DfC #653 Fixed. Added Infrastructure Encryption on Storage. Added Private Link Service Network Policies. Added DNS Proxy. Added Private DNS Zones. #791
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added infra encryption to storage Fixed defender bug under "Discussion #653" Added KV Private DNS zone
Added additional Private DNS zones for Private Link Added VNet configuration to use Azure Firewall for DNS Made the Azure Firewall a DNS Proxy and forwarded DNS to Azure DNS
chbragg
changed the title
|
merging into branch to do updates |
jamasten
pushed a commit
that referenced
this pull request
Jan 13, 2024
…rtal UI Selector in the mlz.portal.json (#796) * DfC #653 Fixed. Added Infrastructure Encryption on Storage. Added Private Link Service Network Policies. Added DNS Proxy. Added Private DNS Zones. (#791) * Added Private Link Service Network policies Added infra encryption to storage Fixed defender bug under "Discussion #653" Added KV Private DNS zone * Fixed bug in Defender security notifications Added additional Private DNS zones for Private Link Added VNet configuration to use Azure Firewall for DNS Made the Azure Firewall a DNS Proxy and forwarded DNS to Azure DNS * updates for testing private dns and private link * updates for testing private link * vault core replace * deployment condition for rsv dns * name fix privateLinkEndpointName * test updates dns * testing dns group * build json for private dns updates * update portal location * GitHub Action: Build Bicep to JSON --------- Co-authored-by: chbragg <[email protected]> Co-authored-by: github-actions <[email protected]>
jwaltireland
pushed a commit
to ARPA-H/AzureMissionLZ
that referenced
this pull request
Nov 14, 2024
…rtal UI Selector in the mlz.portal.json (Azure#796) * DfC Azure#653 Fixed. Added Infrastructure Encryption on Storage. Added Private Link Service Network Policies. Added DNS Proxy. Added Private DNS Zones. (Azure#791) * Added Private Link Service Network policies Added infra encryption to storage Fixed defender bug under "Discussion Azure#653" Added KV Private DNS zone * Fixed bug in Defender security notifications Added additional Private DNS zones for Private Link Added VNet configuration to use Azure Firewall for DNS Made the Azure Firewall a DNS Proxy and forwarded DNS to Azure DNS * updates for testing private dns and private link * updates for testing private link * vault core replace * deployment condition for rsv dns * name fix privateLinkEndpointName * test updates dns * testing dns group * build json for private dns updates * update portal location * GitHub Action: Build Bicep to JSON --------- Co-authored-by: chbragg <[email protected]> Co-authored-by: github-actions <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added KV Private DNS zone among many other Private DNS zones: #790
Fixed defender bug under "Discussion #653"
Added DNS Proxy on Azure Firewall and set it to use Azure DNS: #733
Added Storage Account Infrastructure Encryption: #773
Description
Defender for Cloud:
When deploying and re-deploying DfC, there are several errors that usually happen which are fixed here.
Storage Accounts:
Storage Accounts can only have infrastructure encryption enabled when created. Added code to enable that upon provisioning.
Private Link Service Network Policies:
In order to deploy services like AVD into one of the spokes, there needs to be an option to disable the Private Link Service Network Policies. Added that option and kept the defaults uniform to the Private Endpoint Network Policies.
Private DNS Zones:
Added many Private DNS zones to be used for Private Link
DNS Proxy:
Made the Azure Firewall a DNS Proxy. Azure Firewall will query Azure DNS
Forced all vNets to use the Azure Firewall as the DNS Server
UNABLE to test in Air-Gapped clouds.
Issue reference
The issue this PR will close: #653
The issue this PR will close: #733
The issue this PR will close: #773
The issue this PR will close: #790
Checklist
Please make sure you've completed the relevant tasks for this PR out of the following list: