage Account Backup Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e5e2a7ff-d759-4cd2-bb51-3152d37e2eb1", + "Storage Account Contributor": "/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab", + "Storage Account Key Operator Service Role": "/providers/Microsoft.Authorization/roleDefinitions/81a9662b-bebf-436f-a333-f67b29880f12", + "Storage Blob Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe", + "Storage Blob Data Owner": "/providers/Microsoft.Authorization/roleDefinitions/b7e6dc6d-f1e8-4753-8033-0f276bb0955b", + "Storage Blob Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/2a2b9908-6ea1-4ae2-8e65-a410df84e7d1", + "Storage Blob Delegator": "/providers/Microsoft.Authorization/roleDefinitions/db58b8e5-c6ad-4a2a-8342-4190687cbf4a", + "Storage File Data SMB Share Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0c867c2a-1d8c-454a-a3db-ab2ea1bdc8bb", + "Storage File Data SMB Share Elevated Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a7264617-510b-434b-a828-9731dc254ea7", + "Storage File Data SMB Share Reader": "/providers/Microsoft.Authorization/roleDefinitions/aba4ae5f-2193-4029-9191-0cb91df5e314", + "Storage Queue Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/974c5e8b-45b9-4653-ba55-5f855dd0fb88", + "Storage Queue Data Message Processor": "/providers/Microsoft.Authorization/roleDefinitions/8a0f0c08-91a1-4084-bc3d-661d67233fed", + "Storage Queue Data Message Sender": "/providers/Microsoft.Authorization/roleDefinitions/c6a89b2d-59bc-44d0-9896-0f6e12d7b80a", + "Storage Queue Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/19e7f393-937e-4f77-808e-94535e297925", + "Storage Table Data Contributor": "/providers/Microsoft.Authorization/roleDefinitions/0a9a7e1f-b9d0-4cc4-a60d-0319b160aaa3", + "Storage Table Data Reader": "/providers/Microsoft.Authorization/roleDefinitions/76199698-9eea-4c19-bc75-cec21354c6b6", + "Stream Analytics Query Tester": "/providers/Microsoft.Authorization/roleDefinitions/1ec5b3c1-b17e-4e25-8312-2acb3c3c5abf", + "Support Request Contributor": "/providers/Microsoft.Authorization/roleDefinitions/cfd33db0-3dd1-45e3-aa9d-cdbdf3b6f24e", + "Tag Contributor": "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f", + "Template Spec Contributor": "/providers/Microsoft.Authorization/roleDefinitions/1c9b6475-caf0-4164-b5a1-2142a7116f4b", + "Template Spec Reader": "/providers/Microsoft.Authorization/roleDefinitions/392ae280-861d-42bd-9ea5-08ee6d83b80e", + "Test Base Reader": "/providers/Microsoft.Authorization/roleDefinitions/15e0f5a1-3450-4248-8e25-e2afe88a9e85", + "Traffic Manager Contributor": "/providers/Microsoft.Authorization/roleDefinitions/a4b10055-b0c7-44c2-b00f-c7b5b3550cf7", + "User Access Administrator": "/providers/Microsoft.Authorization/roleDefinitions/18d7d88d-d35e-4fb5-a5c3-7773c20a72d9", + "Video Indexer Restricted Viewer": "/providers/Microsoft.Authorization/roleDefinitions/a2c4a527-7dc0-4ee3-897b-403ade70fafb", + "Virtual Machine Administrator Login": "/providers/Microsoft.Authorization/roleDefinitions/1c0163c0-47e6-4577-8991-ea5c82e286e4", + "Virtual Machine Contributor": "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c", + "Virtual Machine Local User Login": "/providers/Microsoft.Authorization/roleDefinitions/602da2ba-a5c2-41da-b01d-5360126ab525", + "Virtual Machine User Login": "/providers/Microsoft.Authorization/roleDefinitions/fb879df8-f326-4884-b1cf-06f3ad86be52", + "VM Scanner Operator": "/providers/Microsoft.Authorization/roleDefinitions/d24ecba3-c1f4-40fa-a7bb-4588a071e8fd", + "Web Plan Contributor": "/providers/Microsoft.Authorization/roleDefinitions/2cc479cb-7b4d-49a8-b449-8c00fd0f0a4b", + "Web PubSub Service Owner (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/12cf5a90-567b-43ae-8102-96cf46c7d9b4", + "Web PubSub Service Reader (Preview)": "/providers/Microsoft.Authorization/roleDefinitions/bfb1c7d2-fb1a-466b-b2ba-aee63b92deaf", + "Website Contributor": "/providers/Microsoft.Authorization/roleDefinitions/de139f84-1756-47ae-9be6-808fbbe84772", + "Windows Admin Center Administrator Login": "/providers/Microsoft.Authorization/roleDefinitions/a6333a3e-0164-44c3-b281-7a577aff287f", + "Workbook Contributor": "/providers/Microsoft.Authorization/roleDefinitions/e8ddcd69-c73f-4f9f-9844-4100522f16ad", + "Workbook Reader": "/providers/Microsoft.Authorization/roleDefinitions/b279062a-9be3-42a0-92ae-8b3cf002ec4d", + "WorkloadBuilder Migration Agent Role": "/providers/Microsoft.Authorization/roleDefinitions/d17ce0a2-0697-43bc-aac5-9113337ab61c" + }, + "roleDefinitionIdVar": "[if(contains(variables('builtInRoleNames'), parameters('roleDefinitionIdOrName')), variables('builtInRoleNames')[parameters('roleDefinitionIdOrName')], parameters('roleDefinitionIdOrName'))]" + }, + "resources": [ + { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2021-04-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + { + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "name": "[guid(parameters('subscriptionId'), parameters('resourceGroupName'), variables('roleDefinitionIdVar'), parameters('principalId'))]", + "properties": { + "roleDefinitionId": "[variables('roleDefinitionIdVar')]", + "principalId": "[parameters('principalId')]", + "description": "[if(not(empty(parameters('description'))), parameters('description'), null())]", + "principalType": "[if(not(empty(parameters('principalType'))), parameters('principalType'), null())]", + "delegatedManagedIdentityResourceId": "[if(not(empty(parameters('delegatedManagedIdentityResourceId'))), parameters('delegatedManagedIdentityResourceId'), null())]", + "conditionVersion": "[if(and(not(empty(parameters('conditionVersion'))), not(empty(parameters('condition')))), parameters('conditionVersion'), null())]", + "condition": "[if(not(empty(parameters('condition'))), parameters('condition'), null())]" + } + } + ], + "outputs": { + "name": { + "type": "string", + "metadata": { + "description": "The GUID of the Role Assignment." + }, + "value": "[guid(parameters('subscriptionId'), parameters('resourceGroupName'), variables('roleDefinitionIdVar'), parameters('principalId'))]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Role Assignment." + }, + "value": "[resourceId('Microsoft.Authorization/roleAssignments', guid(parameters('subscriptionId'), parameters('resourceGroupName'), variables('roleDefinitionIdVar'), parameters('principalId')))]" + }, + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the role assignment was applied at." + }, + "value": "[resourceGroup().name]" + }, + "scope": { + "type": "string", + "metadata": { + "description": "The scope this Role Assignment applies to." + }, + "value": "[resourceGroup().id]" + } + } + } + } + }, + { + "copy": { + "name": "DesktopVirtualizationVirtualMachineContributorRoleAssign", + "count": "[length(parameters('appGroupIdentitiesIds'))]" + }, + "condition": "[and(and(parameters('createStorageDeployment'), equals(parameters('identityServiceProvider'), 'AAD')), not(empty(parameters('appGroupIdentitiesIds'))))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('Stora-VMCont-RolAssign-{0}-{1}', take(format('{0}', parameters('appGroupIdentitiesIds')[copyIndex()]), 6), parameters('time'))]", + "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", + "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "roleDefinitionIdOrName": { + "value": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/{1}', parameters('subscriptionId'), variables('varDesktopVirtualizationVirtualMachineContributorRole').id)]" + }, + "principalId": { + "value": "[parameters('appGroupIdentitiesIds')[copyIndex()]]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -18997,8 +19564,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -19577,8 +20144,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -20151,8 +20718,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -20783,10 +21350,7 @@ "value": "[parameters('deployPrivateEndpointKeyvaultStorage')]" }, "keyVaultprivateDNSResourceId": "[if(parameters('createPrivateDnsZones'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.KeyVaultDnsZoneResourceId.value), createObject('value', parameters('avdVnetPrivateDnsZoneKeyvaultId')))]", - "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]", - "kvTags": { - "value": "[variables('varZtKeyvaultTag')]" - } + "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", @@ -20794,8 +21358,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13817365626687960451" + "version": "0.21.1.54444", + "templateHash": "132995777022452151" } }, "parameters": { @@ -20871,12 +21435,6 @@ "description": "Tags to be applied to resources" } }, - "kvTags": { - "type": "object", - "metadata": { - "description": "Tags to be added to key vault" - } - }, "diskEncryptionSetName": { "type": "string", "metadata": { @@ -20961,8 +21519,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2291336375760157964" + "version": "0.21.1.54444", + "templateHash": "12317712979554879023" } }, "parameters": { @@ -21150,8 +21708,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12228099095722756446" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -21420,8 +21978,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7109016207306775504" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { @@ -21514,8 +22072,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12228099095722756446" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -21784,8 +22342,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7109016207306775504" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { @@ -21854,8 +22412,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -22438,8 +22996,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -23019,8 +23577,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15737913196788172522" + "version": "0.21.1.54444", + "templateHash": "7754983815852819350" } }, "parameters": { @@ -23041,14 +23599,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -23142,8 +23700,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "943002000979437913" + "version": "0.21.1.54444", + "templateHash": "5263933546195004806" } }, "parameters": { @@ -23346,8 +23904,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14509232230386518393" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -23488,14 +24046,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -23643,8 +24201,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16771064281561658183" + "version": "0.21.1.54444", + "templateHash": "17317977123822737513" } }, "parameters": { @@ -24244,7 +24802,7 @@ }, "ztManagedIdentityResourceId": "[if(parameters('diskZeroTrust'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.Resources/deployments', format('ZT-Managed-ID-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', ''))]", "tags": { - "value": "[union(parameters('tags'), parameters('kvTags'))]" + "value": "[parameters('tags')]" } }, "template": { @@ -24253,8 +24811,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7227063824414734829" + "version": "0.21.1.54444", + "templateHash": "4320117328434371279" } }, "parameters": { @@ -24394,8 +24952,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1658651451767507348" + "version": "0.21.1.54444", + "templateHash": "12710254814965349908" } }, "parameters": { @@ -24523,8 +25081,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -24560,14 +25118,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -24772,8 +25330,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10979748506364891487" + "version": "0.21.1.54444", + "templateHash": "6740418827739952012" } }, "parameters": { @@ -24904,8 +25462,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13473011612578499281" + "version": "0.21.1.54444", + "templateHash": "1740953456073265015" } }, "parameters": { @@ -25041,8 +25599,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12036621733642341793" + "version": "0.21.1.54444", + "templateHash": "15814620610091788537" } }, "parameters": { @@ -25236,8 +25794,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3591721400415712312" + "version": "0.21.1.54444", + "templateHash": "161566500283768812" } }, "parameters": { @@ -25419,8 +25977,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4889573445396956380" + "version": "0.21.1.54444", + "templateHash": "8510219443070850278" } }, "parameters": { @@ -25622,8 +26180,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12991773916541265724" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -25689,14 +26247,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -25819,8 +26377,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3520683536217550590" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -25832,8 +26390,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -25954,8 +26512,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11724106538771429164" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -26168,8 +26726,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7774490315865318008" + "version": "0.21.1.54444", + "templateHash": "12411629325302614699" } }, "parameters": { @@ -26399,8 +26957,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3591721400415712312" + "version": "0.21.1.54444", + "templateHash": "161566500283768812" } }, "parameters": { @@ -26582,8 +27140,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4889573445396956380" + "version": "0.21.1.54444", + "templateHash": "8510219443070850278" } }, "parameters": { @@ -26785,8 +27343,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16707004874708060114" + "version": "0.21.1.54444", + "templateHash": "15837328238442399759" } }, "parameters": { @@ -26813,14 +27371,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "keyVaultResourceId": { "type": "string", @@ -26996,8 +27554,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12172667945223907975" + "version": "0.21.1.54444", + "templateHash": "17435508871327946334" } }, "parameters": { @@ -27072,8 +27630,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2530846489831075796" + "version": "0.21.1.54444", + "templateHash": "7222366309271203422" } }, "parameters": { @@ -27144,8 +27702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10979748506364891487" + "version": "0.21.1.54444", + "templateHash": "6740418827739952012" } }, "parameters": { @@ -27275,8 +27833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5693310049980820424" + "version": "0.21.1.54444", + "templateHash": "13165233376501361165" } }, "parameters": { @@ -27535,7 +28093,7 @@ "secureList": "[if(not(equals(parameters('avdIdentityServiceProvider'), 'AAD')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', parameters('avdDomainJoinUserName'), 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', parameters('avdDomainJoinUserPassword'), 'contentType', 'Domain join credentials')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', 'AAD-Joined-Deployment-No-Domain-Credentials', 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', 'AAD-Joined-Deployment-No-Domain-Credentials', 'contentType', 'Domain join credentials')))]" } }, - "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))), createObject('value', union(variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))))]" + "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -27543,8 +28101,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1658651451767507348" + "version": "0.21.1.54444", + "templateHash": "12710254814965349908" } }, "parameters": { @@ -27672,8 +28230,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -27709,14 +28267,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -27921,8 +28479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10979748506364891487" + "version": "0.21.1.54444", + "templateHash": "6740418827739952012" } }, "parameters": { @@ -28053,8 +28611,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13473011612578499281" + "version": "0.21.1.54444", + "templateHash": "1740953456073265015" } }, "parameters": { @@ -28190,8 +28748,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12036621733642341793" + "version": "0.21.1.54444", + "templateHash": "15814620610091788537" } }, "parameters": { @@ -28385,8 +28943,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3591721400415712312" + "version": "0.21.1.54444", + "templateHash": "161566500283768812" } }, "parameters": { @@ -28568,8 +29126,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4889573445396956380" + "version": "0.21.1.54444", + "templateHash": "8510219443070850278" } }, "parameters": { @@ -28771,8 +29329,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12991773916541265724" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -28838,14 +29396,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -28968,8 +29526,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3520683536217550590" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -28981,8 +29539,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -29103,8 +29661,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11724106538771429164" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -29317,8 +29875,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7774490315865318008" + "version": "0.21.1.54444", + "templateHash": "12411629325302614699" } }, "parameters": { @@ -29569,8 +30127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8575582116594416846" + "version": "0.21.1.54444", + "templateHash": "9827695024186149778" } }, "parameters": { @@ -29850,8 +30408,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16231583765337904850" + "version": "0.21.1.54444", + "templateHash": "13490517945116714650" } }, "parameters": { @@ -30276,8 +30834,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -30313,14 +30871,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -30698,8 +31256,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17209228417067578044" + "version": "0.21.1.54444", + "templateHash": "3084383436001824498" } }, "parameters": { @@ -30859,8 +31417,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9360762827164855564" + "version": "0.21.1.54444", + "templateHash": "18200832178111445541" } }, "parameters": { @@ -30931,8 +31489,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -30989,14 +31547,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -31192,8 +31750,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8727835156180887119" + "version": "0.21.1.54444", + "templateHash": "7328126239184883887" } }, "parameters": { @@ -31447,8 +32005,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9874341872740922868" + "version": "0.21.1.54444", + "templateHash": "15419094596647888624" } }, "parameters": { @@ -31510,14 +32068,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -31535,14 +32093,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -31554,8 +32112,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -31745,8 +32303,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12339568584101080218" + "version": "0.21.1.54444", + "templateHash": "10645923556503351364" } }, "parameters": { @@ -31961,8 +32519,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32164,8 +32722,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32362,8 +32920,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32565,8 +33123,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32758,8 +33316,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -32951,8 +33509,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33148,8 +33706,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33353,8 +33911,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33551,8 +34109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -33752,8 +34310,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9244336776798438387" + "version": "0.21.1.54444", + "templateHash": "10405060501220354608" } }, "parameters": { @@ -33784,9 +34342,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -33798,7 +34353,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -33918,8 +34476,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16997355648608834977" + "version": "0.21.1.54444", + "templateHash": "11877341194593849245" } }, "parameters": { @@ -34135,8 +34693,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14509232230386518393" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -34277,14 +34835,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -34431,6 +34989,9 @@ "storagePurpose": { "value": "fslogix" }, + "storageSolution": { + "value": "[parameters('fslogixStorageSolution')]" + }, "fileShareName": { "value": "[variables('varFslogixFileShareName')]" }, @@ -34444,11 +35005,14 @@ "storageAccountName": { "value": "[variables('varFslogixStorageName')]" }, - "storageToDomainScript": { - "value": "[variables('varStorageToDomainScript')]" + "securityPrincipalNames": { + "value": "[parameters('securityPrincipalNames')]" + }, + "netBios": { + "value": "[parameters('netBios')]" }, - "storageToDomainScriptUri": { - "value": "[variables('varStorageToDomainScriptUri')]" + "KerberosEncryption": { + "value": "[parameters('kerberosEncryption')]" }, "identityServiceProvider": { "value": "[parameters('avdIdentityServiceProvider')]" @@ -34475,6 +35039,9 @@ "domainJoinUserName": { "value": "[parameters('avdDomainJoinUserName')]" }, + "domainJoinUserPassword": { + "value": "[parameters('avdDomainJoinUserPassword')]" + }, "wrklKvName": { "value": "[variables('varWrklKvName')]" }, @@ -34510,8 +35077,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5108709096061162439" + "version": "0.21.1.54444", + "templateHash": "17145130864687829338" } }, "parameters": { @@ -34593,6 +35160,12 @@ "description": "AVD session host domain join credentials." } }, + "domainJoinUserPassword": { + "type": "securestring", + "metadata": { + "description": "AVD session host domain join credentials." + } + }, "storageSku": { "type": "string", "metadata": { @@ -34611,18 +35184,6 @@ "description": "Use Azure private DNS zones for private endpoints." } }, - "storageToDomainScript": { - "type": "string", - "metadata": { - "description": "Script name for adding storage account to Active Directory." - } - }, - "storageToDomainScriptUri": { - "type": "string", - "metadata": { - "description": "URI for the script for adding the storage account to Active Directory." - } - }, "tags": { "type": "object", "metadata": { @@ -34666,6 +35227,13 @@ "description": "Sets purpose of the storage account." } }, + "ActiveDirectorySolution": { + "type": "string", + "defaultValue": "ActiveDirectoryDomainServices", + "metadata": { + "description": "ActiveDirectorySolution. " + } + }, "dscAgentPackageLocation": { "type": "string", "metadata": { @@ -34695,6 +35263,44 @@ "metadata": { "description": "Managed Identity Client ID" } + }, + "KerberosEncryption": { + "type": "string", + "metadata": { + "description": "Kerberos Encryption. Default is AES256." + } + }, + "_artifactsLocation": { + "type": "string", + "defaultValue": "https://github.com/Azure/avdaccelerator/tree/ntfs-setup/workload/scripts/", + "metadata": { + "description": "Location of script. Default is located in workload/scripts" + } + }, + "_artifactsLocationSasToken": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "SAS Token to access script." + } + }, + "securityPrincipalNames": { + "type": "string" + }, + "storageSolution": { + "type": "string" + }, + "storageCount": { + "type": "int", + "defaultValue": 1 + }, + "storageIndex": { + "type": "int", + "defaultValue": 1 + }, + "netBios": { + "type": "string", + "defaultValue": "" } }, "variables": { @@ -34707,8 +35313,7 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", - "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -CreateNewOU {11} -ShareName {12} -ClientId {13}', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('createOuForStorageString'), parameters('fileShareName'), parameters('managedIdentityClientId'))]" + "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]" }, "resources": [ { @@ -34778,17 +35383,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10333603057132654028" + "version": "0.21.1.54444", + "templateHash": "10707961832808434144" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -34821,23 +35426,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -34847,30 +35449,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -34992,14 +35597,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -35039,8 +35644,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -35076,14 +35681,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -35339,8 +35944,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17399845773033742131" + "version": "0.21.1.54444", + "templateHash": "11907799862370162022" } }, "parameters": { @@ -35534,8 +36139,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12991773916541265724" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -35601,14 +36206,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -35731,8 +36336,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3520683536217550590" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -35744,8 +36349,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -35866,8 +36471,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11724106538771429164" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -36073,17 +36678,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5299530817966477918" + "version": "0.21.1.54444", + "templateHash": "4253610036228558936" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -36197,17 +36802,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4867276107242068354" + "version": "0.21.1.54444", + "templateHash": "2607160455374616389" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -36355,17 +36960,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15213751123686607933" + "version": "0.21.1.54444", + "templateHash": "17862607141263296646" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -36398,8 +37003,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -36584,17 +37189,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8477599286867291799" + "version": "0.21.1.54444", + "templateHash": "1372202156919204831" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -36612,14 +37217,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -36698,17 +37303,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2796131294243404206" + "version": "0.21.1.54444", + "templateHash": "11262013761717354542" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -36826,8 +37431,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9471266450275905523" + "version": "0.21.1.54444", + "templateHash": "5334204341302869645" } }, "parameters": { @@ -37064,17 +37669,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11735671726195697680" + "version": "0.21.1.54444", + "templateHash": "252706870723960720" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -37103,8 +37708,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -37296,17 +37901,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "6048855322985506812" + "version": "0.21.1.54444", + "templateHash": "7008197552909900283" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -37331,25 +37936,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -37425,8 +38030,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3454304478574190517" + "version": "0.21.1.54444", + "templateHash": "12515062620278558169" } }, "parameters": { @@ -37664,17 +38269,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16446761132064405013" + "version": "0.21.1.54444", + "templateHash": "18008382091828972844" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -37686,8 +38291,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -37865,17 +38470,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9116292018335087361" + "version": "0.21.1.54444", + "templateHash": "14624220085780750615" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -37962,8 +38567,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8826781769055434429" + "version": "0.21.1.54444", + "templateHash": "256624618142232879" } }, "parameters": { @@ -38198,17 +38803,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15589712361439512608" + "version": "0.21.1.54444", + "templateHash": "1243731349630169383" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -38220,8 +38825,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -38397,17 +39002,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "18313788100863691650" + "version": "0.21.1.54444", + "templateHash": "15439721503188480715" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -38549,39 +39154,35 @@ } }, { + "condition": "[contains(parameters('identityServiceProvider'), 'ADDS')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Add-{0}-Storage-Setup-{1}', parameters('storagePurpose'), parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", + "name": "[format('FslogixNtfsPermissions_{0}', parameters('time'))]", + "subscriptionId": "[parameters('workloadSubsId')]", + "resourceGroup": "[parameters('serviceObjectsRgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "location": { - "value": "[parameters('sessionHostLocation')]" + "_artifactsLocation": { + "value": "[parameters('_artifactsLocation')]" }, - "name": { - "value": "[parameters('managementVmName')]" + "_artifactsLocationSasToken": { + "value": "[parameters('_artifactsLocationSasToken')]" }, - "file": { - "value": "[parameters('storageToDomainScript')]" + "CommandToExecute": { + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName \"{2}\" -ActiveDirectorySolution \"{3}\" -Environment \"{4}\" -KerberosEncryptionType \"{5}\" -StorageAccountFullName \"{6}\" -FileShareName \"{7}\" -Netbios \"{8}\" -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName \"{11}\" -StorageCount {12} -StorageIndex {13} -StorageSolution \"{14}\" -StorageSuffix \"{15}\" -SubscriptionId \"{16}\" -TenantId \"{17}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, - "scriptArguments": { - "value": "[variables('varStorageToDomainScriptArgs')]" + "Location": { + "value": "[parameters('sessionHostLocation')]" }, - "domainJoinUserPassword": { - "reference": { - "keyVault": { - "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))]" - }, - "secretName": "domainJoinUserPassword" - } + "ManagementVmName": { + "value": "[parameters('managementVmName')]" }, - "baseScriptUri": { - "value": "[parameters('storageToDomainScriptUri')]" + "Timestamp": { + "value": "[parameters('time')]" } }, "template": { @@ -38590,72 +39191,55 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13091364540241869728" + "version": "0.21.1.54444", + "templateHash": "16960560892689102067" } }, "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Extension deployment name." - } + "_artifactsLocation": { + "type": "string" }, - "location": { - "type": "string", - "metadata": { - "description": "Location where to deploy compute services." - } + "_artifactsLocationSasToken": { + "type": "securestring" }, - "baseScriptUri": { - "type": "string", - "metadata": { - "description": "Location for the AVD agent installation package." - } + "CommandToExecute": { + "type": "string" }, - "file": { + "Location": { "type": "string" }, - "scriptArguments": { - "type": "string", - "metadata": { - "description": "Arguments for domain join script." - } + "ManagementVmName": { + "type": "string" }, - "domainJoinUserPassword": { - "type": "securestring", - "metadata": { - "description": "Domain join user password." - } + "Timestamp": { + "type": "string" } }, - "variables": { - "varscriptArgumentsWithPassword": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('domainJoinUserPassword'))]" - }, "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[format('{0}/AzureFilesDomainJoin', parameters('name'))]", - "location": "[parameters('location')]", + "apiVersion": "2020-12-01", + "name": "[format('{0}/CustomScriptExtension', parameters('ManagementVmName'))]", + "location": "[parameters('Location')]", "properties": { "publisher": "Microsoft.Compute", "type": "CustomScriptExtension", "typeHandlerVersion": "1.10", "autoUpgradeMinorVersion": true, - "settings": {}, + "settings": { + "fileUris": [ + "[format('{0}Set-NtfsPermissions.ps1{1}', parameters('_artifactsLocation'), parameters('_artifactsLocationSasToken'))]" + ], + "timestamp": "[parameters('Timestamp')]" + }, "protectedSettings": { - "fileUris": "[array(parameters('baseScriptUri'))]", - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('file'), variables('varscriptArgumentsWithPassword'))]" + "commandToExecute": "[parameters('CommandToExecute')]" } } } ] } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('storageObjectsRgName'))), 'Microsoft.Resources/deployments', format('Storage-{0}-{1}', parameters('storagePurpose'), parameters('time')))]" - ] + } } ] } @@ -38684,6 +39268,9 @@ "storagePurpose": { "value": "msix" }, + "storageSolution": { + "value": "[parameters('appAttachStorageSolution')]" + }, "fileShareName": { "value": "[variables('varMsixFileShareName')]" }, @@ -38697,11 +39284,14 @@ "storageAccountName": { "value": "[variables('varMsixStorageName')]" }, - "storageToDomainScript": { - "value": "[variables('varStorageToDomainScript')]" + "securityPrincipalNames": { + "value": "[parameters('securityPrincipalNames')]" }, - "storageToDomainScriptUri": { - "value": "[variables('varStorageToDomainScriptUri')]" + "netBios": { + "value": "[parameters('netBios')]" + }, + "KerberosEncryption": { + "value": "[parameters('kerberosEncryption')]" }, "identityServiceProvider": { "value": "[parameters('avdIdentityServiceProvider')]" @@ -38728,6 +39318,9 @@ "domainJoinUserName": { "value": "[parameters('avdDomainJoinUserName')]" }, + "domainJoinUserPassword": { + "value": "[parameters('avdDomainJoinUserPassword')]" + }, "wrklKvName": { "value": "[variables('varWrklKvName')]" }, @@ -38763,8 +39356,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5108709096061162439" + "version": "0.21.1.54444", + "templateHash": "17145130864687829338" } }, "parameters": { @@ -38846,6 +39439,12 @@ "description": "AVD session host domain join credentials." } }, + "domainJoinUserPassword": { + "type": "securestring", + "metadata": { + "description": "AVD session host domain join credentials." + } + }, "storageSku": { "type": "string", "metadata": { @@ -38864,18 +39463,6 @@ "description": "Use Azure private DNS zones for private endpoints." } }, - "storageToDomainScript": { - "type": "string", - "metadata": { - "description": "Script name for adding storage account to Active Directory." - } - }, - "storageToDomainScriptUri": { - "type": "string", - "metadata": { - "description": "URI for the script for adding the storage account to Active Directory." - } - }, "tags": { "type": "object", "metadata": { @@ -38919,6 +39506,13 @@ "description": "Sets purpose of the storage account." } }, + "ActiveDirectorySolution": { + "type": "string", + "defaultValue": "ActiveDirectoryDomainServices", + "metadata": { + "description": "ActiveDirectorySolution. " + } + }, "dscAgentPackageLocation": { "type": "string", "metadata": { @@ -38948,6 +39542,44 @@ "metadata": { "description": "Managed Identity Client ID" } + }, + "KerberosEncryption": { + "type": "string", + "metadata": { + "description": "Kerberos Encryption. Default is AES256." + } + }, + "_artifactsLocation": { + "type": "string", + "defaultValue": "https://github.com/Azure/avdaccelerator/tree/ntfs-setup/workload/scripts/", + "metadata": { + "description": "Location of script. Default is located in workload/scripts" + } + }, + "_artifactsLocationSasToken": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "SAS Token to access script." + } + }, + "securityPrincipalNames": { + "type": "string" + }, + "storageSolution": { + "type": "string" + }, + "storageCount": { + "type": "int", + "defaultValue": 1 + }, + "storageIndex": { + "type": "int", + "defaultValue": 1 + }, + "netBios": { + "type": "string", + "defaultValue": "" } }, "variables": { @@ -38960,8 +39592,7 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]", - "varStorageToDomainScriptArgs": "[format('-DscPath {0} -StorageAccountName {1} -StorageAccountRG {2} -StoragePurpose {3} -DomainName {4} -IdentityServiceProvider {5} -AzureCloudEnvironment {6} -SubscriptionId {7} -DomainAdminUserName {8} -CustomOuPath {9} -OUName {10} -CreateNewOU {11} -ShareName {12} -ClientId {13}', parameters('dscAgentPackageLocation'), parameters('storageAccountName'), parameters('storageObjectsRgName'), parameters('storagePurpose'), parameters('identityDomainName'), parameters('identityServiceProvider'), variables('varAzureCloudName'), parameters('workloadSubsId'), parameters('domainJoinUserName'), parameters('storageCustomOuPath'), parameters('ouStgPath'), parameters('createOuForStorageString'), parameters('fileShareName'), parameters('managedIdentityClientId'))]" + "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]" }, "resources": [ { @@ -39031,17 +39662,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "10333603057132654028" + "version": "0.21.1.54444", + "templateHash": "10707961832808434144" } }, "parameters": { "name": { "type": "string", + "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - }, - "maxLength": 24 + } }, "location": { "type": "string", @@ -39074,23 +39705,20 @@ "kind": { "type": "string", "defaultValue": "StorageV2", - "metadata": { - "description": "Optional. Type of Storage Account to create." - }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ] + ], + "metadata": { + "description": "Optional. Type of Storage Account to create." + } }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", - "metadata": { - "description": "Optional. Storage Account Sku Name." - }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -39100,30 +39728,33 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ] + ], + "metadata": { + "description": "Optional. Storage Account Sku Name." + } }, "accessTier": { "type": "string", "defaultValue": "Hot", - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - }, "allowedValues": [ "Premium", "Hot", "Cool" - ] + ], + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + } }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - }, "allowedValues": [ "Disabled", "Enabled" - ] + ], + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + } }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -39245,14 +39876,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ] + ], + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + } }, "enableHierarchicalNamespace": { "type": "bool", @@ -39292,8 +39923,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39329,14 +39960,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -39592,8 +40223,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17399845773033742131" + "version": "0.21.1.54444", + "templateHash": "11907799862370162022" } }, "parameters": { @@ -39787,8 +40418,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12991773916541265724" + "version": "0.21.1.54444", + "templateHash": "14559775667395480629" } }, "parameters": { @@ -39854,14 +40485,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -39984,8 +40615,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3520683536217550590" + "version": "0.21.1.54444", + "templateHash": "10817246518679375966" } }, "parameters": { @@ -39997,8 +40628,8 @@ }, "privateDNSResourceIds": { "type": "array", - "maxLength": 5, "minLength": 1, + "maxLength": 5, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -40119,8 +40750,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11724106538771429164" + "version": "0.21.1.54444", + "templateHash": "13032708393704093995" } }, "parameters": { @@ -40326,17 +40957,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5299530817966477918" + "version": "0.21.1.54444", + "templateHash": "4253610036228558936" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "rules": { "type": "array", @@ -40450,17 +41081,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "4867276107242068354" + "version": "0.21.1.54444", + "templateHash": "2607160455374616389" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -40608,17 +41239,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15213751123686607933" + "version": "0.21.1.54444", + "templateHash": "17862607141263296646" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "deleteRetentionPolicy": { "type": "bool", @@ -40651,8 +41282,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -40837,17 +41468,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8477599286867291799" + "version": "0.21.1.54444", + "templateHash": "1372202156919204831" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -40865,14 +41496,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - }, "allowedValues": [ "Container", "Blob", "None" - ] + ], + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + } }, "immutabilityPolicyProperties": { "type": "object", @@ -40951,17 +41582,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2796131294243404206" + "version": "0.21.1.54444", + "templateHash": "11262013761717354542" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "containerName": { "type": "string", @@ -41079,8 +41710,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9471266450275905523" + "version": "0.21.1.54444", + "templateHash": "5334204341302869645" } }, "parameters": { @@ -41317,17 +41948,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "11735671726195697680" + "version": "0.21.1.54444", + "templateHash": "252706870723960720" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -41356,8 +41987,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -41549,17 +42180,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "6048855322985506812" + "version": "0.21.1.54444", + "templateHash": "7008197552909900283" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "fileServicesName": { "type": "string", @@ -41584,25 +42215,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - }, "allowedValues": [ "NFS", "SMB" - ] + ], + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + } }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ] + ], + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + } }, "roleAssignments": { "type": "array", @@ -41678,8 +42309,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "3454304478574190517" + "version": "0.21.1.54444", + "templateHash": "12515062620278558169" } }, "parameters": { @@ -41917,17 +42548,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16446761132064405013" + "version": "0.21.1.54444", + "templateHash": "18008382091828972844" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "queues": { "type": "array", @@ -41939,8 +42570,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -42118,17 +42749,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9116292018335087361" + "version": "0.21.1.54444", + "templateHash": "14624220085780750615" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -42215,8 +42846,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8826781769055434429" + "version": "0.21.1.54444", + "templateHash": "256624618142232879" } }, "parameters": { @@ -42451,17 +43082,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "15589712361439512608" + "version": "0.21.1.54444", + "templateHash": "1243731349630169383" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "tables": { "type": "array", @@ -42473,8 +43104,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -42650,17 +43281,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "18313788100863691650" + "version": "0.21.1.54444", + "templateHash": "15439721503188480715" } }, "parameters": { "storageAccountName": { "type": "string", + "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - }, - "maxLength": 24 + } }, "name": { "type": "string", @@ -42802,39 +43433,35 @@ } }, { + "condition": "[contains(parameters('identityServiceProvider'), 'ADDS')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Add-{0}-Storage-Setup-{1}', parameters('storagePurpose'), parameters('time'))]", - "subscriptionId": "[format('{0}', parameters('workloadSubsId'))]", - "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", + "name": "[format('FslogixNtfsPermissions_{0}', parameters('time'))]", + "subscriptionId": "[parameters('workloadSubsId')]", + "resourceGroup": "[parameters('serviceObjectsRgName')]", "properties": { "expressionEvaluationOptions": { "scope": "inner" }, "mode": "Incremental", "parameters": { - "location": { - "value": "[parameters('sessionHostLocation')]" + "_artifactsLocation": { + "value": "[parameters('_artifactsLocation')]" }, - "name": { - "value": "[parameters('managementVmName')]" + "_artifactsLocationSasToken": { + "value": "[parameters('_artifactsLocationSasToken')]" }, - "file": { - "value": "[parameters('storageToDomainScript')]" + "CommandToExecute": { + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName \"{2}\" -ActiveDirectorySolution \"{3}\" -Environment \"{4}\" -KerberosEncryptionType \"{5}\" -StorageAccountFullName \"{6}\" -FileShareName \"{7}\" -Netbios \"{8}\" -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName \"{11}\" -StorageCount {12} -StorageIndex {13} -StorageSolution \"{14}\" -StorageSuffix \"{15}\" -SubscriptionId \"{16}\" -TenantId \"{17}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, - "scriptArguments": { - "value": "[variables('varStorageToDomainScriptArgs')]" + "Location": { + "value": "[parameters('sessionHostLocation')]" }, - "domainJoinUserPassword": { - "reference": { - "keyVault": { - "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))]" - }, - "secretName": "domainJoinUserPassword" - } + "ManagementVmName": { + "value": "[parameters('managementVmName')]" }, - "baseScriptUri": { - "value": "[parameters('storageToDomainScriptUri')]" + "Timestamp": { + "value": "[parameters('time')]" } }, "template": { @@ -42843,72 +43470,55 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "13091364540241869728" + "version": "0.21.1.54444", + "templateHash": "16960560892689102067" } }, "parameters": { - "name": { - "type": "string", - "metadata": { - "description": "Extension deployment name." - } + "_artifactsLocation": { + "type": "string" }, - "location": { - "type": "string", - "metadata": { - "description": "Location where to deploy compute services." - } + "_artifactsLocationSasToken": { + "type": "securestring" }, - "baseScriptUri": { - "type": "string", - "metadata": { - "description": "Location for the AVD agent installation package." - } + "CommandToExecute": { + "type": "string" }, - "file": { + "Location": { "type": "string" }, - "scriptArguments": { - "type": "string", - "metadata": { - "description": "Arguments for domain join script." - } + "ManagementVmName": { + "type": "string" }, - "domainJoinUserPassword": { - "type": "securestring", - "metadata": { - "description": "Domain join user password." - } + "Timestamp": { + "type": "string" } }, - "variables": { - "varscriptArgumentsWithPassword": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('scriptArguments'), parameters('domainJoinUserPassword'))]" - }, "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2022-08-01", - "name": "[format('{0}/AzureFilesDomainJoin', parameters('name'))]", - "location": "[parameters('location')]", + "apiVersion": "2020-12-01", + "name": "[format('{0}/CustomScriptExtension', parameters('ManagementVmName'))]", + "location": "[parameters('Location')]", "properties": { "publisher": "Microsoft.Compute", "type": "CustomScriptExtension", "typeHandlerVersion": "1.10", "autoUpgradeMinorVersion": true, - "settings": {}, + "settings": { + "fileUris": [ + "[format('{0}Set-NtfsPermissions.ps1{1}', parameters('_artifactsLocation'), parameters('_artifactsLocationSasToken'))]" + ], + "timestamp": "[parameters('Timestamp')]" + }, "protectedSettings": { - "fileUris": "[array(parameters('baseScriptUri'))]", - "commandToExecute": "[format('powershell -ExecutionPolicy Unrestricted -File {0} {1}', parameters('file'), variables('varscriptArgumentsWithPassword'))]" + "commandToExecute": "[parameters('CommandToExecute')]" } } } ] } - }, - "dependsOn": [ - "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('storageObjectsRgName'))), 'Microsoft.Resources/deployments', format('Storage-{0}-{1}', parameters('storagePurpose'), parameters('time')))]" - ] + } } ] } @@ -42959,8 +43569,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8648238951029079364" + "version": "0.21.1.54444", + "templateHash": "6119438582302440926" } }, "parameters": { @@ -43038,8 +43648,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8447272874314804308" + "version": "0.21.1.54444", + "templateHash": "16350576771018439160" } }, "parameters": { @@ -43087,14 +43697,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -43196,8 +43806,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "5091916529584467175" + "version": "0.21.1.54444", + "templateHash": "12543587259073888483" } }, "parameters": { @@ -43513,8 +44123,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9542486132206933343" + "version": "0.21.1.54444", + "templateHash": "700207138697825503" } }, "parameters": { @@ -43919,8 +44529,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16231583765337904850" + "version": "0.21.1.54444", + "templateHash": "13490517945116714650" } }, "parameters": { @@ -44345,8 +44955,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -44382,14 +44992,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -44767,8 +45377,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "17209228417067578044" + "version": "0.21.1.54444", + "templateHash": "3084383436001824498" } }, "parameters": { @@ -44928,8 +45538,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9360762827164855564" + "version": "0.21.1.54444", + "templateHash": "18200832178111445541" } }, "parameters": { @@ -45000,8 +45610,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -45058,14 +45668,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "location": { "type": "string", @@ -45261,8 +45871,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "8727835156180887119" + "version": "0.21.1.54444", + "templateHash": "7328126239184883887" } }, "parameters": { @@ -45516,8 +46126,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9874341872740922868" + "version": "0.21.1.54444", + "templateHash": "15419094596647888624" } }, "parameters": { @@ -45579,14 +46189,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - }, "allowedValues": [ "Floating", "MaxConnections", "None" - ] + ], + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + } }, "disableTcpStateTracking": { "type": "bool", @@ -45604,14 +46214,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "roleAssignments": { "type": "array", @@ -45623,8 +46233,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "maxValue": 365, "minValue": 0, + "maxValue": 365, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -45814,8 +46424,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12339568584101080218" + "version": "0.21.1.54444", + "templateHash": "10645923556503351364" } }, "parameters": { @@ -46030,8 +46640,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46233,8 +46843,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46431,8 +47041,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46634,8 +47244,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -46827,8 +47437,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47020,8 +47630,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47217,8 +47827,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47422,8 +48032,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47620,8 +48230,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -47821,8 +48431,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "9244336776798438387" + "version": "0.21.1.54444", + "templateHash": "10405060501220354608" } }, "parameters": { @@ -47853,9 +48463,6 @@ }, "protectedItemType": { "type": "string", - "metadata": { - "description": "Required. The backup item type." - }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -47867,7 +48474,10 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ] + ], + "metadata": { + "description": "Required. The backup item type." + } }, "policyId": { "type": "string", @@ -47987,8 +48597,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "16997355648608834977" + "version": "0.21.1.54444", + "templateHash": "11877341194593849245" } }, "parameters": { @@ -48204,8 +48814,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14509232230386518393" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -48346,14 +48956,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -48537,8 +49147,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -48736,8 +49346,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14509232230386518393" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -48878,14 +49488,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -49067,8 +49677,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "1490032793186823332" + "version": "0.21.1.54444", + "templateHash": "2320457624134194742" } }, "parameters": { @@ -49267,8 +49877,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "14509232230386518393" + "version": "0.21.1.54444", + "templateHash": "8145106657487286483" } }, "parameters": { @@ -49409,14 +50019,14 @@ "lock": { "type": "string", "defaultValue": "", - "metadata": { - "description": "Optional. Specify the type of lock." - }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ] + ], + "metadata": { + "description": "Optional. Specify the type of lock." + } }, "tags": { "type": "object", @@ -49576,8 +50186,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2897218414027100934" + "version": "0.21.1.54444", + "templateHash": "7945282169717240757" } }, "parameters": { @@ -49676,8 +50286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "886630281819911694" + "version": "0.21.1.54444", + "templateHash": "11980268490224207781" } }, "parameters": { @@ -49792,8 +50402,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12570414431099862364" + "version": "0.21.1.54444", + "templateHash": "17060282136194389196" } }, "parameters": { @@ -49885,8 +50495,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "2291336375760157964" + "version": "0.21.1.54444", + "templateHash": "12317712979554879023" } }, "parameters": { @@ -50060,8 +50670,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "12228099095722756446" + "version": "0.21.1.54444", + "templateHash": "14228229460676709073" } }, "parameters": { @@ -50329,8 +50939,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.18.4.5664", - "templateHash": "7109016207306775504" + "version": "0.21.1.54444", + "templateHash": "4137783479866222342" } }, "parameters": { diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index f0310b1d0..6a9b2f558 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -768,7 +768,7 @@ var varMarketPlaceGalleryWindows = { } var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/ntfs-update/workload/scripts/DSCStorageScripts.zip' //var varTempResourcesCleanUpDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/postDeploymentTempResourcesCleanUp.zip' -var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' +var varStorageSetupScriptUri = '${varBaseScriptUri}scripts/Set-NTFSPermissions.ps1' //var varPostDeploymentTempResuorcesCleanUpScriptUri = '${varBaseScriptUri}scripts/postDeploymentTempResuorcesCleanUp.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' //var varPostDeploymentTempResuorcesCleanUpScript = './PostDeploymentTempResuorcesCleanUp.ps1' @@ -1189,8 +1189,6 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if securityPrincipalName: securityPrincipalName fileShareQuotaSize: fslogixFileShareQuotaSize storageAccountName: varFslogixStorageName - storageToDomainScript: varStorageToDomainScript - storageToDomainScriptUri: varStorageToDomainScriptUri identityServiceProvider: avdIdentityServiceProvider dscAgentPackageLocation: varStorageAzureFilesDscAgentPackageLocation storageCustomOuPath: varStorageCustomOuPath diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index a30dda18f..e64f2e283 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -55,12 +55,6 @@ param fileShareQuotaSize int @sys.description('Use Azure private DNS zones for private endpoints.') param vnetPrivateDnsZoneFilesId string -@sys.description('Script name for adding storage account to Active Directory.') -param storageToDomainScript string - -@sys.description('URI for the script for adding the storage account to Active Directory.') -param storageToDomainScriptUri string - @sys.description('Tags to be applied to resources') param tags object From a737d0653ff0b359230df5f1c2c5cd72a06b1858 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 16:47:19 -0500 Subject: [PATCH 32/42] updates --- workload/bicep/deploy-baseline.bicep | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 6a9b2f558..f8b011f20 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -768,6 +768,7 @@ var varMarketPlaceGalleryWindows = { } var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/ntfs-update/workload/scripts/DSCStorageScripts.zip' //var varTempResourcesCleanUpDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/postDeploymentTempResourcesCleanUp.zip' +var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageSetupScriptUri = '${varBaseScriptUri}scripts/Set-NTFSPermissions.ps1' //var varPostDeploymentTempResuorcesCleanUpScriptUri = '${varBaseScriptUri}scripts/postDeploymentTempResuorcesCleanUp.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' @@ -1189,6 +1190,11 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if securityPrincipalName: securityPrincipalName fileShareQuotaSize: fslogixFileShareQuotaSize storageAccountName: varFslogixStorageName + securityPrincipalNames: securityPrincipalNames + netBios: netBios + KerberosEncryption: kerberosEncryption + //storageToDomainScript: varStorageToDomainScript + //storageToDomainScriptUri: varStorageToDomainScriptUri identityServiceProvider: avdIdentityServiceProvider dscAgentPackageLocation: varStorageAzureFilesDscAgentPackageLocation storageCustomOuPath: varStorageCustomOuPath From 1710c43dd25a103b2c4b2004d63540a18e2dbda0 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 16:48:21 -0500 Subject: [PATCH 33/42] updates --- workload/bicep/modules/storageAzureFiles/deploy.bicep | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index e64f2e283..ee9beaf1a 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -55,6 +55,12 @@ param fileShareQuotaSize int @sys.description('Use Azure private DNS zones for private endpoints.') param vnetPrivateDnsZoneFilesId string +//@sys.description('Script name for adding storage account to Active Directory.') +//param storageToDomainScript string + +//@sys.description('URI for the script for adding the storage account to Active Directory.') +//param storageToDomainScriptUri string + @sys.description('Tags to be applied to resources') param tags object From ac57d8ea38247c228672e59b878ebfaf5e8fce97 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 16:49:16 -0500 Subject: [PATCH 34/42] updates --- workload/bicep/modules/storageAzureFiles/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index ee9beaf1a..080795028 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -111,7 +111,7 @@ var varAvdFileShareMetricsDiagnostic = [ ] var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' var vardirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' -var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalNames ${securityPrincipalName}' +//var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalNames ${securityPrincipalName}' // =========== // // Deployments // // =========== // From 4c4472c6cd5a11de0f62e7e8450fdd77b177b02e Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 16:49:54 -0500 Subject: [PATCH 35/42] updates --- workload/bicep/modules/storageAzureFiles/deploy.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 080795028..023363a3c 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -111,7 +111,7 @@ var varAvdFileShareMetricsDiagnostic = [ ] var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' var vardirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' -//var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId} -SecurityPrincipalNames ${securityPrincipalName}' +//var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId}' // =========== // // Deployments // // =========== // From 8f9f11074b6ec545d7e75ed435d02b1e32ba9544 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 17:04:10 -0500 Subject: [PATCH 36/42] updates --- workload/bicep/deploy-baseline.bicep | 10 +-- workload/bicep/modules/identity/deploy.bicep | 2 +- .../.bicep/ntfsPermissions.bicep | 51 +++++++++++ .../modules/storageAzureFiles/deploy.bicep | 87 +++---------------- .../storageAzureFiles/ntfsPermissions.bicep | 50 ----------- 5 files changed, 66 insertions(+), 134 deletions(-) create mode 100644 workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep delete mode 100644 workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 9406c0ba3..53a7c1645 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -72,8 +72,8 @@ param avdApplicationGroupIdentityType string = 'Group' @sys.description('AD domain name.') param avdIdentityDomainName string -@sys.description('Netbios name, will be used to set NTFS file share permissions.') -param netBios string //testing new param +@sys.description('Netbios name, will be used to set NTFS file share permissions. (Default: "")') +param netBios string = '' @sys.description('AD domain GUID. (Default: "")') param identityDomainGuid string = '' @@ -793,7 +793,6 @@ var varMarketPlaceGalleryWindows = { } var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/ntfs-update/workload/scripts/DSCStorageScripts.zip' //var varTempResourcesCleanUpDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/postDeploymentTempResourcesCleanUp.zip' -var varStorageToDomainScriptUri = '${varBaseScriptUri}scripts/Manual-DSC-Storage-Scripts.ps1' var varStorageSetupScriptUri = '${varBaseScriptUri}scripts/Set-NTFSPermissions.ps1' //var varPostDeploymentTempResuorcesCleanUpScriptUri = '${varBaseScriptUri}scripts/postDeploymentTempResuorcesCleanUp.ps1' var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' @@ -1216,11 +1215,8 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if securityPrincipalName: securityPrincipalName fileShareQuotaSize: fslogixFileShareQuotaSize storageAccountName: varFslogixStorageName - securityPrincipalNames: securityPrincipalNames netBios: netBios KerberosEncryption: kerberosEncryption - //storageToDomainScript: varStorageToDomainScript - //storageToDomainScriptUri: varStorageToDomainScriptUri identityServiceProvider: avdIdentityServiceProvider dscAgentPackageLocation: varStorageAzureFilesDscAgentPackageLocation storageCustomOuPath: varStorageCustomOuPath @@ -1264,7 +1260,6 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr securityPrincipalName: securityPrincipalName fileShareQuotaSize: msixFileShareQuotaSize storageAccountName: varMsixStorageName - securityPrincipalNames: securityPrincipalNames netBios: netBios KerberosEncryption: kerberosEncryption //storageToDomainScript: varStorageToDomainScript @@ -1278,7 +1273,6 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr createOuForStorageString: varCreateOuForStorageString managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : '' domainJoinUserName: avdDomainJoinUserName - domainJoinUserPassword: avdDomainJoinUserPassword //change to keyvault wrklKvName: varWrklKvName serviceObjectsRgName: varServiceObjectsRgName identityDomainName: avdIdentityDomainName diff --git a/workload/bicep/modules/identity/deploy.bicep b/workload/bicep/modules/identity/deploy.bicep index ea063e061..fd1a7389e 100644 --- a/workload/bicep/modules/identity/deploy.bicep +++ b/workload/bicep/modules/identity/deploy.bicep @@ -196,7 +196,7 @@ module storageSmbShareContributorRoleAssign '../../../../carml/1.3.0/Microsoft.A }] //Management VM Desktop Virtualization Virtual Machine Contributor Role assignment -module DesktopVirtualizationVirtualMachineContributorRoleAssign '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in appGroupIdentitiesIds: if (createStorageDeployment && (identityServiceProvider == 'AAD') && (!empty(appGroupIdentitiesIds))) { +module DesktopVirtualizationVirtualMachineContributorRoleAssign '../../../../carml/1.3.0/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep' = [for appGroupIdentitiesId in securityPrincipalIds: if (createStorageDeployment && (identityServiceProvider == 'AAD') && (!empty(securityPrincipalIds))) { name: 'Stora-VMCont-RolAssign-${take('${appGroupIdentitiesId}', 6)}-${time}' scope: resourceGroup('${subscriptionId}', '${serviceObjectsRgName}') params: { diff --git a/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep b/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep new file mode 100644 index 000000000..9ebc23abd --- /dev/null +++ b/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep @@ -0,0 +1,51 @@ +// ========== // +// Parameters // +// ========== // + +param _artifactsLocation string +@secure() +param _artifactsLocationSasToken string + +param CommandToExecute string + +param ManagementVmName string + +param Timestamp string + +@sys.description('Arguments for domain join script.') +param scriptArguments string + +@secure() +@sys.description('Domain join user password.') +param domainJoinUserPassword string + +// =========== // +// Variable declaration // +// =========== // + +var varscriptArgumentsWithPassword = '${scriptArguments} -DomainAdminUserPassword ${domainJoinUserPassword} -verbose' + +// =========== // +// Deployments // +// =========== // + +resource customScriptExtension 'Microsoft.Compute/virtualMachines/extensions@2020-12-01' = { + name: '${ManagementVmName}/CustomScriptExtension' + location: Location + //tags: TagsVirtualMachines + properties: { + publisher: 'Microsoft.Compute' + type: 'CustomScriptExtension' + typeHandlerVersion: '1.10' + autoUpgradeMinorVersion: true + settings: { + fileUris: [ + '${_artifactsLocation}Set-NtfsPermissions.ps1${_artifactsLocationSasToken}' + ] + timestamp: Timestamp + } + protectedSettings: { + commandToExecute: CommandToExecute + } + } +} diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 2ba640996..1009f776d 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -46,10 +46,6 @@ param wrklKvName string @sys.description('AVD session host domain join credentials.') param domainJoinUserName string -@sys.description('AVD session host domain join credentials.') -@secure() -param domainJoinUserPassword string - @sys.description('Azure Files storage account SKU.') param storageSku string @@ -59,12 +55,6 @@ param fileShareQuotaSize int @sys.description('Use Azure private DNS zones for private endpoints.') param vnetPrivateDnsZoneFilesId string -//@sys.description('Script name for adding storage account to Active Directory.') -//param storageToDomainScript string - -//@sys.description('URI for the script for adding the storage account to Active Directory.') -//param storageToDomainScriptUri string - @sys.description('Tags to be applied to resources') param tags object @@ -113,15 +103,21 @@ param _artifactsLocation string = 'https://github.com/Azure/avdaccelerator/tree/ @description('SAS Token to access script.') param _artifactsLocationSasToken string = '' -param securityPrincipalNames string - +@allowed([ + 'AzureStorageAccount' + 'AzureNetappFiles' +]) +@sys.description ('Storage Solution.') param storageSolution string +//borrar param storageCount int = 1 param storageIndex int = 1 +// -param netBios string = '' +@sys.description('Netbios name, will be used to set NTFS file share permissions.') +param netBios string // =========== // // Variable declaration // @@ -217,79 +213,20 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts // scope: resourceGroup('${workloadSubsId}', '${serviceObjectsRgName}') //} -// Custom Extension call in on the DSC script to join Azure storage account to domain. -/* -module addShareToDomainScript './.bicep/azureFilesDomainJoin.bicep' = { - scope: resourceGroup('${workloadSubsId}', '${serviceObjectsRgName}') - name: 'Add-${storagePurpose}-Storage-Setup-${time}' - params: { - location: sessionHostLocation - name: managementVmName - file: storageToDomainScript - scriptArguments: varStorageToDomainScriptArgs - domainJoinUserPassword: avdWrklKeyVaultget.getSecret('domainJoinUserPassword') - baseScriptUri: storageToDomainScriptUri - } - dependsOn: [ - storageAndFile - ] -} -*/ -/* -module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { +module ntfsPermissions '.bicep/ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { name: 'FslogixNtfsPermissions_${time}' scope: resourceGroup(workloadSubsId, serviceObjectsRgName) params: { _artifactsLocation: _artifactsLocation _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountFullName ${storageAccountName} -FileShareName "${fileShareName}" -Netbios ${netBios} -OuPath "${ouStgPath}" -SecurityPrincipalNames "${securityPrincipalNames}" -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' + CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "${managedIdentityClientId}" -DomainJoinUserPrincipalName "${domainJoinUserName}" -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment "${environment().name}" -KerberosEncryptionType "${KerberosEncryption}" -StorageAccountFullName "${storageAccountName}" -FileShareName "${fileShareName}" -Netbios "${netBios}" -OuPath "${ouStgPath}" -SecurityPrincipalName "${securityPrincipalName}" -StorageAccountResourceGroupName "${storageObjectsRgName}" -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution "${storageSolution}" -StorageSuffix "${environment().suffixes.storage}" -SubscriptionId "${subscription().subscriptionId}" -TenantId "${subscription().tenantId}"' Location: sessionHostLocation + domainJoinUserPassword: avdWrklKeyVaultget.getSecret('domainJoinUserPassword') ManagementVmName: managementVmName Timestamp: time } //... } -*/ - -module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { - name: 'FslogixNtfsPermissions_${time}' - scope: resourceGroup(workloadSubsId, serviceObjectsRgName) - params: { - _artifactsLocation: _artifactsLocation - _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "${managedIdentityClientId}" -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName "${domainJoinUserName}" -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment "${environment().name}" -KerberosEncryptionType "${KerberosEncryption}" -StorageAccountFullName "${storageAccountName}" -FileShareName "${fileShareName}" -Netbios "${netBios}" -OuPath "${ouStgPath}" -SecurityPrincipalNames "${securityPrincipalNames}" -StorageAccountResourceGroupName "${storageObjectsRgName}" -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution "${storageSolution}" -StorageSuffix "${environment().suffixes.storage}" -SubscriptionId "${subscription().subscriptionId}" -TenantId "${subscription().tenantId}"' - Location: sessionHostLocation - ManagementVmName: managementVmName - Timestamp: time - } - //... - } - -/* -module ntfsPermissions 'ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { - name: 'FslogixNtfsPermissions_${time}' - scope: resourceGroup('${workloadSubsId}', '${serviceObjectsRgName}') - params: { - _artifactsLocation: _artifactsLocation //storageToDomainScriptUri - _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId ${managedIdentityClientId} -DomainJoinPassword "${domainJoinUserPassword}" -DomainJoinUserPrincipalName ${domainJoinUserName} -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment ${environment().name} -FslogixSolution ${FslogixSolution} -KerberosEncryptionType ${KerberosEncryption} -StorageAccountName ${storageAccountName} -Netbios ${identityDomainName} -OuPath "${storageCustomOuPath}" -SecurityPrincipalNames "${SecurityPrincipalNames}" -StorageAccountPrefix ${StorageAccountPrefix} -StorageAccountResourceGroupName ${storageObjectsRgName} -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution ${storageSolution} -StorageSuffix ${environment().suffixes.storage} -SubscriptionId ${subscription().subscriptionId} -TenantId ${subscription().tenantId}' //change active directory solution to id service provider - //DeploymentScriptNamePrefix: DeploymentScriptNamePrefix - Location: sessionHostLocation - ManagementVmName: managementVmName - //TagsDeploymentScripts: TagsDeploymentScripts - //TagsVirtualMachines: TagsVirtualMachines - Timestamp: time - //UserAssignedIdentityResourceId: UserAssignedIdentityResourceId - } - - dependsOn: [ - privateDnsZoneGroups - privateEndpoints - shares - ] - -}*/ - // =========== // // Outputs // diff --git a/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep b/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep deleted file mode 100644 index 9c78b6d48..000000000 --- a/workload/bicep/modules/storageAzureFiles/ntfsPermissions.bicep +++ /dev/null @@ -1,50 +0,0 @@ -param _artifactsLocation string -@secure() -param _artifactsLocationSasToken string -//@secure() //TESTING CHANGE BACK -param CommandToExecute string -//param DeploymentScriptNamePrefix string -param Location string -param ManagementVmName string -//param TagsDeploymentScripts object -//param TagsVirtualMachines object -param Timestamp string -//param UserAssignedIdentityResourceId string - -resource customScriptExtension 'Microsoft.Compute/virtualMachines/extensions@2020-12-01' = { - name: '${ManagementVmName}/CustomScriptExtension' - location: Location - //tags: TagsVirtualMachines - properties: { - publisher: 'Microsoft.Compute' - type: 'CustomScriptExtension' - typeHandlerVersion: '1.10' - autoUpgradeMinorVersion: true - settings: { - fileUris: [ - '${_artifactsLocation}Set-NtfsPermissions.ps1${_artifactsLocationSasToken}' - ] - timestamp: Timestamp - } - protectedSettings: { - commandToExecute: CommandToExecute - } - } -} -/* -module deploymentScript '../deploymentScript.bicep' = { - name: 'DeploymentScript_FSLogix-CleanUp_${Timestamp}' - params: { - Arguments: '-VirtualMachineName ${ManagementVmName} -ResourceGroupName ${resourceGroup().name}' - Location: Location - Name: '${DeploymentScriptNamePrefix}fslogix' - Script: 'param([string]$ResourceGroupName,[string]$VirtualMachineName); Remove-AzVM -ResourceGroupName $ResourceGroupName -Name $VirtualMachineName -ForceDeletion $true -Force; $DeploymentScriptOutputs = @{}; $DeploymentScriptOutputs["virtualMachineName"] = $VirtualMachineName' - Tags: TagsDeploymentScripts - Timestamp: Timestamp - UserAssignedIdentityResourceId: UserAssignedIdentityResourceId - } - dependsOn: [ - customScriptExtension - ] -} -*/ From 0a260f691fa984e8c0d0bcafcc3394c5bda8e939 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 21:16:57 -0500 Subject: [PATCH 37/42] updates --- workload/arm/deploy-baseline.json | 2321 +++++++++-------- workload/bicep/deploy-baseline.bicep | 53 +- .../.bicep/azureFilesDomainJoin.bicep | 48 - .../.bicep/ntfsPermissions.bicep | 34 +- .../modules/storageAzureFiles/deploy.bicep | 55 +- 5 files changed, 1240 insertions(+), 1271 deletions(-) delete mode 100644 workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 95f1d4957..79d26997a 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7193359885627322863" + "version": "0.17.1.54307", + "templateHash": "10532297135475337412" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -14,32 +14,32 @@ "deploymentPrefix": { "type": "string", "defaultValue": "AVD1", - "minLength": 2, - "maxLength": 4, "metadata": { "description": "The name of the resource group to deploy. (Default: AVD1)" - } + }, + "maxLength": 4, + "minLength": 2 }, "deploymentEnvironment": { "type": "string", "defaultValue": "Dev", + "metadata": { + "description": "The name of the resource group to deploy. (Default: Dev)" + }, "allowedValues": [ "Dev", "Test", "Prod" - ], - "metadata": { - "description": "The name of the resource group to deploy. (Default: Dev)" - } + ] }, "diskEncryptionKeyExpirationInDays": { "type": "int", "defaultValue": 60, - "minValue": 30, - "maxValue": 730, "metadata": { "description": "This value is used to set the expiration date on the disk encryption key. (Default: 60)" - } + }, + "minValue": 30, + "maxValue": 730 }, "avdSessionHostLocation": { "type": "string", @@ -84,14 +84,14 @@ "avdIdentityServiceProvider": { "type": "string", "defaultValue": "ADDS", + "metadata": { + "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" + }, "allowedValues": [ "ADDS", "AADDS", "AAD" - ], - "metadata": { - "description": "Required, The service providing domain services for Azure Virtual Desktop. (Default: ADDS)" - } + ] }, "createIntuneEnrollment": { "type": "bool", @@ -100,27 +100,31 @@ "description": "Required, Eronll session hosts on Intune. (Default: false)" } }, - "avdApplicationGroupIdentitiesIds": { - "type": "array", - "defaultValue": [], + "securityPrincipalId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional, Identity ID to grant RBAC role to access AVD application group and NTFS permissions. (Default: \"\")" + } + }, + "securityPrincipalName": { + "type": "string", + "defaultValue": "", "metadata": { - "description": "Optional, Identity ID array to grant RBAC role to access AVD application group. (Default: \"\")" + "description": "Optional, Identity name to grant RBAC role to access AVD application group and NTFS permissions. (Default: \"\")" } }, "avdApplicationGroupIdentityType": { "type": "string", "defaultValue": "Group", + "metadata": { + "description": "Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)" + }, "allowedValues": [ "Group", "ServicePrincipal", "User" - ], - "metadata": { - "description": "Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)" - } - }, - "securityPrincipalNames": { - "type": "string" + ] }, "avdIdentityDomainName": { "type": "string", @@ -129,7 +133,11 @@ } }, "netBios": { - "type": "string" + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Netbios name, will be used to set NTFS file share permissions. (Default: \"\")" + } }, "identityDomainGuid": { "type": "string", @@ -162,13 +170,13 @@ "avdHostPoolType": { "type": "string", "defaultValue": "Pooled", + "metadata": { + "description": "AVD host pool type. (Default: Pooled)" + }, "allowedValues": [ "Personal", "Pooled" - ], - "metadata": { - "description": "AVD host pool type. (Default: Pooled)" - } + ] }, "hostPoolPreferredAppGroupType": { "type": "string", @@ -184,24 +192,24 @@ "avdPersonalAssignType": { "type": "string", "defaultValue": "Automatic", + "metadata": { + "description": "AVD host pool type. (Default: Automatic)" + }, "allowedValues": [ "Automatic", "Direct" - ], - "metadata": { - "description": "AVD host pool type. (Default: Automatic)" - } + ] }, "avdHostPoolLoadBalancerType": { "type": "string", "defaultValue": "BreadthFirst", + "metadata": { + "description": "AVD host pool load balacing type. (Default: BreadthFirst)" + }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ], - "metadata": { - "description": "AVD host pool load balacing type. (Default: BreadthFirst)" - } + ] }, "avhHostPoolMaxSessions": { "type": "int", @@ -332,13 +340,13 @@ "fslogixStorageSolution": { "type": "string", "defaultValue": "AzureStorageAccount", + "metadata": { + "description": "Fslogix Storage Solution. Default is Azure Storage Account." + }, "allowedValues": [ "AzureStorageAccount", "AzureNetappFiles" - ], - "metadata": { - "description": "Fslogix Storage Solution. Default is Azure Storage Account." - } + ] }, "createMsixDeployment": { "type": "bool", @@ -350,13 +358,13 @@ "appAttachStorageSolution": { "type": "string", "defaultValue": "AzureStorageAccount", + "metadata": { + "description": "App attach Storage Solution. Default is Azure Storage Account." + }, "allowedValues": [ "AzureStorageAccount", "AzureNetappFiles" - ], - "metadata": { - "description": "App attach Storage Solution. Default is Azure Storage Account." - } + ] }, "fslogixFileShareQuotaSize": { "type": "int", @@ -375,13 +383,13 @@ "kerberosEncryption": { "type": "string", "defaultValue": "AES256", + "metadata": { + "description": "Kerberos Encryption. Default is AES256." + }, "allowedValues": [ "AES256", "RC4" - ], - "metadata": { - "description": "Kerberos Encryption. Default is AES256." - } + ] }, "avdDeploySessionHosts": { "type": "bool", @@ -435,11 +443,11 @@ "avdDeploySessionHostsCount": { "type": "int", "defaultValue": 1, - "minValue": 1, - "maxValue": 100, "metadata": { "description": "Quantity of session hosts to deploy. (Default: 1)" - } + }, + "maxValue": 100, + "minValue": 1 }, "avdSessionHostCountIndex": { "type": "int", @@ -479,24 +487,24 @@ "fslogixStoragePerformance": { "type": "string", "defaultValue": "Premium", + "metadata": { + "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" + }, "allowedValues": [ "Standard", "Premium" - ], - "metadata": { - "description": "Storage account SKU for FSLogix storage. Recommended tier is Premium (Default: Premium)" - } + ] }, "msixStoragePerformance": { "type": "string", "defaultValue": "Premium", + "metadata": { + "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" + }, "allowedValues": [ "Standard", "Premium" - ], - "metadata": { - "description": "Storage account SKU for MSIX storage. Recommended tier is Premium. (Default: Premium)" - } + ] }, "diskZeroTrust": { "type": "bool", @@ -529,14 +537,14 @@ "securityType": { "type": "string", "defaultValue": "TrustedLaunch", + "metadata": { + "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" + }, "allowedValues": [ "Standard", "TrustedLaunch", "ConfidentialVM" - ], - "metadata": { - "description": "Specifies the securityType of the virtual machine. \"ConfidentialVM\" and \"TrustedLaunch\" require a Gen2 Image. (Default: TrustedLaunch)" - } + ] }, "secureBootEnabled": { "type": "bool", @@ -555,6 +563,9 @@ "avdOsImage": { "type": "string", "defaultValue": "win11_22h2", + "metadata": { + "description": "AVD OS image SKU. (Default: win11-21h2)" + }, "allowedValues": [ "win10_21h2", "win10_21h2_office", @@ -564,10 +575,7 @@ "win11_21h2_office", "win11_22h2", "win11_22h2_office" - ], - "metadata": { - "description": "AVD OS image SKU. (Default: win11-21h2)" - } + ] }, "managementVmOsImage": { "type": "string", @@ -597,13 +605,6 @@ "description": "OU name for Azure Storage Account. It is recommended to create a new AD Organizational Unit (OU) in AD and disable password expiration policy on computer accounts or service logon accounts accordingly. (Default: \"\")" } }, - "createOuForStorage": { - "type": "bool", - "defaultValue": false, - "metadata": { - "description": "If OU for Azure Storage needs to be created - set to true and ensure the domain join credentials have priviledge to create OU and create computer objects or join to domain. (Default: false)" - } - }, "avdUseCustomNaming": { "type": "bool", "defaultValue": false, @@ -614,194 +615,194 @@ "avdServiceObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-service-objects", - "maxLength": 90, "metadata": { "description": "AVD service resources resource group custom name. (Default: rg-avd-app1-dev-use2-service-objects)" - } + }, + "maxLength": 90 }, "avdNetworkObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-network", - "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-network)" - } + }, + "maxLength": 90 }, "avdComputeObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-pool-compute", - "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-pool-compute)" - } + }, + "maxLength": 90 }, "avdStorageObjectsRgCustomName": { "type": "string", "defaultValue": "rg-avd-app1-dev-use2-storage", - "maxLength": 90, "metadata": { "description": "AVD network resources resource group custom name. (Default: rg-avd-app1-dev-use2-storage)" - } + }, + "maxLength": 90 }, "avdMonitoringRgCustomName": { "type": "string", "defaultValue": "rg-avd-dev-use2-monitoring", - "maxLength": 90, "metadata": { "description": "AVD monitoring resource group custom name. (Default: rg-avd-dev-use2-monitoring)" - } + }, + "maxLength": 90 }, "avdVnetworkCustomName": { "type": "string", "defaultValue": "vnet-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD virtual network custom name. (Default: vnet-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdAlaWorkspaceCustomName": { "type": "string", "defaultValue": "log-avd-app1-dev-use2", - "maxLength": 64, "metadata": { "description": "AVD Azure log analytics workspace custom name. (Default: log-avd-app1-dev-use2)" - } + }, + "maxLength": 64 }, "avdVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-avd-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "AVD virtual network subnet custom name. (Default: snet-avd-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "privateEndpointVnetworkSubnetCustomName": { "type": "string", "defaultValue": "snet-pe-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "private endpoints virtual network subnet custom name. (Default: snet-pe-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "avdNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-avd-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "AVD network security group custom name. (Default: nsg-avd-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "privateEndpointNetworksecurityGroupCustomName": { "type": "string", "defaultValue": "nsg-pe-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "Private endpoint network security group custom name. (Default: nsg-pe-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "avdRouteTableCustomName": { "type": "string", "defaultValue": "route-avd-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "AVD route table custom name. (Default: route-avd-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "privateEndpointRouteTableCustomName": { "type": "string", "defaultValue": "route-pe-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "Private endpoint route table custom name. (Default: route-avd-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "avdApplicationSecurityGroupCustomName": { "type": "string", "defaultValue": "asg-app1-dev-use2-001", - "maxLength": 80, "metadata": { "description": "AVD application security custom name. (Default: asg-app1-dev-use2-001)" - } + }, + "maxLength": 80 }, "avdWorkSpaceCustomName": { "type": "string", "defaultValue": "vdws-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD workspace custom name. (Default: vdws-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdWorkSpaceCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", - "maxLength": 64, "metadata": { "description": "AVD workspace custom friendly (Display) name. (Default: App1 - Dev - East US 2 - 001)" - } + }, + "maxLength": 64 }, "avdHostPoolCustomName": { "type": "string", "defaultValue": "vdpool-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD host pool custom name. (Default: vdpool-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdHostPoolCustomFriendlyName": { "type": "string", "defaultValue": "App1 - Dev - East US 2 - 001", - "maxLength": 64, "metadata": { "description": "AVD host pool custom friendly (Display) name. (Default: App1 - East US - Dev - 001)" - } + }, + "maxLength": 64 }, "avdScalingPlanCustomName": { "type": "string", "defaultValue": "vdscaling-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD scaling plan custom name. (Default: vdscaling-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdApplicationGroupCustomName": { "type": "string", "defaultValue": "vdag-desktop-app1-dev-use2-001", - "maxLength": 64, "metadata": { "description": "AVD desktop application group custom name. (Default: vdag-desktop-app1-dev-use2-001)" - } + }, + "maxLength": 64 }, "avdApplicationGroupCustomFriendlyName": { "type": "string", "defaultValue": "Desktops - App1 - Dev - East US 2 - 001", - "maxLength": 64, "metadata": { "description": "AVD desktop application group custom friendly (Display) name. (Default: Desktops - App1 - East US - Dev - 001)" - } + }, + "maxLength": 64 }, "avdSessionHostCustomNamePrefix": { "type": "string", "defaultValue": "vmapp1duse2", - "maxLength": 11, "metadata": { "description": "AVD session host prefix custom name. (Default: vmapp1duse2)" - } + }, + "maxLength": 11 }, "avsetCustomNamePrefix": { "type": "string", "defaultValue": "avail", - "maxLength": 9, "metadata": { "description": "AVD availability set custom name. (Default: avail)" - } + }, + "maxLength": 9 }, "storageAccountPrefixCustomName": { "type": "string", "defaultValue": "st", - "maxLength": 2, "metadata": { "description": "AVD FSLogix and MSIX app attach storage account prefix custom name. (Default: st)" - } + }, + "maxLength": 2 }, "fslogixFileShareCustomName": { "type": "string", @@ -820,34 +821,34 @@ "avdWrklKvPrefixCustomName": { "type": "string", "defaultValue": "kv", - "maxLength": 5, "metadata": { - "description": "AVD keyvault prefix custom name. (Default: kv)" - } + "description": "AVD keyvault prefix custom name (with Zero Trust to store credentials to domain join and local admin). (Default: kv)" + }, + "maxLength": 5 }, "ztDiskEncryptionSetCustomNamePrefix": { "type": "string", "defaultValue": "des-zt", - "maxLength": 6, "metadata": { "description": "AVD disk encryption set custom name. (Default: des-zt)" - } + }, + "maxLength": 6 }, "ztManagedIdentityCustomName": { "type": "string", "defaultValue": "id-zt", - "maxLength": 5, "metadata": { "description": "AVD managed identity for zero trust to encrypt managed disks using a customer managed key. (Default: id-zt)" - } + }, + "maxLength": 5 }, "ztKvPrefixCustomName": { "type": "string", - "defaultValue": "kv-zt", - "maxLength": 5, + "defaultValue": "kv-key", "metadata": { - "description": "AVD key vault name custom name for zero trust (Default: kv-zt)" - } + "description": "AVD key vault custom name for zero trust and store store disk encryption key (Default: kv-key)" + }, + "maxLength": 6 }, "createResourceTags": { "type": "bool", @@ -866,29 +867,29 @@ "workloadTypeTag": { "type": "string", "defaultValue": "Light", + "metadata": { + "description": "Reference to the size of the VM for your workloads (Default: Light)" + }, "allowedValues": [ "Light", "Medium", "High", "Power" - ], - "metadata": { - "description": "Reference to the size of the VM for your workloads (Default: Light)" - } + ] }, "dataClassificationTag": { "type": "string", "defaultValue": "Non-business", + "metadata": { + "description": "Sensitivity of data hosted (Default: Non-business)" + }, "allowedValues": [ "Non-business", "Public", "General", "Confidential", "Highly-confidential" - ], - "metadata": { - "description": "Sensitivity of data hosted (Default: Non-business)" - } + ] }, "departmentTag": { "type": "string", @@ -900,16 +901,16 @@ "workloadCriticalityTag": { "type": "string", "defaultValue": "Low", + "metadata": { + "description": "Criticality of the workload. (Default: Low)" + }, "allowedValues": [ "Low", "Medium", "High", "Mission-critical", "Custom" - ], - "metadata": { - "description": "Criticality of the workload. (Default: Low)" - } + ] }, "workloadCriticalityCustomValueTag": { "type": "string", @@ -1282,7 +1283,7 @@ "varScalingPlanExclusionTag": "[format('exclude-{0}', variables('varScalingPlanName'))]", "varScalingPlanWeekdaysScheduleName": "[format('Weekdays-{0}', variables('varManagementPlaneNamingStandard'))]", "varScalingPlanWeekendScheduleName": "[format('Weekend-{0}', variables('varManagementPlaneNamingStandard'))]", - "varWrklKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('avdWrklKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), format('kv-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')))]", + "varWrklKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('avdWrklKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), if(parameters('diskZeroTrust'), format('kv-sec-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), format('kv-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar'))))]", "varWrklKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varWrklKvName'))]", "varSessionHostNamePrefix": "[if(parameters('avdUseCustomNaming'), parameters('avdSessionHostCustomNamePrefix'), format('vm{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varSessionHostLocationAcronym')))]", "varAvsetNamePrefix": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}', parameters('avsetCustomNamePrefix'), variables('varComputeStorageResourcesNamingStandard')), format('avail-{0}', variables('varComputeStorageResourcesNamingStandard')))]", @@ -1294,11 +1295,11 @@ "varMsixStorageName": "[if(parameters('avdUseCustomNaming'), format('{0}msx{1}{2}{3}', parameters('storageAccountPrefixCustomName'), variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')), format('stmsx{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varNamingUniqueStringThreeChar')))]", "varManagementVmName": "[format('vmmgmt{0}{1}{2}', variables('varDeploymentPrefixLowercase'), variables('varDeploymentEnvironmentComputeStorage'), variables('varSessionHostLocationAcronym'))]", "varAlaWorkspaceName": "[if(parameters('avdUseCustomNaming'), parameters('avdAlaWorkspaceCustomName'), format('log-avd-{0}-{1}', variables('varDeploymentEnvironmentLowercase'), variables('varManagementPlaneLocationAcronym')))]", - "varZtKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('ztKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), format('kv-zt-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')))]", + "varZtKvName": "[if(parameters('avdUseCustomNaming'), format('{0}-{1}-{2}', parameters('ztKvPrefixCustomName'), variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')), format('kv-key-{0}-{1}', variables('varComputeStorageResourcesNamingStandard'), variables('varNamingUniqueStringThreeChar')))]", "varZtKvPrivateEndpointName": "[format('pe-{0}-vault', variables('varZtKvName'))]", "varFsLogixScriptArguments": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), format('-volumeshare {0} -storageAccountName {1} -identityDomainName {2}', variables('varFslogixSharePath'), variables('varFslogixStorageName'), parameters('avdIdentityDomainName')), format('-volumeshare {0}', variables('varFslogixSharePath')))]", "varFslogixSharePath": "[format('\\\\{0}.file.{1}\\{2}', variables('varFslogixStorageName'), environment().suffixes.storage, variables('varFslogixFileShareName'))]", - "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/ntfs-setup/workload/", + "varBaseScriptUri": "https://raw.githubusercontent.com/Azure/avdaccelerator/ntfs-update/workload/", "varFslogixScriptUri": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), format('{0}scripts/Set-FSLogixRegKeysAAD.ps1', variables('varBaseScriptUri')), format('{0}scripts/Set-FSLogixRegKeys.ps1', variables('varBaseScriptUri')))]", "varFsLogixScript": "[if(equals(parameters('avdIdentityServiceProvider'), 'AAD'), './Set-FSLogixRegKeysAad.ps1', './Set-FSLogixRegKeys.ps1')]", "varAvdAgentPackageLocation": "[format('https://wvdportalstorageblob.blob.{0}/galleryartifacts/Configuration_09-08-2022.zip', environment().suffixes.storage)]", @@ -1314,11 +1315,20 @@ "varDivisionAvsetValue": "[div(parameters('avdDeploySessionHostsCount'), variables('varMaxAvsetMembersCount'))]", "varDivisionAvsetRemainderValue": "[mod(parameters('avdDeploySessionHostsCount'), variables('varMaxAvsetMembersCount'))]", "varAvsetCount": "[if(greater(variables('varDivisionAvsetRemainderValue'), 0), add(variables('varDivisionAvsetValue'), 1), variables('varDivisionAvsetValue'))]", + "varHostPoolAgentUpdateSchedule": [ + { + "dayOfWeek": "Tuesday", + "hour": 18 + }, + { + "dayOfWeek": "Friday", + "hour": 17 + } + ], "varScalingPlanSchedules": [ { "daysOfWeek": [ "Monday", - "Tuesday", "Wednesday", "Thursday", "Friday" @@ -1353,6 +1363,40 @@ "minute": 0 } }, + { + "daysOfWeek": [ + "Tuesday" + ], + "name": "[format('{0}-agent-updates', variables('varScalingPlanWeekdaysScheduleName'))]", + "offPeakLoadBalancingAlgorithm": "DepthFirst", + "offPeakStartTime": { + "hour": 20, + "minute": 0 + }, + "peakLoadBalancingAlgorithm": "DepthFirst", + "peakStartTime": { + "hour": 9, + "minute": 0 + }, + "rampDownCapacityThresholdPct": 90, + "rampDownForceLogoffUsers": true, + "rampDownLoadBalancingAlgorithm": "DepthFirst", + "rampDownMinimumHostsPct": 0, + "rampDownNotificationMessage": "You will be logged off in 30 min. Make sure to save your work.", + "rampDownStartTime": { + "hour": 19, + "minute": 0 + }, + "rampDownStopHostsWhen": "ZeroActiveSessions", + "rampDownWaitTimeMinutes": 30, + "rampUpCapacityThresholdPct": 80, + "rampUpLoadBalancingAlgorithm": "BreadthFirst", + "rampUpMinimumHostsPct": 20, + "rampUpStartTime": { + "hour": 7, + "minute": 0 + } + }, { "daysOfWeek": [ "Saturday", @@ -1463,14 +1507,10 @@ "version": "latest" } }, - "varStorageAzureFilesDscAgentPackageLocation": "https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/DSCStorageScripts.zip", - "varStorageToDomainScriptUri": "[format('{0}scripts/Manual-DSC-Storage-Scripts.ps1', variables('varBaseScriptUri'))]", - "varStorageSetupScriptUri": "[format('{0}scripts/Set-NTFSPermissions.ps1', variables('varBaseScriptUri'))]", - "varStorageToDomainScript": "./Manual-DSC-Storage-Scripts.ps1", + "varArtifactsLocation": "https://github.com/Azure/avdaccelerator/raw/ntfs-update/workload/scripts", "varOuStgPath": "[if(not(empty(parameters('storageOuPath'))), format('\"{0}\"', parameters('storageOuPath')), format('\"{0}\"', variables('varDefaultStorageOuPath')))]", "varDefaultStorageOuPath": "[if(equals(parameters('avdIdentityServiceProvider'), 'AADDS'), 'AADDC Computers', 'Computers')]", "varStorageCustomOuPath": "[if(not(empty(parameters('storageOuPath'))), 'true', 'false')]", - "varCreateOuForStorageString": "[string(parameters('createOuForStorage'))]", "varAllDnsServers": "[format('{0},168.63.129.16', parameters('customDnsIps'))]", "varDnsServers": "[if(empty(parameters('customDnsIps')), createArray(), split(variables('varAllDnsServers'), ','))]", "varCreateVnetPeering": "[if(not(empty(parameters('existingHubVnetResourceId'))), true(), false())]", @@ -1485,6 +1525,12 @@ "ServiceWorkload": "AVD", "CreationTimeUTC": "[parameters('time')]" }, + "varWorkloadKeyvaultTag": { + "Purpose": "Secrets for local admin and domain join credentials" + }, + "varZtKeyvaultTag": { + "Purpose": "Disk encryption keys for zero trust" + }, "varTelemetryId": "[format('pid-2ce4228c-d72c-43fb-bb5b-cd8f3ba2138e-{0}', parameters('avdManagementPlaneLocation'))]", "verResourceGroups": [ { @@ -1549,8 +1595,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16305048561599990873" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -1570,14 +1616,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -1658,8 +1704,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6750369994052504038" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -1672,13 +1718,13 @@ }, "level": { "type": "string", + "metadata": { + "description": "Required. Set lock level." + }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Required. Set lock level." - } + ] }, "notes": { "type": "string", @@ -1788,8 +1834,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1146156557420886689" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -2149,8 +2195,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16305048561599990873" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -2170,14 +2216,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -2258,8 +2304,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6750369994052504038" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -2272,13 +2318,13 @@ }, "level": { "type": "string", + "metadata": { + "description": "Required. Set lock level." + }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Required. Set lock level." - } + ] }, "notes": { "type": "string", @@ -2388,8 +2434,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1146156557420886689" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -2744,8 +2790,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16305048561599990873" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -2765,14 +2811,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -2853,8 +2899,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6750369994052504038" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -2867,13 +2913,13 @@ }, "level": { "type": "string", + "metadata": { + "description": "Required. Set lock level." + }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Required. Set lock level." - } + ] }, "notes": { "type": "string", @@ -2983,8 +3029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1146156557420886689" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -3357,8 +3403,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3182944092420253110" + "version": "0.17.1.54307", + "templateHash": "3035548163754880904" } }, "parameters": { @@ -3481,8 +3527,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16305048561599990873" + "version": "0.17.1.54307", + "templateHash": "16670742080494531396" } }, "parameters": { @@ -3502,14 +3548,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -3590,8 +3636,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6750369994052504038" + "version": "0.17.1.54307", + "templateHash": "6601448312481874939" } }, "parameters": { @@ -3604,13 +3650,13 @@ }, "level": { "type": "string", + "metadata": { + "description": "Required. Set lock level." + }, "allowedValues": [ "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Required. Set lock level." - } + ] }, "notes": { "type": "string", @@ -3720,8 +3766,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1146156557420886689" + "version": "0.17.1.54307", + "templateHash": "10998474410748060366" } }, "parameters": { @@ -4081,8 +4127,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1156178304169403377" + "version": "0.17.1.54307", + "templateHash": "9723296804992458231" } }, "parameters": { @@ -4171,8 +4217,8 @@ "dataRetention": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 730, + "minValue": 0, "metadata": { "description": "Optional. Number of days data will be retained for." } @@ -4231,8 +4277,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -4275,14 +4321,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -4475,8 +4521,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13379431903908500265" + "version": "0.17.1.54307", + "templateHash": "1015616738226483875" } }, "parameters": { @@ -4619,8 +4665,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18035599797024630806" + "version": "0.17.1.54307", + "templateHash": "9976669288431551452" } }, "parameters": { @@ -4753,8 +4799,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15194527127560537713" + "version": "0.17.1.54307", + "templateHash": "3402933947779868845" } }, "parameters": { @@ -4888,8 +4934,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14867461711977977980" + "version": "0.17.1.54307", + "templateHash": "12988075953101096314" } }, "parameters": { @@ -5060,15 +5106,15 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1856549003153181310" + "version": "0.17.1.54307", + "templateHash": "3289166297924789550" } }, "parameters": { "name": { "type": "string", - "minLength": 4, "maxLength": 63, + "minLength": 4, "metadata": { "description": "Required. The data export rule name." } @@ -5207,8 +5253,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3069063252346343891" + "version": "0.17.1.54307", + "templateHash": "18044483929875331860" } }, "parameters": { @@ -5434,8 +5480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15607599815412583880" + "version": "0.17.1.54307", + "templateHash": "1145398762062008037" } }, "parameters": { @@ -5479,8 +5525,8 @@ "retentionInDays": { "type": "int", "defaultValue": -1, - "minValue": -1, "maxValue": 730, + "minValue": -1, "metadata": { "description": "Optional. The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention." } @@ -5502,8 +5548,8 @@ "totalRetentionInDays": { "type": "int", "defaultValue": -1, - "minValue": -1, "maxValue": 2555, + "minValue": -1, "metadata": { "description": "Optional. The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention." } @@ -5603,8 +5649,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15387093705469323985" + "version": "0.17.1.54307", + "templateHash": "15503229472224280826" } }, "parameters": { @@ -5754,8 +5800,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3735355062180278453" + "version": "0.17.1.54307", + "templateHash": "7352784420507326330" } }, "parameters": { @@ -5968,8 +6014,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8145106657487286483" + "version": "0.17.1.54307", + "templateHash": "6119857452463366145" } }, "parameters": { @@ -6110,14 +6156,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -6277,8 +6323,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13887797196136912022" + "version": "0.17.1.54307", + "templateHash": "16579532157576436548" } }, "parameters": { @@ -6609,8 +6655,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12317712979554879023" + "version": "0.17.1.54307", + "templateHash": "5657647834665443119" } }, "parameters": { @@ -6792,8 +6838,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1777331299932618478" + "version": "0.17.1.54307", + "templateHash": "5539435599928560626" } }, "parameters": { @@ -6971,8 +7017,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14228229460676709073" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -7240,8 +7286,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4137783479866222342" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { @@ -7321,8 +7367,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17066253197438681775" + "version": "0.17.1.54307", + "templateHash": "7759814680098607558" } }, "parameters": { @@ -7793,8 +7839,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3069063252346343891" + "version": "0.17.1.54307", + "templateHash": "18044483929875331860" } }, "parameters": { @@ -8026,8 +8072,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3069063252346343891" + "version": "0.17.1.54307", + "templateHash": "18044483929875331860" } }, "parameters": { @@ -8342,8 +8388,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18066116683157093728" + "version": "0.17.1.54307", + "templateHash": "16941034630457330238" } }, "parameters": { @@ -8693,8 +8739,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13355924704185671618" + "version": "0.17.1.54307", + "templateHash": "8833698864456650616" } }, "parameters": { @@ -8735,8 +8781,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -8765,14 +8811,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -8970,8 +9016,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "369614872700794013" + "version": "0.17.1.54307", + "templateHash": "2452007385443009245" } }, "parameters": { @@ -9215,8 +9261,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8259083650687909209" + "version": "0.17.1.54307", + "templateHash": "175852501961116138" } }, "parameters": { @@ -9433,8 +9479,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13355924704185671618" + "version": "0.17.1.54307", + "templateHash": "8833698864456650616" } }, "parameters": { @@ -9475,8 +9521,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -9505,14 +9551,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -9710,8 +9756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "369614872700794013" + "version": "0.17.1.54307", + "templateHash": "2452007385443009245" } }, "parameters": { @@ -9955,8 +10001,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8259083650687909209" + "version": "0.17.1.54307", + "templateHash": "175852501961116138" } }, "parameters": { @@ -10161,8 +10207,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16972778608528683628" + "version": "0.17.1.54307", + "templateHash": "4126277245845030634" } }, "parameters": { @@ -10182,14 +10228,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -10284,8 +10330,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4152038459218204517" + "version": "0.17.1.54307", + "templateHash": "9764104744913843180" } }, "parameters": { @@ -10491,8 +10537,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18134341385828267149" + "version": "0.17.1.54307", + "templateHash": "3459157471784143501" } }, "parameters": { @@ -10526,14 +10572,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -10631,8 +10677,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15918129007023123856" + "version": "0.17.1.54307", + "templateHash": "17826830289819287737" } }, "parameters": { @@ -10840,8 +10886,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18134341385828267149" + "version": "0.17.1.54307", + "templateHash": "3459157471784143501" } }, "parameters": { @@ -10875,14 +10921,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -10980,8 +11026,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15918129007023123856" + "version": "0.17.1.54307", + "templateHash": "17826830289819287737" } }, "parameters": { @@ -11206,8 +11252,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3501235843806909866" + "version": "0.17.1.54307", + "templateHash": "10811539921072000941" } }, "parameters": { @@ -11268,27 +11314,27 @@ "vnetEncryptionEnforcement": { "type": "string", "defaultValue": "AllowUnencrypted", + "metadata": { + "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." + }, "allowedValues": [ "AllowUnencrypted", "DropUnencrypted" - ], - "metadata": { - "description": "Optional. If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled." - } + ] }, "flowTimeoutInMinutes": { "type": "int", "defaultValue": 0, - "maxValue": 30, "metadata": { "description": "Optional. The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null." - } + }, + "maxValue": 30 }, "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -11324,14 +11370,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -11557,8 +11603,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4385347612687619252" + "version": "0.17.1.54307", + "templateHash": "12913964363513527115" } }, "parameters": { @@ -11750,8 +11796,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15642916335871461785" + "version": "0.17.1.54307", + "templateHash": "1508597549221173835" } }, "parameters": { @@ -11973,8 +12019,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4623538711374397842" + "version": "0.17.1.54307", + "templateHash": "12896423701864490964" } }, "parameters": { @@ -12139,8 +12185,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4623538711374397842" + "version": "0.17.1.54307", + "templateHash": "12896423701864490964" } }, "parameters": { @@ -12300,8 +12346,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "826837070159019998" + "version": "0.17.1.54307", + "templateHash": "7449417204208520653" } }, "parameters": { @@ -12537,8 +12583,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "903283518806229825" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12625,8 +12671,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "903283518806229825" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12713,8 +12759,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "903283518806229825" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12801,8 +12847,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "903283518806229825" + "version": "0.17.1.54307", + "templateHash": "9421903776734870810" } }, "parameters": { @@ -12965,8 +13011,8 @@ "identityServiceProvider": { "value": "[parameters('avdIdentityServiceProvider')]" }, - "applicationGroupIdentitiesIds": { - "value": "[parameters('avdApplicationGroupIdentitiesIds')]" + "securityPrincipalIds": { + "value": "[array(parameters('securityPrincipalId'))]" }, "applicationGroupIdentityType": { "value": "[parameters('avdApplicationGroupIdentityType')]" @@ -12975,6 +13021,9 @@ "alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]", "diagnosticLogsRetentionInDays": { "value": "[parameters('avdAlaWorkspaceDataRetention')]" + }, + "hostPoolAgentUpdateSchedule": { + "value": "[variables('varHostPoolAgentUpdateSchedule')]" } }, "template": { @@ -12983,8 +13032,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8064453292228188216" + "version": "0.17.1.54307", + "templateHash": "7331727637146687342" } }, "parameters": { @@ -13012,7 +13061,7 @@ "description": "The service providing domain services for Azure Virtual Desktop." } }, - "applicationGroupIdentitiesIds": { + "securityPrincipalIds": { "type": "array", "metadata": { "description": "Identity ID to grant RBAC role to access AVD application group." @@ -13098,13 +13147,13 @@ }, "hostPoolType": { "type": "string", + "metadata": { + "description": "Optional. AVD host pool type." + }, "allowedValues": [ "Personal", "Pooled" - ], - "metadata": { - "description": "Optional. AVD host pool type." - } + ] }, "preferredAppGroupType": { "type": "string", @@ -13120,23 +13169,23 @@ }, "personalAssignType": { "type": "string", + "metadata": { + "description": "Optional. AVD host pool type." + }, "allowedValues": [ "Automatic", "Direct" - ], - "metadata": { - "description": "Optional. AVD host pool type." - } + ] }, "hostPoolLoadBalancerType": { "type": "string", + "metadata": { + "description": "AVD host pool load balacing type." + }, "allowedValues": [ "BreadthFirst", "DepthFirst" - ], - "metadata": { - "description": "AVD host pool load balacing type." - } + ] }, "hostPoolMaxSessions": { "type": "int", @@ -13150,6 +13199,12 @@ "description": "Optional. AVD host pool start VM on Connect." } }, + "hostPoolAgentUpdateSchedule": { + "type": "array", + "metadata": { + "description": "Optional. AVD host pool start VM on Connect." + } + }, "tags": { "type": "object", "metadata": { @@ -13263,9 +13318,7 @@ "diagnosticLogCategoriesToEnable": { "value": "[variables('varHostPoolDiagnostic')]" }, - "agentUpdate": { - "value": {} - } + "agentUpdate": "[if(not(empty(parameters('hostPoolAgentUpdateSchedule'))), createObject('value', createObject('maintenanceWindows', parameters('hostPoolAgentUpdateSchedule'), 'maintenanceWindowTimeZone', parameters('computeTimeZone'), 'type', 'Scheduled', 'useSessionHostLocalTime', true())), createObject('value', createObject()))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -13273,8 +13326,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10470857386601832257" + "version": "0.17.1.54307", + "templateHash": "8991300973535712331" } }, "parameters": { @@ -13386,8 +13439,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -13423,14 +13476,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -13605,6 +13658,7 @@ "registrationTokenOperation": "Update" }, "vmTemplate": "[if(not(empty(parameters('vmTemplate'))), null(), string(parameters('vmTemplate')))]", + "agentUpdate": "[parameters('agentUpdate')]", "ring": "[if(not(equals(parameters('ring'), -1)), parameters('ring'), null())]", "ssoadfsAuthority": "[parameters('ssoadfsAuthority')]", "ssoClientId": "[parameters('ssoClientId')]", @@ -13677,8 +13731,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15758203474913146406" + "version": "0.17.1.54307", + "templateHash": "2314964423044495570" } }, "parameters": { @@ -13881,7 +13935,7 @@ "value": "[parameters('tags')]" }, "applications": "[if(equals(variables('varApplicaitonGroups')[copyIndex()].applicationGroupType, 'RemoteApp'), createObject('value', variables('varRAppApplicationGroupsApps')), createObject('value', createArray()))]", - "roleAssignments": "[if(not(empty(parameters('applicationGroupIdentitiesIds'))), createObject('value', createArray(createObject('roleDefinitionIdOrName', 'Desktop Virtualization User', 'principalIds', parameters('applicationGroupIdentitiesIds'), 'principalType', parameters('applicationGroupIdentityType')))), createObject('value', createArray()))]", + "roleAssignments": "[if(not(empty(parameters('securityPrincipalIds'))), createObject('value', createArray(createObject('roleDefinitionIdOrName', 'Desktop Virtualization User', 'principalIds', parameters('securityPrincipalIds'), 'principalType', parameters('applicationGroupIdentityType')))), createObject('value', createArray()))]", "diagnosticWorkspaceId": { "value": "[parameters('alaWorkspaceResourceId')]" }, @@ -13898,8 +13952,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2171521487477022833" + "version": "0.17.1.54307", + "templateHash": "16831976717101820384" } }, "parameters": { @@ -13957,8 +14011,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -13994,14 +14048,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -14164,8 +14218,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11635969849932067949" + "version": "0.17.1.54307", + "templateHash": "7203259033747042619" } }, "parameters": { @@ -14203,14 +14257,14 @@ "commandLineSetting": { "type": "string", "defaultValue": "DoNotAllow", + "metadata": { + "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." + }, "allowedValues": [ "Allow", "DoNotAllow", "Require" - ], - "metadata": { - "description": "Optional. Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all." - } + ] }, "commandLineArguments": { "type": "string", @@ -14342,8 +14396,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9771114878684828045" + "version": "0.17.1.54307", + "templateHash": "1752140700494840741" } }, "parameters": { @@ -14552,8 +14606,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2822002657983746088" + "version": "0.17.1.54307", + "templateHash": "8658432020113435364" } }, "parameters": { @@ -14594,8 +14648,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -14631,14 +14685,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -14794,8 +14848,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12071774351316031070" + "version": "0.17.1.54307", + "templateHash": "6421047844253253523" } }, "parameters": { @@ -15018,8 +15072,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17977254391325929741" + "version": "0.17.1.54307", + "templateHash": "10268638408600238996" } }, "parameters": { @@ -15061,12 +15115,12 @@ "hostPoolType": { "type": "string", "defaultValue": "Pooled", - "allowedValues": [ - "Pooled" - ], "metadata": { "description": "Optional. The type of hostpool where this scaling plan should be applied." - } + }, + "allowedValues": [ + "Pooled" + ] }, "exclusionTag": { "type": "string", @@ -15138,8 +15192,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -15299,8 +15353,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5284850760210698082" + "version": "0.17.1.54307", + "templateHash": "12892308842611713996" } }, "parameters": { @@ -15525,8 +15579,8 @@ "createStorageDeployment": { "value": "[variables('varCreateStorageDeployment')]" }, - "appGroupIdentitiesIds": { - "value": "[parameters('avdApplicationGroupIdentitiesIds')]" + "securityPrincipalIds": { + "value": "[array(parameters('securityPrincipalId'))]" }, "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]" }, @@ -15536,8 +15590,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18318447449709080836" + "version": "0.17.1.54307", + "templateHash": "11341015817286989905" } }, "parameters": { @@ -15589,7 +15643,7 @@ "description": "Required, The service providing domain services for Azure Virtual Desktop." } }, - "appGroupIdentitiesIds": { + "securityPrincipalIds": { "type": "array", "metadata": { "description": "Required, Identity ID to grant RBAC role to access AVD application group." @@ -15717,8 +15771,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7754983815852819350" + "version": "0.17.1.54307", + "templateHash": "15136491551081535379" } }, "parameters": { @@ -15739,14 +15793,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -15840,8 +15894,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5263933546195004806" + "version": "0.17.1.54307", + "templateHash": "8490200634198428200" } }, "parameters": { @@ -16033,8 +16087,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7754983815852819350" + "version": "0.17.1.54307", + "templateHash": "15136491551081535379" } }, "parameters": { @@ -16055,14 +16109,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -16156,8 +16210,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5263933546195004806" + "version": "0.17.1.54307", + "templateHash": "8490200634198428200" } }, "parameters": { @@ -16361,8 +16415,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8145106657487286483" + "version": "0.17.1.54307", + "templateHash": "6119857452463366145" } }, "parameters": { @@ -16503,14 +16557,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -16662,8 +16716,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -17242,8 +17296,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -17820,8 +17874,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -18377,12 +18431,12 @@ { "copy": { "name": "storageSmbShareContributorRoleAssign", - "count": "[length(parameters('appGroupIdentitiesIds'))]" + "count": "[length(parameters('securityPrincipalIds'))]" }, - "condition": "[and(and(parameters('createStorageDeployment'), equals(parameters('identityServiceProvider'), 'AAD')), not(empty(parameters('appGroupIdentitiesIds'))))]", + "condition": "[and(and(parameters('createStorageDeployment'), equals(parameters('identityServiceProvider'), 'AAD')), not(empty(parameters('securityPrincipalIds'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Stora-SmbContri-RolAssign-{0}-{1}', take(format('{0}', parameters('appGroupIdentitiesIds')[copyIndex()]), 6), parameters('time'))]", + "name": "[format('Stora-SmbContri-RolAssign-{0}-{1}', take(format('{0}', parameters('securityPrincipalIds')[copyIndex()]), 6), parameters('time'))]", "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", "resourceGroup": "[format('{0}', parameters('storageObjectsRgName'))]", "properties": { @@ -18395,7 +18449,7 @@ "value": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/{1}', parameters('subscriptionId'), variables('varStorageSmbShareContributorRole').id)]" }, "principalId": { - "value": "[parameters('appGroupIdentitiesIds')[copyIndex()]]" + "value": "[parameters('securityPrincipalIds')[copyIndex()]]" } }, "template": { @@ -18404,8 +18458,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -18957,12 +19011,12 @@ { "copy": { "name": "DesktopVirtualizationVirtualMachineContributorRoleAssign", - "count": "[length(parameters('appGroupIdentitiesIds'))]" + "count": "[length(parameters('securityPrincipalIds'))]" }, - "condition": "[and(and(parameters('createStorageDeployment'), equals(parameters('identityServiceProvider'), 'AAD')), not(empty(parameters('appGroupIdentitiesIds'))))]", + "condition": "[and(and(parameters('createStorageDeployment'), equals(parameters('identityServiceProvider'), 'AAD')), not(empty(parameters('securityPrincipalIds'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('Stora-VMCont-RolAssign-{0}-{1}', take(format('{0}', parameters('appGroupIdentitiesIds')[copyIndex()]), 6), parameters('time'))]", + "name": "[format('Stora-VMCont-RolAssign-{0}-{1}', take(format('{0}', parameters('securityPrincipalIds')[copyIndex()]), 6), parameters('time'))]", "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", "properties": { @@ -18975,7 +19029,7 @@ "value": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/{1}', parameters('subscriptionId'), variables('varDesktopVirtualizationVirtualMachineContributorRole').id)]" }, "principalId": { - "value": "[parameters('appGroupIdentitiesIds')[copyIndex()]]" + "value": "[parameters('securityPrincipalIds')[copyIndex()]]" } }, "template": { @@ -18984,8 +19038,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -19537,12 +19591,12 @@ { "copy": { "name": "aadIdentityLoginRoleAssign", - "count": "[length(parameters('appGroupIdentitiesIds'))]" + "count": "[length(parameters('securityPrincipalIds'))]" }, - "condition": "[and(equals(parameters('identityServiceProvider'), 'AAD'), not(empty(parameters('appGroupIdentitiesIds'))))]", + "condition": "[and(equals(parameters('identityServiceProvider'), 'AAD'), not(empty(parameters('securityPrincipalIds'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('VM-Login-Comp-{0}-{1}', take(format('{0}', parameters('appGroupIdentitiesIds')[copyIndex()]), 6), parameters('time'))]", + "name": "[format('VM-Login-Comp-{0}-{1}', take(format('{0}', parameters('securityPrincipalIds')[copyIndex()]), 6), parameters('time'))]", "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", "resourceGroup": "[format('{0}', parameters('computeObjectsRgName'))]", "properties": { @@ -19555,7 +19609,7 @@ "value": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/{1}', parameters('subscriptionId'), variables('varVirtualMachineUserLoginRole').id)]" }, "principalId": { - "value": "[parameters('appGroupIdentitiesIds')[copyIndex()]]" + "value": "[parameters('securityPrincipalIds')[copyIndex()]]" } }, "template": { @@ -19564,8 +19618,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -20117,12 +20171,12 @@ { "copy": { "name": "aadIdentityLoginAccessServiceObjects", - "count": "[length(parameters('appGroupIdentitiesIds'))]" + "count": "[length(parameters('securityPrincipalIds'))]" }, - "condition": "[and(equals(parameters('identityServiceProvider'), 'AAD'), not(empty(parameters('appGroupIdentitiesIds'))))]", + "condition": "[and(equals(parameters('identityServiceProvider'), 'AAD'), not(empty(parameters('securityPrincipalIds'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('VM-Login-Serv-{0}-{1}', take(format('{0}', parameters('appGroupIdentitiesIds')[copyIndex()]), 6), parameters('time'))]", + "name": "[format('VM-Login-Serv-{0}-{1}', take(format('{0}', parameters('securityPrincipalIds')[copyIndex()]), 6), parameters('time'))]", "subscriptionId": "[format('{0}', parameters('subscriptionId'))]", "resourceGroup": "[format('{0}', parameters('serviceObjectsRgName'))]", "properties": { @@ -20135,7 +20189,7 @@ "value": "[format('/subscriptions/{0}/providers/Microsoft.Authorization/roleDefinitions/{1}', parameters('subscriptionId'), variables('varVirtualMachineUserLoginRole').id)]" }, "principalId": { - "value": "[parameters('appGroupIdentitiesIds')[copyIndex()]]" + "value": "[parameters('securityPrincipalIds')[copyIndex()]]" } }, "template": { @@ -20144,8 +20198,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -20718,8 +20772,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -21350,7 +21404,10 @@ "value": "[parameters('deployPrivateEndpointKeyvaultStorage')]" }, "keyVaultprivateDNSResourceId": "[if(parameters('createPrivateDnsZones'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Networking-{0}', parameters('time'))), '2022-09-01').outputs.KeyVaultDnsZoneResourceId.value), createObject('value', parameters('avdVnetPrivateDnsZoneKeyvaultId')))]", - "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]" + "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]", + "kvTags": { + "value": "[variables('varZtKeyvaultTag')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", @@ -21358,8 +21415,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "132995777022452151" + "version": "0.17.1.54307", + "templateHash": "17889562964122918259" } }, "parameters": { @@ -21435,6 +21492,12 @@ "description": "Tags to be applied to resources" } }, + "kvTags": { + "type": "object", + "metadata": { + "description": "Tags to be added to key vault" + } + }, "diskEncryptionSetName": { "type": "string", "metadata": { @@ -21519,8 +21582,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12317712979554879023" + "version": "0.17.1.54307", + "templateHash": "5657647834665443119" } }, "parameters": { @@ -21708,8 +21771,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14228229460676709073" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -21978,8 +22041,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4137783479866222342" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { @@ -22072,8 +22135,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14228229460676709073" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -22342,8 +22405,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4137783479866222342" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { @@ -22412,8 +22475,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -22996,8 +23059,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -23577,8 +23640,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7754983815852819350" + "version": "0.17.1.54307", + "templateHash": "15136491551081535379" } }, "parameters": { @@ -23599,14 +23662,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -23700,8 +23763,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5263933546195004806" + "version": "0.17.1.54307", + "templateHash": "8490200634198428200" } }, "parameters": { @@ -23904,8 +23967,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8145106657487286483" + "version": "0.17.1.54307", + "templateHash": "6119857452463366145" } }, "parameters": { @@ -24046,14 +24109,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -24201,8 +24264,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17317977123822737513" + "version": "0.17.1.54307", + "templateHash": "10569201387143117913" } }, "parameters": { @@ -24802,7 +24865,7 @@ }, "ztManagedIdentityResourceId": "[if(parameters('diskZeroTrust'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('subscriptionId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.Resources/deployments', format('ZT-Managed-ID-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', ''))]", "tags": { - "value": "[parameters('tags')]" + "value": "[union(parameters('tags'), parameters('kvTags'))]" } }, "template": { @@ -24811,8 +24874,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4320117328434371279" + "version": "0.17.1.54307", + "templateHash": "14254441080044712526" } }, "parameters": { @@ -24952,8 +25015,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12710254814965349908" + "version": "0.17.1.54307", + "templateHash": "13715192960596594863" } }, "parameters": { @@ -25081,8 +25144,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -25118,14 +25181,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -25330,8 +25393,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6740418827739952012" + "version": "0.17.1.54307", + "templateHash": "6036891804343016093" } }, "parameters": { @@ -25462,8 +25525,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1740953456073265015" + "version": "0.17.1.54307", + "templateHash": "8593614529812859648" } }, "parameters": { @@ -25599,8 +25662,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15814620610091788537" + "version": "0.17.1.54307", + "templateHash": "7411396567157179257" } }, "parameters": { @@ -25794,8 +25857,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "161566500283768812" + "version": "0.17.1.54307", + "templateHash": "1124355010779190486" } }, "parameters": { @@ -25977,8 +26040,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8510219443070850278" + "version": "0.17.1.54307", + "templateHash": "7260777690340402293" } }, "parameters": { @@ -26180,8 +26243,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14559775667395480629" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -26247,14 +26310,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -26377,8 +26440,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10817246518679375966" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -26390,8 +26453,8 @@ }, "privateDNSResourceIds": { "type": "array", - "minLength": 1, "maxLength": 5, + "minLength": 1, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -26512,8 +26575,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -26726,8 +26789,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12411629325302614699" + "version": "0.17.1.54307", + "templateHash": "2925986724999389514" } }, "parameters": { @@ -26957,8 +27020,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "161566500283768812" + "version": "0.17.1.54307", + "templateHash": "1124355010779190486" } }, "parameters": { @@ -27140,8 +27203,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8510219443070850278" + "version": "0.17.1.54307", + "templateHash": "7260777690340402293" } }, "parameters": { @@ -27343,8 +27406,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15837328238442399759" + "version": "0.17.1.54307", + "templateHash": "9857842888967195839" } }, "parameters": { @@ -27371,14 +27434,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "keyVaultResourceId": { "type": "string", @@ -27554,8 +27617,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17435508871327946334" + "version": "0.17.1.54307", + "templateHash": "2377303483140510674" } }, "parameters": { @@ -27630,8 +27693,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7222366309271203422" + "version": "0.17.1.54307", + "templateHash": "1764649882380429233" } }, "parameters": { @@ -27702,8 +27765,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6740418827739952012" + "version": "0.17.1.54307", + "templateHash": "6036891804343016093" } }, "parameters": { @@ -27833,8 +27896,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13165233376501361165" + "version": "0.17.1.54307", + "templateHash": "205693325076049461" } }, "parameters": { @@ -28093,7 +28156,7 @@ "secureList": "[if(not(equals(parameters('avdIdentityServiceProvider'), 'AAD')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', parameters('avdDomainJoinUserName'), 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', parameters('avdDomainJoinUserPassword'), 'contentType', 'Domain join credentials')), createArray(createObject('name', 'vmLocalUserPassword', 'value', parameters('avdVmLocalUserPassword'), 'contentType', 'Session host local user credentials'), createObject('name', 'vmLocalUserName', 'value', parameters('avdVmLocalUserName'), 'contentType', 'Session host local user credentials'), createObject('name', 'domainJoinUserName', 'value', 'AAD-Joined-Deployment-No-Domain-Credentials', 'contentType', 'Domain join credentials'), createObject('name', 'domainJoinUserPassword', 'value', 'AAD-Joined-Deployment-No-Domain-Credentials', 'contentType', 'Domain join credentials')))]" } }, - "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]" + "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))), createObject('value', union(variables('varAvdDefaultTags'), variables('varWorkloadKeyvaultTag'))))]" }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -28101,8 +28164,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12710254814965349908" + "version": "0.17.1.54307", + "templateHash": "13715192960596594863" } }, "parameters": { @@ -28230,8 +28293,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -28267,14 +28330,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -28479,8 +28542,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6740418827739952012" + "version": "0.17.1.54307", + "templateHash": "6036891804343016093" } }, "parameters": { @@ -28611,8 +28674,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1740953456073265015" + "version": "0.17.1.54307", + "templateHash": "8593614529812859648" } }, "parameters": { @@ -28748,8 +28811,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15814620610091788537" + "version": "0.17.1.54307", + "templateHash": "7411396567157179257" } }, "parameters": { @@ -28943,8 +29006,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "161566500283768812" + "version": "0.17.1.54307", + "templateHash": "1124355010779190486" } }, "parameters": { @@ -29126,8 +29189,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8510219443070850278" + "version": "0.17.1.54307", + "templateHash": "7260777690340402293" } }, "parameters": { @@ -29329,8 +29392,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14559775667395480629" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -29396,14 +29459,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -29526,8 +29589,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10817246518679375966" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -29539,8 +29602,8 @@ }, "privateDNSResourceIds": { "type": "array", - "minLength": 1, "maxLength": 5, + "minLength": 1, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -29661,8 +29724,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -29875,8 +29938,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12411629325302614699" + "version": "0.17.1.54307", + "templateHash": "2925986724999389514" } }, "parameters": { @@ -30127,8 +30190,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9827695024186149778" + "version": "0.17.1.54307", + "templateHash": "10639627576867642146" } }, "parameters": { @@ -30408,8 +30471,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13490517945116714650" + "version": "0.17.1.54307", + "templateHash": "4750663240724101154" } }, "parameters": { @@ -30834,8 +30897,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -30871,14 +30934,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -31256,8 +31319,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3084383436001824498" + "version": "0.17.1.54307", + "templateHash": "18094190582004938279" } }, "parameters": { @@ -31417,8 +31480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18200832178111445541" + "version": "0.17.1.54307", + "templateHash": "9163854717969965207" } }, "parameters": { @@ -31489,8 +31552,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -31547,14 +31610,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "location": { "type": "string", @@ -31750,8 +31813,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.17.1.54307", + "templateHash": "9526391067242259796" } }, "parameters": { @@ -32005,8 +32068,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15419094596647888624" + "version": "0.17.1.54307", + "templateHash": "2878979907665862463" } }, "parameters": { @@ -32068,14 +32131,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + }, "allowedValues": [ "Floating", "MaxConnections", "None" - ], - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - } + ] }, "disableTcpStateTracking": { "type": "bool", @@ -32093,14 +32156,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -32112,8 +32175,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -32303,8 +32366,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10645923556503351364" + "version": "0.17.1.54307", + "templateHash": "934300040337690336" } }, "parameters": { @@ -32519,8 +32582,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -32722,8 +32785,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -32920,8 +32983,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -33123,8 +33186,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -33316,8 +33379,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -33509,8 +33572,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -33706,8 +33769,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -33911,8 +33974,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -34109,8 +34172,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -34310,8 +34373,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10405060501220354608" + "version": "0.17.1.54307", + "templateHash": "542004733048752795" } }, "parameters": { @@ -34342,6 +34405,9 @@ }, "protectedItemType": { "type": "string", + "metadata": { + "description": "Required. The backup item type." + }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -34353,10 +34419,7 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ], - "metadata": { - "description": "Required. The backup item type." - } + ] }, "policyId": { "type": "string", @@ -34476,8 +34539,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11877341194593849245" + "version": "0.17.1.54307", + "templateHash": "5545265229641785727" } }, "parameters": { @@ -34693,8 +34756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8145106657487286483" + "version": "0.17.1.54307", + "templateHash": "6119857452463366145" } }, "parameters": { @@ -34835,14 +34898,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -34999,30 +35062,27 @@ "storageSku": { "value": "[variables('varFslogixStorageSku')]" }, + "securityPrincipalName": { + "value": "[parameters('securityPrincipalName')]" + }, "fileShareQuotaSize": { "value": "[parameters('fslogixFileShareQuotaSize')]" }, "storageAccountName": { "value": "[variables('varFslogixStorageName')]" }, - "securityPrincipalNames": { - "value": "[parameters('securityPrincipalNames')]" - }, "netBios": { "value": "[parameters('netBios')]" }, + "artifactsLocation": { + "value": "[variables('varArtifactsLocation')]" + }, "KerberosEncryption": { "value": "[parameters('kerberosEncryption')]" }, "identityServiceProvider": { "value": "[parameters('avdIdentityServiceProvider')]" }, - "dscAgentPackageLocation": { - "value": "[variables('varStorageAzureFilesDscAgentPackageLocation')]" - }, - "storageCustomOuPath": { - "value": "[variables('varStorageCustomOuPath')]" - }, "managementVmName": { "value": "[variables('varManagementVmName')]" }, @@ -35032,16 +35092,10 @@ "ouStgPath": { "value": "[variables('varOuStgPath')]" }, - "createOuForStorageString": { - "value": "[variables('varCreateOuForStorageString')]" - }, "managedIdentityClientId": "[if(variables('varCreateStorageDeployment'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Identities-And-RoleAssign-{0}', parameters('time'))), '2022-09-01').outputs.managedIdentityStorageClientId.value), createObject('value', ''))]", "domainJoinUserName": { "value": "[parameters('avdDomainJoinUserName')]" }, - "domainJoinUserPassword": { - "value": "[parameters('avdDomainJoinUserPassword')]" - }, "wrklKvName": { "value": "[variables('varWrklKvName')]" }, @@ -35077,8 +35131,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17145130864687829338" + "version": "0.17.1.54307", + "templateHash": "17383691146400087728" } }, "parameters": { @@ -35106,6 +35160,12 @@ "description": "Resource Group Name for management VM." } }, + "securityPrincipalName": { + "type": "string", + "metadata": { + "description": "Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: \"\")" + } + }, "storageAccountName": { "type": "string", "metadata": { @@ -35160,12 +35220,6 @@ "description": "AVD session host domain join credentials." } }, - "domainJoinUserPassword": { - "type": "securestring", - "metadata": { - "description": "AVD session host domain join credentials." - } - }, "storageSku": { "type": "string", "metadata": { @@ -35234,30 +35288,12 @@ "description": "ActiveDirectorySolution. " } }, - "dscAgentPackageLocation": { - "type": "string", - "metadata": { - "description": "Sets location of DSC Agent." - } - }, - "storageCustomOuPath": { - "type": "string", - "metadata": { - "description": "Custom OU path for storage." - } - }, "ouStgPath": { "type": "string", "metadata": { "description": "OU Storage Path" } }, - "createOuForStorageString": { - "type": "string", - "metadata": { - "description": "If OU for Azure Storage needs to be created - set to true and ensure the domain join credentials have priviledge to create OU and create computer objects or join to domain." - } - }, "managedIdentityClientId": { "type": "string", "metadata": { @@ -35270,25 +35306,21 @@ "description": "Kerberos Encryption. Default is AES256." } }, - "_artifactsLocation": { + "artifactsLocation": { "type": "string", - "defaultValue": "https://github.com/Azure/avdaccelerator/tree/ntfs-setup/workload/scripts/", "metadata": { "description": "Location of script. Default is located in workload/scripts" } }, - "_artifactsLocationSasToken": { + "storageSolution": { "type": "string", - "defaultValue": "", "metadata": { - "description": "SAS Token to access script." - } - }, - "securityPrincipalNames": { - "type": "string" - }, - "storageSolution": { - "type": "string" + "description": "Storage Solution." + }, + "allowedValues": [ + "AzureStorageAccount", + "AzureNetappFiles" + ] }, "storageCount": { "type": "int", @@ -35300,12 +35332,12 @@ }, "netBios": { "type": "string", - "defaultValue": "" + "metadata": { + "description": "Netbios name, will be used to set NTFS file share permissions." + } } }, "variables": { - "varAzureCloudName": "[environment().name]", - "varStoragePurposeLower": "[toLower(parameters('storagePurpose'))]", "varAvdFileShareLogsDiagnostic": [ "allLogs" ], @@ -35313,7 +35345,7 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]" + "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]" }, "resources": [ { @@ -35344,7 +35376,7 @@ "kind": "[if(or(equals(toLower(parameters('storageSku')), toLower('Premium_LRS')), equals(toLower(parameters('storageSku')), toLower('Premium_ZRS'))), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", "azureFilesIdentityBasedAuthentication": { "value": { - "directoryServiceOptions": "[variables('vardirectoryServiceOptions')]", + "directoryServiceOptions": "[variables('varDirectoryServiceOptions')]", "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]" } }, @@ -35383,17 +35415,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10707961832808434144" + "version": "0.17.1.54307", + "templateHash": "14819659584479701354" } }, "parameters": { "name": { "type": "string", - "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - } + }, + "maxLength": 24 }, "location": { "type": "string", @@ -35426,20 +35458,23 @@ "kind": { "type": "string", "defaultValue": "StorageV2", + "metadata": { + "description": "Optional. Type of Storage Account to create." + }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ], - "metadata": { - "description": "Optional. Type of Storage Account to create." - } + ] }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", + "metadata": { + "description": "Optional. Storage Account Sku Name." + }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -35449,33 +35484,30 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ], - "metadata": { - "description": "Optional. Storage Account Sku Name." - } + ] }, "accessTier": { "type": "string", "defaultValue": "Hot", + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + }, "allowedValues": [ "Premium", "Hot", "Cool" - ], - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - } + ] }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + }, "allowedValues": [ "Disabled", "Enabled" - ], - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - } + ] }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -35597,14 +35629,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ], - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - } + ] }, "enableHierarchicalNamespace": { "type": "bool", @@ -35644,8 +35676,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -35681,14 +35713,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -35944,8 +35976,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11907799862370162022" + "version": "0.17.1.54307", + "templateHash": "14509829261817545327" } }, "parameters": { @@ -36139,8 +36171,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14559775667395480629" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -36206,14 +36238,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -36336,8 +36368,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10817246518679375966" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -36349,8 +36381,8 @@ }, "privateDNSResourceIds": { "type": "array", - "minLength": 1, "maxLength": 5, + "minLength": 1, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -36471,8 +36503,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -36678,17 +36710,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4253610036228558936" + "version": "0.17.1.54307", + "templateHash": "6611019192370176160" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "rules": { "type": "array", @@ -36802,17 +36834,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2607160455374616389" + "version": "0.17.1.54307", + "templateHash": "887985521850583920" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -36960,17 +36992,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17862607141263296646" + "version": "0.17.1.54307", + "templateHash": "459680222498554457" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "deleteRetentionPolicy": { "type": "bool", @@ -37003,8 +37035,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -37189,17 +37221,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1372202156919204831" + "version": "0.17.1.54307", + "templateHash": "4711998299496378361" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -37217,14 +37249,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + }, "allowedValues": [ "Container", "Blob", "None" - ], - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - } + ] }, "immutabilityPolicyProperties": { "type": "object", @@ -37303,17 +37335,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11262013761717354542" + "version": "0.17.1.54307", + "templateHash": "9600027410745431357" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "containerName": { "type": "string", @@ -37431,8 +37463,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5334204341302869645" + "version": "0.17.1.54307", + "templateHash": "2765385875040083757" } }, "parameters": { @@ -37669,17 +37701,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "252706870723960720" + "version": "0.17.1.54307", + "templateHash": "4535070803723456785" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -37708,8 +37740,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -37901,17 +37933,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7008197552909900283" + "version": "0.17.1.54307", + "templateHash": "17475626136384362732" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "fileServicesName": { "type": "string", @@ -37936,25 +37968,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + }, "allowedValues": [ "NFS", "SMB" - ], - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - } + ] }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ], - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - } + ] }, "roleAssignments": { "type": "array", @@ -38030,8 +38062,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12515062620278558169" + "version": "0.17.1.54307", + "templateHash": "398511802813701603" } }, "parameters": { @@ -38269,17 +38301,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18008382091828972844" + "version": "0.17.1.54307", + "templateHash": "5488562806452443494" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "queues": { "type": "array", @@ -38291,8 +38323,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -38470,17 +38502,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14624220085780750615" + "version": "0.17.1.54307", + "templateHash": "8626996903060982853" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -38567,8 +38599,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "256624618142232879" + "version": "0.17.1.54307", + "templateHash": "7868704077465009471" } }, "parameters": { @@ -38803,17 +38835,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1243731349630169383" + "version": "0.17.1.54307", + "templateHash": "8997312828597029463" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "tables": { "type": "array", @@ -38825,8 +38857,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39002,17 +39034,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15439721503188480715" + "version": "0.17.1.54307", + "templateHash": "10506944460358814800" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -39166,22 +39198,27 @@ }, "mode": "Incremental", "parameters": { - "_artifactsLocation": { - "value": "[parameters('_artifactsLocation')]" - }, - "_artifactsLocationSasToken": { - "value": "[parameters('_artifactsLocationSasToken')]" + "artifactsLocation": { + "value": "[parameters('artifactsLocation')]" }, - "CommandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName \"{2}\" -ActiveDirectorySolution \"{3}\" -Environment \"{4}\" -KerberosEncryptionType \"{5}\" -StorageAccountFullName \"{6}\" -FileShareName \"{7}\" -Netbios \"{8}\" -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName \"{11}\" -StorageCount {12} -StorageIndex {13} -StorageSolution \"{14}\" -StorageSuffix \"{15}\" -SubscriptionId \"{16}\" -TenantId \"{17}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" + "commandToExecute": { + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinUserPrincipalName \"{1}\" -ActiveDirectorySolution \"{2}\" -Environment \"{3}\" -KerberosEncryptionType \"{4}\" -StorageAccountFullName \"{5}\" -FileShareName \"{6}\" -Netbios \"{7}\" -OuPath \"{8}\" -SecurityPrincipalName \"{9}\" -StorageAccountResourceGroupName \"{10}\" -StorageCount {11} -StorageIndex {12} -StorageSolution \"{13}\" -StorageSuffix \"{14}\" -SubscriptionId \"{15}\" -TenantId \"{16}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalName'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, - "Location": { + "location": { "value": "[parameters('sessionHostLocation')]" }, - "ManagementVmName": { + "domainJoinUserPassword": { + "reference": { + "keyVault": { + "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))]" + }, + "secretName": "domainJoinUserPassword" + } + }, + "managementVmName": { "value": "[parameters('managementVmName')]" }, - "Timestamp": { + "time": { "value": "[parameters('time')]" } }, @@ -39191,36 +39228,52 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16960560892689102067" + "version": "0.17.1.54307", + "templateHash": "15497845880895726174" } }, "parameters": { - "_artifactsLocation": { + "artifactsLocation": { "type": "string" }, - "_artifactsLocationSasToken": { - "type": "securestring" - }, - "CommandToExecute": { + "commandToExecute": { "type": "string" }, - "Location": { - "type": "string" + "managementVmName": { + "type": "string", + "metadata": { + "description": "Name for management virtual machine. for tools and to join Azure Files to domain." + } }, - "ManagementVmName": { - "type": "string" + "domainJoinUserPassword": { + "type": "securestring", + "metadata": { + "description": "Domain join user password." + } }, - "Timestamp": { - "type": "string" + "location": { + "type": "string", + "metadata": { + "description": "Location where to deploy compute services." + } + }, + "time": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "Do not modify, used to set unique value for resource deployment." + } } }, + "variables": { + "varCommandToExecute": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('commandToExecute'), parameters('domainJoinUserPassword'))]" + }, "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2020-12-01", - "name": "[format('{0}/CustomScriptExtension', parameters('ManagementVmName'))]", - "location": "[parameters('Location')]", + "name": "[format('{0}/CustomScriptExtension', parameters('managementVmName'))]", + "location": "[parameters('location')]", "properties": { "publisher": "Microsoft.Compute", "type": "CustomScriptExtension", @@ -39228,12 +39281,12 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[format('{0}Set-NtfsPermissions.ps1{1}', parameters('_artifactsLocation'), parameters('_artifactsLocationSasToken'))]" + "[format('{0}Set-NtfsPermissions.ps1', parameters('artifactsLocation'))]" ], - "timestamp": "[parameters('Timestamp')]" + "timestamp": "[parameters('time')]" }, "protectedSettings": { - "commandToExecute": "[parameters('CommandToExecute')]" + "commandToExecute": "[variables('varCommandToExecute')]" } } } @@ -39278,30 +39331,27 @@ "storageSku": { "value": "[variables('varMsixStorageSku')]" }, + "securityPrincipalName": { + "value": "[parameters('securityPrincipalName')]" + }, "fileShareQuotaSize": { "value": "[parameters('msixFileShareQuotaSize')]" }, "storageAccountName": { "value": "[variables('varMsixStorageName')]" }, - "securityPrincipalNames": { - "value": "[parameters('securityPrincipalNames')]" - }, "netBios": { "value": "[parameters('netBios')]" }, + "artifactsLocation": { + "value": "[variables('varArtifactsLocation')]" + }, "KerberosEncryption": { "value": "[parameters('kerberosEncryption')]" }, "identityServiceProvider": { "value": "[parameters('avdIdentityServiceProvider')]" }, - "dscAgentPackageLocation": { - "value": "[variables('varStorageAzureFilesDscAgentPackageLocation')]" - }, - "storageCustomOuPath": { - "value": "[variables('varStorageCustomOuPath')]" - }, "managementVmName": { "value": "[variables('varManagementVmName')]" }, @@ -39311,16 +39361,10 @@ "ouStgPath": { "value": "[variables('varOuStgPath')]" }, - "createOuForStorageString": { - "value": "[variables('varCreateOuForStorageString')]" - }, "managedIdentityClientId": "[if(variables('varCreateStorageDeployment'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Identities-And-RoleAssign-{0}', parameters('time'))), '2022-09-01').outputs.managedIdentityStorageClientId.value), createObject('value', ''))]", "domainJoinUserName": { "value": "[parameters('avdDomainJoinUserName')]" }, - "domainJoinUserPassword": { - "value": "[parameters('avdDomainJoinUserPassword')]" - }, "wrklKvName": { "value": "[variables('varWrklKvName')]" }, @@ -39356,8 +39400,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17145130864687829338" + "version": "0.17.1.54307", + "templateHash": "17383691146400087728" } }, "parameters": { @@ -39385,6 +39429,12 @@ "description": "Resource Group Name for management VM." } }, + "securityPrincipalName": { + "type": "string", + "metadata": { + "description": "Optional, Identity name array to grant RBAC role to access AVD application group and NTFS permissions. (Default: \"\")" + } + }, "storageAccountName": { "type": "string", "metadata": { @@ -39439,12 +39489,6 @@ "description": "AVD session host domain join credentials." } }, - "domainJoinUserPassword": { - "type": "securestring", - "metadata": { - "description": "AVD session host domain join credentials." - } - }, "storageSku": { "type": "string", "metadata": { @@ -39513,30 +39557,12 @@ "description": "ActiveDirectorySolution. " } }, - "dscAgentPackageLocation": { - "type": "string", - "metadata": { - "description": "Sets location of DSC Agent." - } - }, - "storageCustomOuPath": { - "type": "string", - "metadata": { - "description": "Custom OU path for storage." - } - }, "ouStgPath": { "type": "string", "metadata": { "description": "OU Storage Path" } }, - "createOuForStorageString": { - "type": "string", - "metadata": { - "description": "If OU for Azure Storage needs to be created - set to true and ensure the domain join credentials have priviledge to create OU and create computer objects or join to domain." - } - }, "managedIdentityClientId": { "type": "string", "metadata": { @@ -39549,25 +39575,21 @@ "description": "Kerberos Encryption. Default is AES256." } }, - "_artifactsLocation": { + "artifactsLocation": { "type": "string", - "defaultValue": "https://github.com/Azure/avdaccelerator/tree/ntfs-setup/workload/scripts/", "metadata": { "description": "Location of script. Default is located in workload/scripts" } }, - "_artifactsLocationSasToken": { + "storageSolution": { "type": "string", - "defaultValue": "", "metadata": { - "description": "SAS Token to access script." - } - }, - "securityPrincipalNames": { - "type": "string" - }, - "storageSolution": { - "type": "string" + "description": "Storage Solution." + }, + "allowedValues": [ + "AzureStorageAccount", + "AzureNetappFiles" + ] }, "storageCount": { "type": "int", @@ -39579,12 +39601,12 @@ }, "netBios": { "type": "string", - "defaultValue": "" + "metadata": { + "description": "Netbios name, will be used to set NTFS file share permissions." + } } }, "variables": { - "varAzureCloudName": "[environment().name]", - "varStoragePurposeLower": "[toLower(parameters('storagePurpose'))]", "varAvdFileShareLogsDiagnostic": [ "allLogs" ], @@ -39592,7 +39614,7 @@ "Transaction" ], "varWrklStoragePrivateEndpointName": "[format('pe-{0}-file', parameters('storageAccountName'))]", - "vardirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]" + "varDirectoryServiceOptions": "[if(equals(parameters('identityServiceProvider'), 'AADDS'), 'AADDS', if(equals(parameters('identityServiceProvider'), 'AAD'), 'AADKERB', 'None'))]" }, "resources": [ { @@ -39623,7 +39645,7 @@ "kind": "[if(or(equals(toLower(parameters('storageSku')), toLower('Premium_LRS')), equals(toLower(parameters('storageSku')), toLower('Premium_ZRS'))), createObject('value', 'FileStorage'), createObject('value', 'StorageV2'))]", "azureFilesIdentityBasedAuthentication": { "value": { - "directoryServiceOptions": "[variables('vardirectoryServiceOptions')]", + "directoryServiceOptions": "[variables('varDirectoryServiceOptions')]", "activeDirectoryProperties": "[if(equals(parameters('identityServiceProvider'), 'AAD'), createObject('domainGuid', parameters('identityDomainGuid'), 'domainName', parameters('identityDomainName')), createObject())]" } }, @@ -39662,17 +39684,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10707961832808434144" + "version": "0.17.1.54307", + "templateHash": "14819659584479701354" } }, "parameters": { "name": { "type": "string", - "maxLength": 24, "metadata": { "description": "Required. Name of the Storage Account." - } + }, + "maxLength": 24 }, "location": { "type": "string", @@ -39705,20 +39727,23 @@ "kind": { "type": "string", "defaultValue": "StorageV2", + "metadata": { + "description": "Optional. Type of Storage Account to create." + }, "allowedValues": [ "Storage", "StorageV2", "BlobStorage", "FileStorage", "BlockBlobStorage" - ], - "metadata": { - "description": "Optional. Type of Storage Account to create." - } + ] }, "skuName": { "type": "string", "defaultValue": "Standard_GRS", + "metadata": { + "description": "Optional. Storage Account Sku Name." + }, "allowedValues": [ "Standard_LRS", "Standard_GRS", @@ -39728,33 +39753,30 @@ "Premium_ZRS", "Standard_GZRS", "Standard_RAGZRS" - ], - "metadata": { - "description": "Optional. Storage Account Sku Name." - } + ] }, "accessTier": { "type": "string", "defaultValue": "Hot", + "metadata": { + "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." + }, "allowedValues": [ "Premium", "Hot", "Cool" - ], - "metadata": { - "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." - } + ] }, "largeFileSharesState": { "type": "string", "defaultValue": "Disabled", + "metadata": { + "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." + }, "allowedValues": [ "Disabled", "Enabled" - ], - "metadata": { - "description": "Optional. Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares)." - } + ] }, "azureFilesIdentityBasedAuthentication": { "type": "object", @@ -39876,14 +39898,14 @@ "minimumTlsVersion": { "type": "string", "defaultValue": "TLS1_2", + "metadata": { + "description": "Optional. Set the minimum TLS version on request to storage." + }, "allowedValues": [ "TLS1_0", "TLS1_1", "TLS1_2" - ], - "metadata": { - "description": "Optional. Set the minimum TLS version on request to storage." - } + ] }, "enableHierarchicalNamespace": { "type": "bool", @@ -39923,8 +39945,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -39960,14 +39982,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -40223,8 +40245,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11907799862370162022" + "version": "0.17.1.54307", + "templateHash": "14509829261817545327" } }, "parameters": { @@ -40418,8 +40440,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14559775667395480629" + "version": "0.17.1.54307", + "templateHash": "7311288048246157848" } }, "parameters": { @@ -40485,14 +40507,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -40615,8 +40637,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10817246518679375966" + "version": "0.17.1.54307", + "templateHash": "12718574346799900200" } }, "parameters": { @@ -40628,8 +40650,8 @@ }, "privateDNSResourceIds": { "type": "array", - "minLength": 1, "maxLength": 5, + "minLength": 1, "metadata": { "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." } @@ -40750,8 +40772,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.17.1.54307", + "templateHash": "12287935360262920219" } }, "parameters": { @@ -40957,17 +40979,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4253610036228558936" + "version": "0.17.1.54307", + "templateHash": "6611019192370176160" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "rules": { "type": "array", @@ -41081,17 +41103,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2607160455374616389" + "version": "0.17.1.54307", + "templateHash": "887985521850583920" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -41239,17 +41261,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17862607141263296646" + "version": "0.17.1.54307", + "templateHash": "459680222498554457" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "deleteRetentionPolicy": { "type": "bool", @@ -41282,8 +41304,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -41468,17 +41490,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1372202156919204831" + "version": "0.17.1.54307", + "templateHash": "4711998299496378361" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -41496,14 +41518,14 @@ "publicAccess": { "type": "string", "defaultValue": "None", + "metadata": { + "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." + }, "allowedValues": [ "Container", "Blob", "None" - ], - "metadata": { - "description": "Optional. Specifies whether data in the container may be accessed publicly and the level of access." - } + ] }, "immutabilityPolicyProperties": { "type": "object", @@ -41582,17 +41604,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11262013761717354542" + "version": "0.17.1.54307", + "templateHash": "9600027410745431357" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "containerName": { "type": "string", @@ -41710,8 +41732,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5334204341302869645" + "version": "0.17.1.54307", + "templateHash": "2765385875040083757" } }, "parameters": { @@ -41948,17 +41970,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "252706870723960720" + "version": "0.17.1.54307", + "templateHash": "4535070803723456785" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -41987,8 +42009,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -42180,17 +42202,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7008197552909900283" + "version": "0.17.1.54307", + "templateHash": "17475626136384362732" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "fileServicesName": { "type": "string", @@ -42215,25 +42237,25 @@ "enabledProtocols": { "type": "string", "defaultValue": "SMB", + "metadata": { + "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." + }, "allowedValues": [ "NFS", "SMB" - ], - "metadata": { - "description": "Optional. The authentication protocol that is used for the file share. Can only be specified when creating a share." - } + ] }, "rootSquash": { "type": "string", "defaultValue": "NoRootSquash", + "metadata": { + "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." + }, "allowedValues": [ "AllSquash", "NoRootSquash", "RootSquash" - ], - "metadata": { - "description": "Optional. Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares." - } + ] }, "roleAssignments": { "type": "array", @@ -42309,8 +42331,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12515062620278558169" + "version": "0.17.1.54307", + "templateHash": "398511802813701603" } }, "parameters": { @@ -42548,17 +42570,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18008382091828972844" + "version": "0.17.1.54307", + "templateHash": "5488562806452443494" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "queues": { "type": "array", @@ -42570,8 +42592,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -42749,17 +42771,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14624220085780750615" + "version": "0.17.1.54307", + "templateHash": "8626996903060982853" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -42846,8 +42868,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "256624618142232879" + "version": "0.17.1.54307", + "templateHash": "7868704077465009471" } }, "parameters": { @@ -43082,17 +43104,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1243731349630169383" + "version": "0.17.1.54307", + "templateHash": "8997312828597029463" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "tables": { "type": "array", @@ -43104,8 +43126,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -43281,17 +43303,17 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15439721503188480715" + "version": "0.17.1.54307", + "templateHash": "10506944460358814800" } }, "parameters": { "storageAccountName": { "type": "string", - "maxLength": 24, "metadata": { "description": "Conditional. The name of the parent Storage Account. Required if the template is used in a standalone deployment." - } + }, + "maxLength": 24 }, "name": { "type": "string", @@ -43445,22 +43467,27 @@ }, "mode": "Incremental", "parameters": { - "_artifactsLocation": { - "value": "[parameters('_artifactsLocation')]" + "artifactsLocation": { + "value": "[parameters('artifactsLocation')]" }, - "_artifactsLocationSasToken": { - "value": "[parameters('_artifactsLocationSasToken')]" + "commandToExecute": { + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinUserPrincipalName \"{1}\" -ActiveDirectorySolution \"{2}\" -Environment \"{3}\" -KerberosEncryptionType \"{4}\" -StorageAccountFullName \"{5}\" -FileShareName \"{6}\" -Netbios \"{7}\" -OuPath \"{8}\" -SecurityPrincipalName \"{9}\" -StorageAccountResourceGroupName \"{10}\" -StorageCount {11} -StorageIndex {12} -StorageSolution \"{13}\" -StorageSuffix \"{14}\" -SubscriptionId \"{15}\" -TenantId \"{16}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalName'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, - "CommandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinPassword \"{1}\" -DomainJoinUserPrincipalName \"{2}\" -ActiveDirectorySolution \"{3}\" -Environment \"{4}\" -KerberosEncryptionType \"{5}\" -StorageAccountFullName \"{6}\" -FileShareName \"{7}\" -Netbios \"{8}\" -OuPath \"{9}\" -SecurityPrincipalNames \"{10}\" -StorageAccountResourceGroupName \"{11}\" -StorageCount {12} -StorageIndex {13} -StorageSolution \"{14}\" -StorageSuffix \"{15}\" -SubscriptionId \"{16}\" -TenantId \"{17}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserPassword'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalNames'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" - }, - "Location": { + "location": { "value": "[parameters('sessionHostLocation')]" }, - "ManagementVmName": { + "domainJoinUserPassword": { + "reference": { + "keyVault": { + "id": "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('serviceObjectsRgName'))), 'Microsoft.KeyVault/vaults', parameters('wrklKvName'))]" + }, + "secretName": "domainJoinUserPassword" + } + }, + "managementVmName": { "value": "[parameters('managementVmName')]" }, - "Timestamp": { + "time": { "value": "[parameters('time')]" } }, @@ -43470,36 +43497,52 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16960560892689102067" + "version": "0.17.1.54307", + "templateHash": "15497845880895726174" } }, "parameters": { - "_artifactsLocation": { + "artifactsLocation": { "type": "string" }, - "_artifactsLocationSasToken": { - "type": "securestring" - }, - "CommandToExecute": { + "commandToExecute": { "type": "string" }, - "Location": { - "type": "string" + "managementVmName": { + "type": "string", + "metadata": { + "description": "Name for management virtual machine. for tools and to join Azure Files to domain." + } }, - "ManagementVmName": { - "type": "string" + "domainJoinUserPassword": { + "type": "securestring", + "metadata": { + "description": "Domain join user password." + } }, - "Timestamp": { - "type": "string" + "location": { + "type": "string", + "metadata": { + "description": "Location where to deploy compute services." + } + }, + "time": { + "type": "string", + "defaultValue": "[utcNow()]", + "metadata": { + "description": "Do not modify, used to set unique value for resource deployment." + } } }, + "variables": { + "varCommandToExecute": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('commandToExecute'), parameters('domainJoinUserPassword'))]" + }, "resources": [ { "type": "Microsoft.Compute/virtualMachines/extensions", "apiVersion": "2020-12-01", - "name": "[format('{0}/CustomScriptExtension', parameters('ManagementVmName'))]", - "location": "[parameters('Location')]", + "name": "[format('{0}/CustomScriptExtension', parameters('managementVmName'))]", + "location": "[parameters('location')]", "properties": { "publisher": "Microsoft.Compute", "type": "CustomScriptExtension", @@ -43507,12 +43550,12 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[format('{0}Set-NtfsPermissions.ps1{1}', parameters('_artifactsLocation'), parameters('_artifactsLocationSasToken'))]" + "[format('{0}Set-NtfsPermissions.ps1', parameters('artifactsLocation'))]" ], - "timestamp": "[parameters('Timestamp')]" + "timestamp": "[parameters('time')]" }, "protectedSettings": { - "commandToExecute": "[parameters('CommandToExecute')]" + "commandToExecute": "[variables('varCommandToExecute')]" } } } @@ -43569,8 +43612,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6119438582302440926" + "version": "0.17.1.54307", + "templateHash": "14889137037653853520" } }, "parameters": { @@ -43648,8 +43691,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16350576771018439160" + "version": "0.17.1.54307", + "templateHash": "11940163391569342138" } }, "parameters": { @@ -43697,14 +43740,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -43806,8 +43849,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12543587259073888483" + "version": "0.17.1.54307", + "templateHash": "10835079600690809858" } }, "parameters": { @@ -44123,8 +44166,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "700207138697825503" + "version": "0.17.1.54307", + "templateHash": "3647241641137692756" } }, "parameters": { @@ -44529,8 +44572,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13490517945116714650" + "version": "0.17.1.54307", + "templateHash": "4750663240724101154" } }, "parameters": { @@ -44955,8 +44998,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -44992,14 +45035,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -45377,8 +45420,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3084383436001824498" + "version": "0.17.1.54307", + "templateHash": "18094190582004938279" } }, "parameters": { @@ -45538,8 +45581,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18200832178111445541" + "version": "0.17.1.54307", + "templateHash": "9163854717969965207" } }, "parameters": { @@ -45610,8 +45653,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -45668,14 +45711,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "location": { "type": "string", @@ -45871,8 +45914,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7328126239184883887" + "version": "0.17.1.54307", + "templateHash": "9526391067242259796" } }, "parameters": { @@ -46126,8 +46169,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15419094596647888624" + "version": "0.17.1.54307", + "templateHash": "2878979907665862463" } }, "parameters": { @@ -46189,14 +46232,14 @@ "auxiliaryMode": { "type": "string", "defaultValue": "None", + "metadata": { + "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." + }, "allowedValues": [ "Floating", "MaxConnections", "None" - ], - "metadata": { - "description": "Optional. Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic." - } + ] }, "disableTcpStateTracking": { "type": "bool", @@ -46214,14 +46257,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "roleAssignments": { "type": "array", @@ -46233,8 +46276,8 @@ "diagnosticLogsRetentionInDays": { "type": "int", "defaultValue": 365, - "minValue": 0, "maxValue": 365, + "minValue": 0, "metadata": { "description": "Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely." } @@ -46424,8 +46467,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10645923556503351364" + "version": "0.17.1.54307", + "templateHash": "934300040337690336" } }, "parameters": { @@ -46640,8 +46683,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -46843,8 +46886,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -47041,8 +47084,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -47244,8 +47287,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -47437,8 +47480,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -47630,8 +47673,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -47827,8 +47870,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -48032,8 +48075,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -48230,8 +48273,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -48431,8 +48474,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10405060501220354608" + "version": "0.17.1.54307", + "templateHash": "542004733048752795" } }, "parameters": { @@ -48463,6 +48506,9 @@ }, "protectedItemType": { "type": "string", + "metadata": { + "description": "Required. The backup item type." + }, "allowedValues": [ "AzureFileShareProtectedItem", "AzureVmWorkloadSAPAseDatabase", @@ -48474,10 +48520,7 @@ "Microsoft.ClassicCompute/virtualMachines", "Microsoft.Compute/virtualMachines", "Microsoft.Sql/servers/databases" - ], - "metadata": { - "description": "Required. The backup item type." - } + ] }, "policyId": { "type": "string", @@ -48597,8 +48640,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11877341194593849245" + "version": "0.17.1.54307", + "templateHash": "5545265229641785727" } }, "parameters": { @@ -48814,8 +48857,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8145106657487286483" + "version": "0.17.1.54307", + "templateHash": "6119857452463366145" } }, "parameters": { @@ -48956,14 +48999,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -49147,8 +49190,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -49346,8 +49389,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8145106657487286483" + "version": "0.17.1.54307", + "templateHash": "6119857452463366145" } }, "parameters": { @@ -49488,14 +49531,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -49677,8 +49720,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2320457624134194742" + "version": "0.17.1.54307", + "templateHash": "3345220041904522099" } }, "parameters": { @@ -49877,8 +49920,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8145106657487286483" + "version": "0.17.1.54307", + "templateHash": "6119857452463366145" } }, "parameters": { @@ -50019,14 +50062,14 @@ "lock": { "type": "string", "defaultValue": "", + "metadata": { + "description": "Optional. Specify the type of lock." + }, "allowedValues": [ "", "CanNotDelete", "ReadOnly" - ], - "metadata": { - "description": "Optional. Specify the type of lock." - } + ] }, "tags": { "type": "object", @@ -50186,8 +50229,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7945282169717240757" + "version": "0.17.1.54307", + "templateHash": "14854652588114627341" } }, "parameters": { @@ -50286,8 +50329,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11980268490224207781" + "version": "0.17.1.54307", + "templateHash": "7172748536042045689" } }, "parameters": { @@ -50402,8 +50445,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17060282136194389196" + "version": "0.17.1.54307", + "templateHash": "231872691044961836" } }, "parameters": { @@ -50495,8 +50538,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12317712979554879023" + "version": "0.17.1.54307", + "templateHash": "5657647834665443119" } }, "parameters": { @@ -50670,8 +50713,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14228229460676709073" + "version": "0.17.1.54307", + "templateHash": "17165573628970783202" } }, "parameters": { @@ -50939,8 +50982,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4137783479866222342" + "version": "0.17.1.54307", + "templateHash": "13416191842446717007" } }, "parameters": { diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index 53a7c1645..dd29141e4 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -97,8 +97,8 @@ param avdHostPoolType string = 'Pooled' @sys.description('Optional. The type of preferred application group type, default to Desktop Application Group.') @allowed([ - 'Desktop' - 'RemoteApp' + 'Desktop' + 'RemoteApp' ]) param hostPoolPreferredAppGroupType string = 'Desktop' @@ -174,7 +174,7 @@ param createAvdFslogixDeployment bool = true 'AzureStorageAccount' 'AzureNetappFiles' ]) -@sys.description ('Fslogix Storage Solution. Default is Azure Storage Account.') +@sys.description('Fslogix Storage Solution. Default is Azure Storage Account.') param fslogixStorageSolution string = 'AzureStorageAccount' @sys.description('Deploy MSIX App Attach setup. (Default: false)') @@ -184,10 +184,9 @@ param createMsixDeployment bool = false 'AzureStorageAccount' 'AzureNetappFiles' ]) -@sys.description ('App attach Storage Solution. Default is Azure Storage Account.') +@sys.description('App attach Storage Solution. Default is Azure Storage Account.') param appAttachStorageSolution string = 'AzureStorageAccount' - @sys.description('Fslogix file share size. (Default: 1)') param fslogixFileShareQuotaSize int = 1 @@ -310,9 +309,6 @@ param avdImageTemplateDefinitionId string = '' @sys.description('OU name for Azure Storage Account. It is recommended to create a new AD Organizational Unit (OU) in AD and disable password expiration policy on computer accounts or service logon accounts accordingly. (Default: "")') param storageOuPath string = '' -@sys.description('If OU for Azure Storage needs to be created - set to true and ensure the domain join credentials have priviledge to create OU and create computer objects or join to domain. (Default: false)') -param createOuForStorage bool = false - // Custom Naming // Input must followe resource naming rules on https://docs.microsoft.com/azure/azure-resource-manager/management/resource-name-rules @sys.description('AVD resources custom naming. (Default: false)') @@ -515,7 +511,7 @@ param enableTelemetry bool = true // Resource naming var varDeploymentPrefixLowercase = toLower(deploymentPrefix) var varDeploymentEnvironmentLowercase = toLower(deploymentEnvironment) -var varDeploymentEnvironmentComputeStorage = (deploymentEnvironment == 'Dev') ? 'd': ((deploymentEnvironment == 'Test') ? 't' : ((deploymentEnvironment == 'Prod') ? 'p' : '')) +var varDeploymentEnvironmentComputeStorage = (deploymentEnvironment == 'Dev') ? 'd' : ((deploymentEnvironment == 'Test') ? 't' : ((deploymentEnvironment == 'Prod') ? 'p' : '')) var varNamingUniqueStringThreeChar = take('${uniqueString(avdWorkloadSubsId, varDeploymentPrefixLowercase, time)}', 3) var varSessionHostLocationAcronym = varLocations[varSessionHostLocationLowercase].acronym var varManagementPlaneLocationAcronym = varLocations[varManagementPlaneLocationLowercase].acronym @@ -535,7 +531,7 @@ var varStorageObjectsRgName = avdUseCustomNaming ? avdStorageObjectsRgCustomName var varMonitoringRgName = avdUseCustomNaming ? avdMonitoringRgCustomName : 'rg-avd-${varDeploymentEnvironmentLowercase}-${varManagementPlaneLocationAcronym}-monitoring' // max length limit 90 characters var varVnetName = avdUseCustomNaming ? avdVnetworkCustomName : 'vnet-${varComputeStorageResourcesNamingStandard}-001' var varHubVnetName = (createAvdVnet && !empty(existingHubVnetResourceId)) ? split(existingHubVnetResourceId, '/')[8] : '' -var varVnetPeeringName = 'peer-${varHubVnetName}' +var varVnetPeeringName = 'peer-${varHubVnetName}' var varRemoteVnetPeeringName = 'peer-${varVnetName}' var varVnetAvdSubnetName = avdUseCustomNaming ? avdVnetworkSubnetCustomName : 'snet-avd-${varComputeStorageResourcesNamingStandard}-001' var varVnetPrivateEndpointSubnetName = avdUseCustomNaming ? privateEndpointVnetworkSubnetCustomName : 'snet-pe-${varComputeStorageResourcesNamingStandard}-001' @@ -791,16 +787,13 @@ var varMarketPlaceGalleryWindows = { version: 'latest' } } -var varStorageAzureFilesDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/ntfs-update/workload/scripts/DSCStorageScripts.zip' +var varArtifactsLocation = 'https://github.com/Azure/avdaccelerator/raw/ntfs-update/workload/scripts' //var varTempResourcesCleanUpDscAgentPackageLocation = 'https://github.com/Azure/avdaccelerator/raw/main/workload/scripts/postDeploymentTempResourcesCleanUp.zip' -var varStorageSetupScriptUri = '${varBaseScriptUri}scripts/Set-NTFSPermissions.ps1' //var varPostDeploymentTempResuorcesCleanUpScriptUri = '${varBaseScriptUri}scripts/postDeploymentTempResuorcesCleanUp.ps1' -var varStorageToDomainScript = './Manual-DSC-Storage-Scripts.ps1' //var varPostDeploymentTempResuorcesCleanUpScript = './PostDeploymentTempResuorcesCleanUp.ps1' var varOuStgPath = !empty(storageOuPath) ? '"${storageOuPath}"' : '"${varDefaultStorageOuPath}"' var varDefaultStorageOuPath = (avdIdentityServiceProvider == 'AADDS') ? 'AADDC Computers' : 'Computers' var varStorageCustomOuPath = !empty(storageOuPath) ? 'true' : 'false' -var varCreateOuForStorageString = string(createOuForStorage) var varAllDnsServers = '${customDnsIps},168.63.129.16' var varDnsServers = empty(customDnsIps) ? [] : (split(varAllDnsServers, ',')) var varCreateVnetPeering = !empty(existingHubVnetResourceId) ? true : false @@ -858,7 +851,7 @@ var verResourceGroups = [ // enableDefaultTelemetry: false // tags: createResourceTags ? union(varAllComputeStorageTags, varAvdDefaultTags) : union(varAvdDefaultTags, varAllComputeStorageTags) //} - + ] // =========== // @@ -952,7 +945,7 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre existingPeSubnetResourceId: existingVnetPrivateEndpointSubnetResourceId existingAvdSubnetResourceId: existingVnetAvdSubnetResourceId createPrivateDnsZones: deployPrivateEndpointKeyvaultStorage ? createPrivateDnsZones : false - applicationSecurityGroupName: varApplicationSecurityGroupName + applicationSecurityGroupName: varApplicationSecurityGroupName computeObjectsRgName: varComputeObjectsRgName networkObjectsRgName: varNetworkObjectsRgName avdNetworksecurityGroupName: varAvdNetworksecurityGroupName @@ -1012,7 +1005,7 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = { startVmOnConnect: (avdHostPoolType == 'Pooled') ? avdDeployScalingPlan : avdStartVmOnConnect workloadSubsId: avdWorkloadSubsId identityServiceProvider: avdIdentityServiceProvider - securityPrincipalIds: array(securityPrincipalId) + securityPrincipalIds: array(securityPrincipalId) applicationGroupIdentityType: avdApplicationGroupIdentityType tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' @@ -1043,7 +1036,7 @@ module identity './modules/identity/deploy.bicep' = { enableStartVmOnConnect: avdStartVmOnConnect identityServiceProvider: avdIdentityServiceProvider createStorageDeployment: varCreateStorageDeployment - securityPrincipalIds: array(securityPrincipalId) + securityPrincipalIds: array(securityPrincipalId) tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags } dependsOn: [ @@ -1079,7 +1072,7 @@ module zeroTrust './modules/zeroTrust/deploy.bicep' = if (diskZeroTrust && avdDe baselineResourceGroups baselineStorageResourceGroup monitoringDiagnosticSettings - identity + identity ] } @@ -1216,14 +1209,12 @@ module fslogixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if fileShareQuotaSize: fslogixFileShareQuotaSize storageAccountName: varFslogixStorageName netBios: netBios + artifactsLocation: varArtifactsLocation KerberosEncryption: kerberosEncryption identityServiceProvider: avdIdentityServiceProvider - dscAgentPackageLocation: varStorageAzureFilesDscAgentPackageLocation - storageCustomOuPath: varStorageCustomOuPath managementVmName: varManagementVmName deployPrivateEndpoint: deployPrivateEndpointKeyvaultStorage ouStgPath: varOuStgPath - createOuForStorageString: varCreateOuForStorageString managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : '' domainJoinUserName: avdDomainJoinUserName wrklKvName: varWrklKvName @@ -1261,16 +1252,12 @@ module msixAzureFilesStorage './modules/storageAzureFiles/deploy.bicep' = if (cr fileShareQuotaSize: msixFileShareQuotaSize storageAccountName: varMsixStorageName netBios: netBios + artifactsLocation: varArtifactsLocation KerberosEncryption: kerberosEncryption - //storageToDomainScript: varStorageToDomainScript - //storageToDomainScriptUri: varStorageToDomainScriptUri identityServiceProvider: avdIdentityServiceProvider - dscAgentPackageLocation: varStorageAzureFilesDscAgentPackageLocation - storageCustomOuPath: varStorageCustomOuPath managementVmName: varManagementVmName deployPrivateEndpoint: deployPrivateEndpointKeyvaultStorage ouStgPath: varOuStgPath - createOuForStorageString: varCreateOuForStorageString managedIdentityClientId: varCreateStorageDeployment ? identity.outputs.managedIdentityStorageClientId : '' domainJoinUserName: avdDomainJoinUserName wrklKvName: varWrklKvName @@ -1317,7 +1304,7 @@ module availabilitySet './modules/avdSessionHosts/.bicep/availabilitySets.bicep' // Session hosts @batchSize(3) module sessionHosts './modules/avdSessionHosts/deploy.bicep' = [for i in range(1, varSessionHostBatchCount): if (avdDeploySessionHosts) { - name: 'SH-Batch-${i-1}-${time}' + name: 'SH-Batch-${i - 1}-${time}' params: { diskEncryptionSetResourceId: diskZeroTrust ? zeroTrust.outputs.ztDiskEncryptionSetResourceId : '' avdAgentPackageLocation: varAvdAgentPackageLocation @@ -1327,7 +1314,7 @@ module sessionHosts './modules/avdSessionHosts/deploy.bicep' = [for i in range(1 createIntuneEnrollment: createIntuneEnrollment maxAvsetMembersCount: varMaxAvsetMembersCount avsetNamePrefix: varAvsetNamePrefix - batchId: i-1 + batchId: i - 1 computeObjectsRgName: varComputeObjectsRgName count: i == varSessionHostBatchCount && varMaxSessionHostsDivisionRemainderValue > 0 ? varMaxSessionHostsDivisionRemainderValue : varMaxSessionHostsPerTemplate countIndex: i == 1 ? avdSessionHostCountIndex : (((i - 1) * varMaxSessionHostsPerTemplate) + avdSessionHostCountIndex) @@ -1380,14 +1367,14 @@ module gpuPolicies './modules/avdSessionHosts/.bicep/azurePolicyGpuExtensions.bi scope: subscription('${avdWorkloadSubsId}') name: 'GPU-VM-Extensions-${time}' params: { - computeObjectsRgName: varComputeObjectsRgName - location: avdSessionHostLocation - subscriptionId: avdWorkloadSubsId + computeObjectsRgName: varComputeObjectsRgName + location: avdSessionHostLocation + subscriptionId: avdWorkloadSubsId } dependsOn: [ sessionHosts ] - } +} /* // Post deployment resources clean up. diff --git a/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep b/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep deleted file mode 100644 index 094ebc09f..000000000 --- a/workload/bicep/modules/storageAzureFiles/.bicep/azureFilesDomainJoin.bicep +++ /dev/null @@ -1,48 +0,0 @@ -// ========== // -// Parameters // -// ========== // - -@sys.description('Extension deployment name.') -param name string - -@sys.description('Location where to deploy compute services.') -param location string - -@sys.description('Location for the AVD agent installation package.') -param baseScriptUri string - -param file string - -@sys.description('Arguments for domain join script.') -param scriptArguments string - -@secure() -@sys.description('Domain join user password.') -param domainJoinUserPassword string - -// =========== // -// Variable declaration // -// =========== // - -var varscriptArgumentsWithPassword = '${scriptArguments} -DomainAdminUserPassword ${domainJoinUserPassword} -verbose' - -// =========== // -// Deployments // -// =========== // - -// Add Azure Files to AD DS domain. -resource dscStorageScript 'Microsoft.Compute/virtualMachines/extensions@2022-08-01' = { - name: '${name}/AzureFilesDomainJoin' - location: location - properties: { - publisher: 'Microsoft.Compute' - type: 'CustomScriptExtension' - typeHandlerVersion: '1.10' - autoUpgradeMinorVersion: true - settings: {} - protectedSettings: { - fileUris: array(baseScriptUri) - commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File ${file} ${varscriptArgumentsWithPassword}' - } - } -} diff --git a/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep b/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep index 9ebc23abd..c9818ef06 100644 --- a/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep +++ b/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep @@ -2,37 +2,39 @@ // Parameters // // ========== // -param _artifactsLocation string -@secure() -param _artifactsLocationSasToken string - -param CommandToExecute string +param artifactsLocation string -param ManagementVmName string +// @secure() +// param _artifactsLocationSasToken string -param Timestamp string +param commandToExecute string -@sys.description('Arguments for domain join script.') -param scriptArguments string +@sys.description('Name for management virtual machine. for tools and to join Azure Files to domain.') +param managementVmName string @secure() @sys.description('Domain join user password.') param domainJoinUserPassword string +@sys.description('Location where to deploy compute services.') +param location string + +@sys.description('Do not modify, used to set unique value for resource deployment.') +param time string = utcNow() + // =========== // // Variable declaration // // =========== // -var varscriptArgumentsWithPassword = '${scriptArguments} -DomainAdminUserPassword ${domainJoinUserPassword} -verbose' +var varCommandToExecute = '${commandToExecute} -DomainAdminUserPassword ${domainJoinUserPassword} -verbose' // =========== // // Deployments // // =========== // resource customScriptExtension 'Microsoft.Compute/virtualMachines/extensions@2020-12-01' = { - name: '${ManagementVmName}/CustomScriptExtension' - location: Location - //tags: TagsVirtualMachines + name: '${managementVmName}/CustomScriptExtension' + location: location properties: { publisher: 'Microsoft.Compute' type: 'CustomScriptExtension' @@ -40,12 +42,12 @@ resource customScriptExtension 'Microsoft.Compute/virtualMachines/extensions@202 autoUpgradeMinorVersion: true settings: { fileUris: [ - '${_artifactsLocation}Set-NtfsPermissions.ps1${_artifactsLocationSasToken}' + '${artifactsLocation}Set-NtfsPermissions.ps1'//${_artifactsLocationSasToken}' ] - timestamp: Timestamp + timestamp: time } protectedSettings: { - commandToExecute: CommandToExecute + commandToExecute: varCommandToExecute } } } diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index 1009f776d..ba49d9806 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -76,39 +76,27 @@ param time string = utcNow() @sys.description('Sets purpose of the storage account.') param storagePurpose string -@sys.description('ActiveDirectorySolution. ') -param ActiveDirectorySolution string = 'ActiveDirectoryDomainServices' - -@sys.description('Sets location of DSC Agent.') -param dscAgentPackageLocation string - -@sys.description('Custom OU path for storage.') -param storageCustomOuPath string - @sys.description('OU Storage Path') param ouStgPath string -@sys.description('If OU for Azure Storage needs to be created - set to true and ensure the domain join credentials have priviledge to create OU and create computer objects or join to domain.') -param createOuForStorageString string - @sys.description('Managed Identity Client ID') param managedIdentityClientId string @sys.description('Kerberos Encryption. Default is AES256.') -param KerberosEncryption string +param KerberosEncryption string @sys.description('Location of script. Default is located in workload/scripts') -param _artifactsLocation string = 'https://github.com/Azure/avdaccelerator/tree/ntfs-setup/workload/scripts/' +param artifactsLocation string -@description('SAS Token to access script.') -param _artifactsLocationSasToken string = '' +// @description('SAS Token to access script.') +// param _artifactsLocationSasToken string = '' @allowed([ 'AzureStorageAccount' 'AzureNetappFiles' ]) -@sys.description ('Storage Solution.') -param storageSolution string +@sys.description('Storage Solution.') +param storageSolution string //borrar param storageCount int = 1 @@ -122,19 +110,16 @@ param netBios string // =========== // // Variable declaration // // =========== // - -var varAzureCloudName = environment().name -var varStoragePurposeLower = toLower(storagePurpose) +var varActiveDirectorySolution = (identityServiceProvider == 'ADDS') ? 'ActiveDirectoryDomainServices': '' var varAvdFileShareLogsDiagnostic = [ 'allLogs' ] var varAvdFileShareMetricsDiagnostic = [ 'Transaction' ] - var varWrklStoragePrivateEndpointName = 'pe-${storageAccountName}-file' -var vardirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS': (identityServiceProvider == 'AAD') ? 'AADKERB': 'None' -//var varStorageToDomainScriptArgs = '-DscPath ${dscAgentPackageLocation} -StorageAccountName ${storageAccountName} -StorageAccountRG ${storageObjectsRgName} -StoragePurpose ${storagePurpose} -DomainName ${identityDomainName} -IdentityServiceProvider ${identityServiceProvider} -AzureCloudEnvironment ${varAzureCloudName} -SubscriptionId ${workloadSubsId} -DomainAdminUserName ${domainJoinUserName} -CustomOuPath ${storageCustomOuPath} -OUName ${ouStgPath} -CreateNewOU ${createOuForStorageString} -ShareName ${fileShareName} -ClientId ${managedIdentityClientId}' +var varDirectoryServiceOptions = (identityServiceProvider == 'AADDS') ? 'AADDS' : (identityServiceProvider == 'AAD') ? 'AADKERB' : 'None' + // =========== // // Deployments // // =========== // @@ -157,11 +142,11 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts publicNetworkAccess: deployPrivateEndpoint ? 'Disabled' : 'Enabled' kind: ((storageSku =~ 'Premium_LRS') || (storageSku =~ 'Premium_ZRS')) ? 'FileStorage' : 'StorageV2' azureFilesIdentityBasedAuthentication: { - directoryServiceOptions: vardirectoryServiceOptions + directoryServiceOptions: varDirectoryServiceOptions activeDirectoryProperties: (identityServiceProvider == 'AAD') ? { domainGuid: identityDomainGuid domainName: identityDomainName - }: {} + } : {} } accessTier: 'Hot' networkAcls: deployPrivateEndpoint ? { @@ -197,7 +182,7 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts privateDnsZoneGroup: { privateDNSResourceIds: [ vnetPrivateDnsZoneFilesId - ] + ] } } ] : [] @@ -217,16 +202,16 @@ module ntfsPermissions '.bicep/ntfsPermissions.bicep' = if (contains(identitySer name: 'FslogixNtfsPermissions_${time}' scope: resourceGroup(workloadSubsId, serviceObjectsRgName) params: { - _artifactsLocation: _artifactsLocation - _artifactsLocationSasToken: _artifactsLocationSasToken - CommandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "${managedIdentityClientId}" -DomainJoinUserPrincipalName "${domainJoinUserName}" -ActiveDirectorySolution "${ActiveDirectorySolution}" -Environment "${environment().name}" -KerberosEncryptionType "${KerberosEncryption}" -StorageAccountFullName "${storageAccountName}" -FileShareName "${fileShareName}" -Netbios "${netBios}" -OuPath "${ouStgPath}" -SecurityPrincipalName "${securityPrincipalName}" -StorageAccountResourceGroupName "${storageObjectsRgName}" -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution "${storageSolution}" -StorageSuffix "${environment().suffixes.storage}" -SubscriptionId "${subscription().subscriptionId}" -TenantId "${subscription().tenantId}"' - Location: sessionHostLocation - domainJoinUserPassword: avdWrklKeyVaultget.getSecret('domainJoinUserPassword') - ManagementVmName: managementVmName - Timestamp: time + artifactsLocation: artifactsLocation + //_artifactsLocationSasToken: _artifactsLocationSasToken + commandToExecute: 'powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId "${managedIdentityClientId}" -DomainJoinUserPrincipalName "${domainJoinUserName}" -ActiveDirectorySolution "${varActiveDirectorySolution}" -Environment "${environment().name}" -KerberosEncryptionType "${KerberosEncryption}" -StorageAccountFullName "${storageAccountName}" -FileShareName "${fileShareName}" -Netbios "${netBios}" -OuPath "${ouStgPath}" -SecurityPrincipalName "${securityPrincipalName}" -StorageAccountResourceGroupName "${storageObjectsRgName}" -StorageCount ${storageCount} -StorageIndex ${storageIndex} -StorageSolution "${storageSolution}" -StorageSuffix "${environment().suffixes.storage}" -SubscriptionId "${subscription().subscriptionId}" -TenantId "${subscription().tenantId}"' + location: sessionHostLocation + domainJoinUserPassword: avdWrklKeyVaultget.getSecret('domainJoinUserPassword') + managementVmName: managementVmName + time: time } //... - } +} // =========== // // Outputs // From dc90a8f5dea486fb11136f6754882466a9c8c4e3 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 21:19:26 -0500 Subject: [PATCH 38/42] updates --- workload/arm/deploy-baseline.json | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 79d26997a..2163ba799 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "10532297135475337412" + "templateHash": "16922266111364980391" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -35132,7 +35132,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "17383691146400087728" + "templateHash": "14403272771338809181" } }, "parameters": { @@ -35281,13 +35281,6 @@ "description": "Sets purpose of the storage account." } }, - "ActiveDirectorySolution": { - "type": "string", - "defaultValue": "ActiveDirectoryDomainServices", - "metadata": { - "description": "ActiveDirectorySolution. " - } - }, "ouStgPath": { "type": "string", "metadata": { @@ -35338,6 +35331,7 @@ } }, "variables": { + "varActiveDirectorySolution": "[if(equals(parameters('identityServiceProvider'), 'ADDS'), 'ActiveDirectoryDomainServices', '')]", "varAvdFileShareLogsDiagnostic": [ "allLogs" ], @@ -39202,7 +39196,7 @@ "value": "[parameters('artifactsLocation')]" }, "commandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinUserPrincipalName \"{1}\" -ActiveDirectorySolution \"{2}\" -Environment \"{3}\" -KerberosEncryptionType \"{4}\" -StorageAccountFullName \"{5}\" -FileShareName \"{6}\" -Netbios \"{7}\" -OuPath \"{8}\" -SecurityPrincipalName \"{9}\" -StorageAccountResourceGroupName \"{10}\" -StorageCount {11} -StorageIndex {12} -StorageSolution \"{13}\" -StorageSuffix \"{14}\" -SubscriptionId \"{15}\" -TenantId \"{16}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalName'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinUserPrincipalName \"{1}\" -ActiveDirectorySolution \"{2}\" -Environment \"{3}\" -KerberosEncryptionType \"{4}\" -StorageAccountFullName \"{5}\" -FileShareName \"{6}\" -Netbios \"{7}\" -OuPath \"{8}\" -SecurityPrincipalName \"{9}\" -StorageAccountResourceGroupName \"{10}\" -StorageCount {11} -StorageIndex {12} -StorageSolution \"{13}\" -StorageSuffix \"{14}\" -SubscriptionId \"{15}\" -TenantId \"{16}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserName'), variables('varActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalName'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, "location": { "value": "[parameters('sessionHostLocation')]" @@ -39401,7 +39395,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "17383691146400087728" + "templateHash": "14403272771338809181" } }, "parameters": { @@ -39550,13 +39544,6 @@ "description": "Sets purpose of the storage account." } }, - "ActiveDirectorySolution": { - "type": "string", - "defaultValue": "ActiveDirectoryDomainServices", - "metadata": { - "description": "ActiveDirectorySolution. " - } - }, "ouStgPath": { "type": "string", "metadata": { @@ -39607,6 +39594,7 @@ } }, "variables": { + "varActiveDirectorySolution": "[if(equals(parameters('identityServiceProvider'), 'ADDS'), 'ActiveDirectoryDomainServices', '')]", "varAvdFileShareLogsDiagnostic": [ "allLogs" ], @@ -43471,7 +43459,7 @@ "value": "[parameters('artifactsLocation')]" }, "commandToExecute": { - "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinUserPrincipalName \"{1}\" -ActiveDirectorySolution \"{2}\" -Environment \"{3}\" -KerberosEncryptionType \"{4}\" -StorageAccountFullName \"{5}\" -FileShareName \"{6}\" -Netbios \"{7}\" -OuPath \"{8}\" -SecurityPrincipalName \"{9}\" -StorageAccountResourceGroupName \"{10}\" -StorageCount {11} -StorageIndex {12} -StorageSolution \"{13}\" -StorageSuffix \"{14}\" -SubscriptionId \"{15}\" -TenantId \"{16}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserName'), parameters('ActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalName'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" + "value": "[format('powershell -ExecutionPolicy Unrestricted -File Set-NtfsPermissions.ps1 -ClientId \"{0}\" -DomainJoinUserPrincipalName \"{1}\" -ActiveDirectorySolution \"{2}\" -Environment \"{3}\" -KerberosEncryptionType \"{4}\" -StorageAccountFullName \"{5}\" -FileShareName \"{6}\" -Netbios \"{7}\" -OuPath \"{8}\" -SecurityPrincipalName \"{9}\" -StorageAccountResourceGroupName \"{10}\" -StorageCount {11} -StorageIndex {12} -StorageSolution \"{13}\" -StorageSuffix \"{14}\" -SubscriptionId \"{15}\" -TenantId \"{16}\"', parameters('managedIdentityClientId'), parameters('domainJoinUserName'), variables('varActiveDirectorySolution'), environment().name, parameters('KerberosEncryption'), parameters('storageAccountName'), parameters('fileShareName'), parameters('netBios'), parameters('ouStgPath'), parameters('securityPrincipalName'), parameters('storageObjectsRgName'), parameters('storageCount'), parameters('storageIndex'), parameters('storageSolution'), environment().suffixes.storage, subscription().subscriptionId, subscription().tenantId)]" }, "location": { "value": "[parameters('sessionHostLocation')]" From aca356309fad6144995bb6604d1f364f89236afd Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 21:30:43 -0500 Subject: [PATCH 39/42] updates --- workload/bicep/deploy-baseline.bicep | 9 -------- .../modules/avdManagementPlane/deploy.bicep | 5 +---- .../deploy-baseline-parameters-example.json | 22 ++++++++++++++----- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/workload/bicep/deploy-baseline.bicep b/workload/bicep/deploy-baseline.bicep index dd29141e4..ef6540d8a 100644 --- a/workload/bicep/deploy-baseline.bicep +++ b/workload/bicep/deploy-baseline.bicep @@ -61,14 +61,6 @@ param securityPrincipalId string = '' @sys.description('Optional, Identity name to grant RBAC role to access AVD application group and NTFS permissions. (Default: "")') param securityPrincipalName string = '' -@allowed([ - 'Group' - 'ServicePrincipal' - 'User' -]) -@sys.description('Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)') -param avdApplicationGroupIdentityType string = 'Group' - @sys.description('AD domain name.') param avdIdentityDomainName string @@ -1006,7 +998,6 @@ module managementPLane './modules/avdManagementPlane/deploy.bicep' = { workloadSubsId: avdWorkloadSubsId identityServiceProvider: avdIdentityServiceProvider securityPrincipalIds: array(securityPrincipalId) - applicationGroupIdentityType: avdApplicationGroupIdentityType tags: createResourceTags ? union(varCustomResourceTags, varAvdDefaultTags) : varAvdDefaultTags alaWorkspaceResourceId: avdDeployMonitoring ? (deployAlaWorkspace ? monitoringDiagnosticSettings.outputs.avdAlaWorkspaceResourceId : alaExistingWorkspaceResourceId) : '' diagnosticLogsRetentionInDays: avdAlaWorkspaceDataRetention diff --git a/workload/bicep/modules/avdManagementPlane/deploy.bicep b/workload/bicep/modules/avdManagementPlane/deploy.bicep index 9ed02c350..09f97696e 100644 --- a/workload/bicep/modules/avdManagementPlane/deploy.bicep +++ b/workload/bicep/modules/avdManagementPlane/deploy.bicep @@ -18,9 +18,6 @@ param identityServiceProvider string @sys.description('Identity ID to grant RBAC role to access AVD application group.') param securityPrincipalIds array -@sys.description('Identity type to grant RBAC role to access AVD application group.') -param applicationGroupIdentityType string - @sys.description('AVD OS image source.') param osImage string @@ -244,7 +241,7 @@ module applicationGroups '../../../../carml/1.3.0/Microsoft.DesktopVirtualizatio { roleDefinitionIdOrName: 'Desktop Virtualization User' principalIds: securityPrincipalIds - principalType: applicationGroupIdentityType + principalType: 'Group' } ]: [] diagnosticWorkspaceId: alaWorkspaceResourceId diff --git a/workload/bicep/parameters/deploy-baseline-parameters-example.json b/workload/bicep/parameters/deploy-baseline-parameters-example.json index bdbe900ff..ddfa4d686 100644 --- a/workload/bicep/parameters/deploy-baseline-parameters-example.json +++ b/workload/bicep/parameters/deploy-baseline-parameters-example.json @@ -35,15 +35,18 @@ "createIntuneEnrollment": { "value": false }, - "avdApplicationGroupIdentitiesIds": { + "securityPrincipalId": { "value": "" - }, - "avdApplicationGroupIdentityType": { - "value": "Group" - }, + }, + "securityPrincipalName": { + "value": "" + }, "avdIdentityDomainName": { "value": "<>" }, + "netBios": { + "value": "" + }, "avdDomainJoinUserName": { "value": "none" }, @@ -208,6 +211,15 @@ }, "deployGpuPolicies": { "value": true + }, + "fslogixStorageSolution": { + "value": "AzureStorageAccount" + }, + "appAttachStorageSolution": { + "value": "AzureStorageAccount" + }, + "kerberosEncryption": { + "value": "" } } } From a98596a87f56c241c1d8a158a735bf7708aed068 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 21:52:23 -0500 Subject: [PATCH 40/42] updates --- .../modules/storageAzureFiles/.bicep/ntfsPermissions.bicep | 2 +- workload/bicep/modules/storageAzureFiles/deploy.bicep | 4 ++-- .../bicep/parameters/deploy-baseline-parameters-example.json | 5 +---- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep b/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep index c9818ef06..004d7ddd0 100644 --- a/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep +++ b/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep @@ -42,7 +42,7 @@ resource customScriptExtension 'Microsoft.Compute/virtualMachines/extensions@202 autoUpgradeMinorVersion: true settings: { fileUris: [ - '${artifactsLocation}Set-NtfsPermissions.ps1'//${_artifactsLocationSasToken}' + '${artifactsLocation}/Set-NtfsPermissions.ps1'//${_artifactsLocationSasToken}' ] timestamp: time } diff --git a/workload/bicep/modules/storageAzureFiles/deploy.bicep b/workload/bicep/modules/storageAzureFiles/deploy.bicep index ba49d9806..ae0005a95 100644 --- a/workload/bicep/modules/storageAzureFiles/deploy.bicep +++ b/workload/bicep/modules/storageAzureFiles/deploy.bicep @@ -110,7 +110,7 @@ param netBios string // =========== // // Variable declaration // // =========== // -var varActiveDirectorySolution = (identityServiceProvider == 'ADDS') ? 'ActiveDirectoryDomainServices': '' +var varActiveDirectorySolution = (identityServiceProvider != 'AAD') ? 'ActiveDirectoryDomainServices': '' var varAvdFileShareLogsDiagnostic = [ 'allLogs' ] @@ -199,7 +199,7 @@ module storageAndFile '../../../../carml/1.3.0/Microsoft.Storage/storageAccounts //} module ntfsPermissions '.bicep/ntfsPermissions.bicep' = if (contains(identityServiceProvider, 'ADDS')) { - name: 'FslogixNtfsPermissions_${time}' + name: 'Fslogix-Ntfs-Permissions-${time}' scope: resourceGroup(workloadSubsId, serviceObjectsRgName) params: { artifactsLocation: artifactsLocation diff --git a/workload/bicep/parameters/deploy-baseline-parameters-example.json b/workload/bicep/parameters/deploy-baseline-parameters-example.json index ddfa4d686..40b2aa900 100644 --- a/workload/bicep/parameters/deploy-baseline-parameters-example.json +++ b/workload/bicep/parameters/deploy-baseline-parameters-example.json @@ -185,9 +185,6 @@ "storageOuPath": { "value": "" }, - "createOuForStorage": { - "value": false - }, "createResourceTags": { "value": false }, @@ -219,7 +216,7 @@ "value": "AzureStorageAccount" }, "kerberosEncryption": { - "value": "" + "value": "AES256" } } } From dbcb53baf185a61477da3c5762c35e489fa698c1 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Mon, 18 Sep 2023 22:09:22 -0500 Subject: [PATCH 41/42] updates --- workload/arm/deploy-baseline.json | 51 ++++++------------- .../.bicep/ntfsPermissions.bicep | 2 +- 2 files changed, 16 insertions(+), 37 deletions(-) diff --git a/workload/arm/deploy-baseline.json b/workload/arm/deploy-baseline.json index 2163ba799..a31ad0b69 100644 --- a/workload/arm/deploy-baseline.json +++ b/workload/arm/deploy-baseline.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "16922266111364980391" + "templateHash": "15051264158868187229" }, "name": "AVD Accelerator - Baseline Deployment", "description": "AVD Accelerator - Deployment Baseline" @@ -114,18 +114,6 @@ "description": "Optional, Identity name to grant RBAC role to access AVD application group and NTFS permissions. (Default: \"\")" } }, - "avdApplicationGroupIdentityType": { - "type": "string", - "defaultValue": "Group", - "metadata": { - "description": "Optional, Identity type to grant RBAC role to access AVD application group. (Default: Group)" - }, - "allowedValues": [ - "Group", - "ServicePrincipal", - "User" - ] - }, "avdIdentityDomainName": { "type": "string", "metadata": { @@ -13014,9 +13002,6 @@ "securityPrincipalIds": { "value": "[array(parameters('securityPrincipalId'))]" }, - "applicationGroupIdentityType": { - "value": "[parameters('avdApplicationGroupIdentityType')]" - }, "tags": "[if(parameters('createResourceTags'), createObject('value', union(variables('varCustomResourceTags'), variables('varAvdDefaultTags'))), createObject('value', variables('varAvdDefaultTags')))]", "alaWorkspaceResourceId": "[if(parameters('avdDeployMonitoring'), if(parameters('deployAlaWorkspace'), createObject('value', reference(subscriptionResourceId('Microsoft.Resources/deployments', format('Monitoring-{0}', parameters('time'))), '2022-09-01').outputs.avdAlaWorkspaceResourceId.value), createObject('value', parameters('alaExistingWorkspaceResourceId'))), createObject('value', ''))]", "diagnosticLogsRetentionInDays": { @@ -13033,7 +13018,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "7331727637146687342" + "templateHash": "91889314871995986" } }, "parameters": { @@ -13067,12 +13052,6 @@ "description": "Identity ID to grant RBAC role to access AVD application group." } }, - "applicationGroupIdentityType": { - "type": "string", - "metadata": { - "description": "Identity type to grant RBAC role to access AVD application group." - } - }, "osImage": { "type": "string", "metadata": { @@ -13935,7 +13914,7 @@ "value": "[parameters('tags')]" }, "applications": "[if(equals(variables('varApplicaitonGroups')[copyIndex()].applicationGroupType, 'RemoteApp'), createObject('value', variables('varRAppApplicationGroupsApps')), createObject('value', createArray()))]", - "roleAssignments": "[if(not(empty(parameters('securityPrincipalIds'))), createObject('value', createArray(createObject('roleDefinitionIdOrName', 'Desktop Virtualization User', 'principalIds', parameters('securityPrincipalIds'), 'principalType', parameters('applicationGroupIdentityType')))), createObject('value', createArray()))]", + "roleAssignments": "[if(not(empty(parameters('securityPrincipalIds'))), createObject('value', createArray(createObject('roleDefinitionIdOrName', 'Desktop Virtualization User', 'principalIds', parameters('securityPrincipalIds'), 'principalType', 'Group'))), createObject('value', createArray()))]", "diagnosticWorkspaceId": { "value": "[parameters('alaWorkspaceResourceId')]" }, @@ -35132,7 +35111,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "14403272771338809181" + "templateHash": "14551661465400904735" } }, "parameters": { @@ -35331,7 +35310,7 @@ } }, "variables": { - "varActiveDirectorySolution": "[if(equals(parameters('identityServiceProvider'), 'ADDS'), 'ActiveDirectoryDomainServices', '')]", + "varActiveDirectorySolution": "[if(not(equals(parameters('identityServiceProvider'), 'AAD')), 'ActiveDirectoryDomainServices', '')]", "varAvdFileShareLogsDiagnostic": [ "allLogs" ], @@ -39183,7 +39162,7 @@ "condition": "[contains(parameters('identityServiceProvider'), 'ADDS')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('FslogixNtfsPermissions_{0}', parameters('time'))]", + "name": "[format('Fslogix-Ntfs-Permissions-{0}', parameters('time'))]", "subscriptionId": "[parameters('workloadSubsId')]", "resourceGroup": "[parameters('serviceObjectsRgName')]", "properties": { @@ -39223,7 +39202,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "15497845880895726174" + "templateHash": "9350072428006893357" } }, "parameters": { @@ -39260,7 +39239,7 @@ } }, "variables": { - "varCommandToExecute": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('commandToExecute'), parameters('domainJoinUserPassword'))]" + "varCommandToExecute": "[format('{0} -DomainJoinPassword {1} -verbose', parameters('commandToExecute'), parameters('domainJoinUserPassword'))]" }, "resources": [ { @@ -39275,7 +39254,7 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[format('{0}Set-NtfsPermissions.ps1', parameters('artifactsLocation'))]" + "[format('{0}/Set-NtfsPermissions.ps1', parameters('artifactsLocation'))]" ], "timestamp": "[parameters('time')]" }, @@ -39395,7 +39374,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "14403272771338809181" + "templateHash": "14551661465400904735" } }, "parameters": { @@ -39594,7 +39573,7 @@ } }, "variables": { - "varActiveDirectorySolution": "[if(equals(parameters('identityServiceProvider'), 'ADDS'), 'ActiveDirectoryDomainServices', '')]", + "varActiveDirectorySolution": "[if(not(equals(parameters('identityServiceProvider'), 'AAD')), 'ActiveDirectoryDomainServices', '')]", "varAvdFileShareLogsDiagnostic": [ "allLogs" ], @@ -43446,7 +43425,7 @@ "condition": "[contains(parameters('identityServiceProvider'), 'ADDS')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", - "name": "[format('FslogixNtfsPermissions_{0}', parameters('time'))]", + "name": "[format('Fslogix-Ntfs-Permissions-{0}', parameters('time'))]", "subscriptionId": "[parameters('workloadSubsId')]", "resourceGroup": "[parameters('serviceObjectsRgName')]", "properties": { @@ -43486,7 +43465,7 @@ "_generator": { "name": "bicep", "version": "0.17.1.54307", - "templateHash": "15497845880895726174" + "templateHash": "9350072428006893357" } }, "parameters": { @@ -43523,7 +43502,7 @@ } }, "variables": { - "varCommandToExecute": "[format('{0} -DomainAdminUserPassword {1} -verbose', parameters('commandToExecute'), parameters('domainJoinUserPassword'))]" + "varCommandToExecute": "[format('{0} -DomainJoinPassword {1} -verbose', parameters('commandToExecute'), parameters('domainJoinUserPassword'))]" }, "resources": [ { @@ -43538,7 +43517,7 @@ "autoUpgradeMinorVersion": true, "settings": { "fileUris": [ - "[format('{0}Set-NtfsPermissions.ps1', parameters('artifactsLocation'))]" + "[format('{0}/Set-NtfsPermissions.ps1', parameters('artifactsLocation'))]" ], "timestamp": "[parameters('time')]" }, diff --git a/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep b/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep index 004d7ddd0..0518a899b 100644 --- a/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep +++ b/workload/bicep/modules/storageAzureFiles/.bicep/ntfsPermissions.bicep @@ -26,7 +26,7 @@ param time string = utcNow() // Variable declaration // // =========== // -var varCommandToExecute = '${commandToExecute} -DomainAdminUserPassword ${domainJoinUserPassword} -verbose' +var varCommandToExecute = '${commandToExecute} -DomainJoinPassword ${domainJoinUserPassword} -verbose' // =========== // // Deployments // From 99127fdd10238327bdaa68af7e5290c214ca2fc3 Mon Sep 17 00:00:00 2001 From: Dany Contreras <78437433+danycontre@users.noreply.github.com> Date: Sat, 14 Oct 2023 13:31:53 -0500 Subject: [PATCH 42/42] updates --- workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 index 7857cf165..7312562e1 100644 --- a/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 +++ b/workload/scripts/DSCStorageScripts/script-domainjoinstorage.ps1 @@ -202,7 +202,7 @@ Try { $Group = 'd2lsolutions.com' + '\' + $SecurityPrincipalName Write-Log -Message "Group for NTFS Permissions = $Group" -Type 'INFO' $domainGroup = new-object system.security.accesscontrol.filesystemaccessrule("$group","modify","none","none","allow") - $aclProvidedGroups.setaccessrule($domainGroup) + $acl.addaccessrule($domainGroup) $acl | set-acl -path "${DriveLetter}:" # Unmount file share Remove-PSDrive -Name $DriveLetter -PSProvider 'FileSystem' -Force