Sacha Narinx
Sacha Narinx
@kennethmac2000 I'm not sure if I understand. You obviously cannot deploy the Azure Landing Zone, without having access to subscriptions (minimum 3 - best practice). These permissions need to be...
Hi @kennethmac2000, welcome your contribution with updates to documentation to clarify the topics you've outlined.
Hi @kennethmac2000. For an Azure Landing Zone deployment, you need to provide subscriptions IDs for the functional areas of ALZ as it deploys management, identity, connectivity and optionally landing zones...
Hi @kennethmac2000. I'm a little unclear on what you are trying to achieve and the multiple tenant scenario you are describing. To clarify, as long as your account is an...
I do want to clarify that it is not recommended to grant owner permissions to guest accounts (accounts outside the tenant in question), and it is a recommended practice to...
Hi @NikolaiKleppe. Thanks for sharing your detailed feedback. Our approach has always been to maximize visibility and security for the platform, which includes ingesting all available logs. However, your point...
@NikolaiKleppe please note, we've transitioned to the new category based Diagnostic Settings policies that cover most Azure services and provide options to configure log targets. Note, by default ALZ will...
@gjongeneel I'm not sure I'm following the issue. We use policy to do peering in a trusted management group. Peering is between a hub and a spoke (not multiple spokes)...
Closing this issue as there is a known platform bug impacting this policy. For details, please follow https://github.com/Azure/Enterprise-Scale/issues/1657
policy_definition_es_deploy_diagnostics_*.json policies shouldn't have hardcoded existence condition
Hi @adrianjagodzinski, thanks for raising this. We have several open issues around diagnostic settings and `metrics/logs`. The issue you have raised is valid, however, at the moment we are holding...