Added new built-in Policies into the Initiative

[pkorolo]

Overview/Summary

This PR brings additional existing built-in DINE Policies into this initiative, as per performed gap analysis

This PR fixes/adds/changes/removes

1. Adds the majority of the existing DINE Policies, that were not initially added in the Initiative
2. The "Storage Table" Policies were not included, due to conflict with the "Cosmos DB" (Table API) Policy, which was included
3. The IoT Central & Bot Service Policies were not included, due to limited or conflicting information in the documentation, regarding the respective required DNS Zone integration

Breaking Changes

1. Private DNS Zone for "Azure Migrate" ("privatelink.prod.migration.windowsazure.com"), is not included in the RI, hence either the zone must be added as well, or the respective Policy for "Azure Migrate" must be removed

Testing Evidence

Testing URLs

The below URLs can be updated where the placeholders are, look for {YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also} & {YOUR GITHUB BRANCH NAME HERE - Remove Curly Brackets Also}, to allow you to test your portal deployment experience.

Please also replace the curly brackets on the placeholders {}

Azure Public

As part of this Pull Request I have

• Checked for duplicate Pull Requests
• Associated it with relevant issues, for tracking and closure.
• Ensured my code/branch is up-to-date with the latest changes in the main branch
• Performed testing and provided evidence.
• Updated relevant and associated documentation.
• Updated the "What's New?" wiki page (located: /docs/wiki/whats-new.md)

[jtracey93]

Nice stuff @pkorolo.

A couple of things:

1. Can we update the Whats New Wiki page? - https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/Whats-new.md
2. Do we also need to update the assignments?
   • Public - https://github.com/Azure/Enterprise-Scale/blob/main/eslzArm/managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json
   • Fairfax - https://github.com/Azure/Enterprise-Scale/blob/main/eslzArm/managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json

As for the Azure Migrate piece I think its worth adding this so up to you if you want to wrap into this branch/PR - might be easiest?

Might be worth you also picking up #1073 as part of this.

Let me know your thoughts

Thanks

Jack

[pkorolo]

Hello @jtracey93

To your points:

I am in very limited availability as we speak, due to my "WAF-Resiliency" assignment. But I will have a clearer picture early next week, if I can follow up with additional tasks or not; but:

1. if I cannot take this (documentation - "What's new"), I can help the one that will
2. Assignments definitely need to be updated; again, not sure if I can take that next week - btw, I think (maybe) I should have put default parameters in the Initiative itself for all the "groupIDs", so that the one who will eventually work with this, will have to only supply the "ZoneIDs" (as in the previous iteration), what do you think?
   [If "yes", I can work with this (minor) addition and submit a new PR (?) ]

Last, for the deployment of Azure Migrate Private DNS Zone itself, if I would take that eventually, where should I touch this?

Thank you.

[pkorolo]

@jtracey93 can you check this conflict please?

Btw, I have updated

• the Policy Definition with default values in GroupIDs
• also updated the Azure Public assignments, and
• added the extra private DNS zone for Azure migrate

please review, thank you!

[krowlandson]

Just realised that this has probably been wrong since creation, as this is the namespace for Azure SignalR WebPubSub, but the parameter name (in my opinion) leads me to believe this was intended for Azure Web Apps.

The policy mapped to this parameter is indeed Azure SignalR WebPubSub so it technically maps correctly, but this doesn't feel correct.

[pkorolo]

you are right, if I would make it from the beginning, naming would be different for cases like this one, but I did not touch the originals

[krowlandson]

Similarly, this appears to be the namespace for App Configuration Stores - making this an equally ambiguous parameter name. Would probably be a breaking change to reverse some of this though unfortunately.

[krowlandson]

And another where the name is misleading given the presence of IoT hubs, although this one may be easier to switch around if needed.

[krowlandson]

LGTM 🔥 Thank you

[krowlandson]

LGTM

[krowlandson]

LGTM

[pkorolo]

Branch to be deleted