diff --git a/Docs/guidance-exemptions.md b/Docs/guidance-exemptions.md index c46a8b67..c8109767 100644 --- a/Docs/guidance-exemptions.md +++ b/Docs/guidance-exemptions.md @@ -37,7 +37,7 @@ In these cases, find each listing for affected assignments in the CSV/JSON file, 1. Export Current Exemptions for pacSelector 1. Update Content - 1. Replace Root Management Group Name (Tenant GUID) with current assignment location (Tenant Intermediate Root Management Group Name): + 1. Replace Root Management Group Name (Tenant GUID) with current assignment location (Tenant Intermediate Root management Group Name): 1. ```"policyAssignmentId"``` 1. Epac Managed Exemptions: ```metadata\epacMetadata\"policyAssignmentId"``` 1. Replace temporary pacSelector with main pacSelector: diff --git a/Docs/policy-assignments-csv-parameters.md b/Docs/policy-assignments-csv-parameters.md index a03070e9..a2f4c37a 100644 --- a/Docs/policy-assignments-csv-parameters.md +++ b/Docs/policy-assignments-csv-parameters.md @@ -16,7 +16,7 @@ To address the problem of reading and maintaining hundreds or thousands of JSON ### From a list of deployed Policy Assignments -If you want to switch from JSON to CSV or start EPAC from an existing deployment, [generate this CSV file frm your already deployed Assignment(s)](operational-scripts-documenting-policy.md#assignment-documentation). +If you want to switch from JSON to CSV or start EPAC from an existing deployment, [generate this CSV file from your already deployed Assignment(s)](operational-scripts-documenting-policy.md#assignment-documentation). ## CSV File diff --git a/Docs/policy-definitions.md b/Docs/policy-definitions.md index d56a2601..adc631c0 100644 --- a/Docs/policy-definitions.md +++ b/Docs/policy-definitions.md @@ -50,7 +50,7 @@ The names of the definition JSON files don't matter, the Policy and Policy Set d ## Custom Definitions -Custom definitions are uploaded to Azure at the time of initial deployment to a pacSelector. For each pacSelector, the definition is uploaded to the pacSelector's defined root. This makes it available to the entirety of that pacSelector, while facilitating code promotion by allowing each pacSelector to receive the updated definition as part of the release/deployment process. +Custom definitions are uploaded to Azure at the time of initial deployment to a pacSelector. For each pacSelector, the definition is uploaded to the pacSelector's defined root. This makes it available to the entirity of that pacSelector, while facilitating code promotion by allowing each pacSelector to receive the updated definition as part of the release/deployment process. ## Definition Delivery @@ -85,4 +85,4 @@ It is customary to include a `category` and a `version` in the `metadata` sectio EPAC injects `deployedBy` into the `metadata` section. This is a string that identifies the deployment source. It defaults to `epac/$pacOwnerId/$pacSelector`. You can override this value in `global-settings.jsonc` -**Not recommended:** Adding `deployedBy` to the `metadata` section in the Policy definition file will override the value for this definition only from `global-settings.jsonc` or default value. +**Not recommended:** Adding `deployedBy` to the `metadata` section in the Policy definition file will override the value for this definition only from `global-settings.jsonc` or default value. \ No newline at end of file diff --git a/Docs/policy-exemptions.md b/Docs/policy-exemptions.md index 7c5d8d9d..a034526c 100644 --- a/Docs/policy-exemptions.md +++ b/Docs/policy-exemptions.md @@ -38,7 +38,7 @@ Exemption_00000000000001,My display Name,Mitigated,,,,,, ## Exemption Folder Structure -Exemptions can be defined as JSON or CSV files (we recommend that you use JSON files). The names of the definition files don't matter. If multiple files exists in a folder, the lists from all the files are added together. +Exemptions can be defined as JSON or CSV files (we recommend that you use JSON files). The names of the definition files don't matter. If multiple files exist in a folder, the lists from all the files are added together. The pacEnvironment (see global-settings.jsonc) is represented with a folder structure under the folder policyExemptions, such as epac-dev, tenant, ... A missing folder indicates that the pacEnvironment's Exemptions are not managed by this solution. To extract existing exemptions, the operations script Get-AzExemptions.ps1 can be used to generate JSON and CSV files. The output may be used to start the Exemption definitions. This same output is also created when [Extract existing Policy Resources from an Environment](epac-extracting-policy-resources.md). diff --git a/Docs/policy-set-definitions.md b/Docs/policy-set-definitions.md index 1a06c9c5..a373bd97 100644 --- a/Docs/policy-set-definitions.md +++ b/Docs/policy-set-definitions.md @@ -56,7 +56,7 @@ The names of the definition JSON files don't matter, the Policy Sets are registe ## Custom Definitions -Custom definitions are uploaded to Azure at the time of initial deployment to a pacSelector. For each pacSelector, the definition is uploaded to the pacSelector's defined root. This makes it available to the entirety of that pacSelector, while facilitating code promotion by allowing each pacSelector to receive the updated definition as part of the release/deployment process. +Custom definitions are uploaded to Azure at the time of initial deployment to a pacSelector. For each pacSelector, the definition is uploaded to the pacSelector's defined root. This makes it available to the entirity of that pacSelector, while facilitating code promotion by allowing each pacSelector to receive the updated definition as part of the release/deployment process. ## Policy Definition Groups @@ -99,4 +99,4 @@ It is customary to include a `category` and a `version` in the `metadata` sectio EPAC injects `deployedBy` into the `metadata` section. This is a string that identifies the deployment source. It defaults to `epac/$pacOwnerId/$pacSelector`. You can override this value in `global-settings.jsonc` -**Not recommended:** Adding `deployedBy` to the `metadata` section in the Policy definition file will override the value for this definition only from `global-settings.jsonc` or default value. +**Not recommended:** Adding `deployedBy` to the `metadata` section in the Policy definition file will override the value for this definition only from `global-settings.jsonc` or default value. \ No newline at end of file diff --git a/Docs/settings-global-setting-file.md b/Docs/settings-global-setting-file.md index 77764593..97494e22 100644 --- a/Docs/settings-global-setting-file.md +++ b/Docs/settings-global-setting-file.md @@ -4,7 +4,7 @@ `global-settings.jsonc` has following sections explained below: -- `telemetryOptOut` if set to true disables the collection of usage date for the EPAC repo. The default is false. See [Usage Tracking](index.md#telemetry-tracking-using-customer-usage-attribution-pid) for more information. +- `telemetryOptOut` if set to true disables the collection of usage data for the EPAC repo. The default is false. See [Usage Tracking](index.md#telemetry-tracking-using-customer-usage-attribution-pid) for more information. - `pacOwnerId` uniquely identifies deployments from a specific repo. We recommend using a GUID. - `pacEnvironments` defines the EPAC environments. @@ -103,7 +103,7 @@ Optional: - Policy Definitions, Policy Set Definitions and Policy Exemptions - `metadata.deployedBy`. - Policy Assignments - `metadata.assignedBy` since Azure Portal displays it as 'Assigned by'. - Role Assignments - add the value to the `description` field since Role assignments do not contain `metadata`. - - `managedTenant`: Used when the `pacEnvironment` is in a lighthouse managed tenant, [see this example](#example-for-lighthouse-manged-tenant) It must contain: + - `managedTenant`: Used when the `pacEnvironment` is in a lighthouse managed tenant, [see this example](#example-for-lighthouse-managed-tenant) It must contain: - `managingTenantId` - The tenantId of the managing tenant. - `managingTenantRootScope` - An array of all subscriptions that will need `additionalRoleAssignments` deployed to them. - `defaultContext`: In rare cases (typically only when deploying to a lighthouse managed tenant) the default context (Get-azContext) of a user/SPN running a plan will diff --git a/Scripts/HydrationKit/Install-HydrationEpac.ps1 b/Scripts/HydrationKit/Install-HydrationEpac.ps1 index 984c5ba7..2080e1aa 100644 --- a/Scripts/HydrationKit/Install-HydrationEpac.ps1 +++ b/Scripts/HydrationKit/Install-HydrationEpac.ps1 @@ -1312,7 +1312,7 @@ function Install-HydrationEpac { Write-Host " Deploy-RolesPlan -PacEnvironmentSelector $epacDevName -DefinitionsRootFolder $DefinitionsRootFolder" Write-Host "`nIf you were notified that default values were missing for items above (scroll back to review), you will need to update those values prior to running the code above.`n" -BackgroundColor Yellow -ForegroundColor Black Write-Host "`nParameter Update Guidance: https://github.com/Azure/enterprise-azure-policy-as-code/blob/main/Docs/policy-assignments.md" - Write-Host "Advanced Parameter Managment Guidance: https://github.com/Azure/enterprise-azure-policy-as-code/blob/main/Docs/policy-assignments-csv-parameters.md" + Write-Host "Advanced Parameter Management Guidance: https://github.com/Azure/enterprise-azure-policy-as-code/blob/main/Docs/policy-assignments-csv-parameters.md" Write-Host "`nNext Steps: CI/CD Integration" -ForegroundColor Yellow Write-Host " General Guidance: https://azure.github.io/enterprise-azure-policy-as-code/ci-cd-overview/" diff --git a/StarterKit/HydrationKit/questions.jsonc b/StarterKit/HydrationKit/questions.jsonc index f6cfc508..ae03d61c 100644 --- a/StarterKit/HydrationKit/questions.jsonc +++ b/StarterKit/HydrationKit/questions.jsonc @@ -84,7 +84,7 @@ "questionIncrement": 1, "displayText": "Modify Names for CAF3 Hierarchy in Primary Tenant - Prefix", "bodyHeader": "Add a prefix to apply to Management Groups created in the Main Tenant Intermediate Root Management Group hierarchy.", - "bodyText": "In order to prevent naming collisions, a prefix and/or suffix can be specified in order to help ensure a unique name value. For Example, a prefix of 'New' would result in the 'Sandbox' Managment Group being updated to 'NewSandbox'", + "bodyText": "In order to prevent naming collisions, a prefix and/or suffix can be specified in order to help ensure a unique name value. For Example, a prefix of 'New' would result in the 'Sandbox' Management Group being updated to 'NewSandbox'", "dataRequest": "Please input a prefix for the Caf3Hierarchy that will be created in the primary tenant intermediate root group...", "links": [ "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-groups-in-the-azure-landing-zone-accelerator-and-alz-bicep-repository" @@ -98,7 +98,7 @@ "questionIncrement": 2, "displayText": "Modify Names for CAF3 Hierarchy in Primary Tenant - Suffix", "bodyHeader": "If desired, add a suffix to apply to Management Groups created in the Main Tenant Intermediate Root Management Group hierarchy.", - "bodyText": "In order to prevent naming collisions, a prefix and/or suffix can be specified in order to help ensure a unique name value. For Example, a suffix of 'Caf' would result in the 'SandboxCaf' Managment Group being updated to 'Sandbox-epac'", + "bodyText": "In order to prevent naming collisions, a prefix and/or suffix can be specified in order to help ensure a unique name value. For Example, a suffix of 'Caf' would result in the 'SandboxCaf' Management Group being updated to 'Sandbox-epac'", "dataRequest": "Please input a suffix for the Caf3Hierarchy that will be created in the primary tenant intermediate root group...", "links": [ "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-groups-in-the-azure-landing-zone-accelerator-and-alz-bicep-repository" @@ -159,7 +159,7 @@ "questionIncrement": 1, "displayText": "Modify Names for EPAC Environment - Prefix", "bodyHeader": "Add a prefix to apply to Management Groups created to mimic the Main Tenant Intermediate Root Management Group hierarchy", - "bodyText": "This management group hierarchy will be used to test deployments for the Main Tenant Intermediate Root Management Group hierarchy. In order to prevent naming collisions, a prefix and/or suffix can be specified in order to help ensure a unique name value.For Example, a prefix of 'epac-' would result in the 'Sandbox' Managment Group being updated to 'epac-Sandbox'", + "bodyText": "This management group hierarchy will be used to test deployments for the Main Tenant Intermediate Root Management Group hierarchy. In order to prevent naming collisions, a prefix and/or suffix can be specified in order to help ensure a unique name value.For Example, a prefix of 'epac-' would result in the 'Sandbox' Management Group being updated to 'epac-Sandbox'", "dataRequest": "Please input a prefix for the EPAC Hierarchy that will be created to support pipeline operations...", "links": [ "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-groups-in-the-azure-landing-zone-accelerator-and-alz-bicep-repository", @@ -175,7 +175,7 @@ "questionIncrement": 2, "displayText": "Modify Names for EPAC Environment - Suffix", "bodyHeader": "Choose a suffix and/or prefix to apply to the EPAC Development Management Group hierarchy", - "bodyText": "This management group hierarchy will be used to test deployments for the Main Tenant Intermediate Root Management Group hierarchy. In order to prevent naming collisions, a prefix and/or suffix MUST be specified in order to help ensure a unique name value. For Example, a suffix of '-epacdev' would result in the 'Sandbox' Managment Group being updated to 'Sandbox-epacdev' in the EPAC development envirnoment.", + "bodyText": "This management group hierarchy will be used to test deployments for the Main Tenant Intermediate Root Management Group hierarchy. In order to prevent naming collisions, a prefix and/or suffix MUST be specified in order to help ensure a unique name value. For Example, a suffix of '-epacdev' would result in the 'Sandbox' Management Group being updated to 'Sandbox-epacdev' in the EPAC development envirnoment.", "dataRequest": "Please input a suffix for the EPAC Hierarchy that will be created to support pipeline operations...", "links": [ "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-groups-in-the-azure-landing-zone-accelerator-and-alz-bicep-repository",