Initial Commit

.gitattributes

@@ -0,0 +1,7 @@
+# .gitattributes snippet to force users to use same line endings for project.
+# 
+# Handle line endings automatically for files detected as text
+# and leave all files detected as binary untouched.
+* text=auto
+
+*.json text eol=lf

.gitconfig

@@ -0,0 +1,3 @@
+[core]
+longpaths = true
+filemode = false

.github/CODEOWNERS

@@ -0,0 +1,15 @@
+# See for instructions on this file https://help.github.com/articles/about-codeowners/
+
+# These owners will be the default owners for everything in
+# the repo. Unless a later match takes precedence,
+# @global-owner1 and @global-owner2 will be requested for
+# review when someone opens a pull request.
+* @Enterprise-Scale-vteam
+
+.github/CODEOWNERS @uday31in
+.github/** @uday31in @ljtill
+*.yml @ljtill  @uday31in
+Dockerfile @ljtill
+*.ps1 @ljtill
+*.psd1 @ljtill
+*.psm1 @ljtill

.github/ISSUE_TEMPLATE/BUG_REPORT.md

@@ -0,0 +1,22 @@
+---
+name: "Bug report \U0001F41B"
+about: Report errors or unexpected behaviour
+title: 'Bug Report'
+labels: bug, triage
+assignees: ''
+
+---
+
+<!-- Please read our Rules of Conduct: https://opensource.microsoft.com/codeofconduct/ -->
+<!-- Please search existing issues to avoid creating duplicates. -->
+
+**Describe the bug**
+
+
+**Steps to reproduce**
+
+1.
+2.
+
+**Screenshots**
+

.github/ISSUE_TEMPLATE/FEATURE_REQUEST.md

@@ -0,0 +1,14 @@
+---
+name: "Feature request \U0001F680"
+about: Suggest an idea for this project
+title: 'Feature Request'
+labels: feature, triage
+assignees: ''
+
+---
+
+<!-- Please read our Rules of Conduct: https://opensource.microsoft.com/codeofconduct/ -->
+<!-- Please search existing issues to avoid creating duplicates. -->
+
+**Describe the solution you'd like**
+

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,7 @@
+<!-- Thank you for submitting a Pull Request. Please: 
+* Associate an issue with the Pull Request.
+* Ensure that the code is up-to-date with the `master` branch.
+* Include a description of the proposed changes. 
+-->
+
+**This PR fixes**

.github/workflows/azops.yml

@@ -0,0 +1,90 @@
+name: AzOps
+
+on:
+  repository_dispatch:
+    types:
+      - "activity-logs"
+  pull_request:
+    branches:
+      - master
+    paths:
+      - "azops/**"
+  pull_request_review:
+    branches:
+      - master
+    types: [submitted]
+    paths:
+      - "azops/**"
+
+jobs:
+  push:
+    if: ${{ github.event_name == 'pull_request' && github.head_ref != 'system' }}
+    name: Push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Actions checkout
+        uses: actions/checkout@v2
+      - name: GitHub context
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+        run: echo "$GITHUB_CONTEXT"
+      - name: Actions azops
+        uses: Azure/AzOps@master
+        with:
+          azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
+          github_comments: ${{ github.event.pull_request._links.comments.href }}
+          github_issue: ${{ github.event.pull_request._links.issue.href }}
+          github_base_ref: ${{ github.event.pull_request.base.ref }}
+          github_head_ref: ${{ github.event.pull_request.head.ref }}
+          mode: push
+          verbose: "true"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  # If you want review before triggering the push event, enable push_with_review block and disable push.
+  # Review will require, someone other than the creator or the PR to complete review.
+  # GitHub Action will run once PR is reviewed with comment that contains  "LGTM". 
+  # However, in order for GitHub Action status check to display in your PR, you have to enable branch access policy.
+  #
+  # push_with_review:
+  #   if: ${{ github.head_ref != 'system' && contains(github.event.review.body, 'LGTM')}}
+  #   name: Push
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Actions checkout
+  #       uses: actions/checkout@v2
+  #     - name: GitHub context
+  #       env:
+  #         GITHUB_CONTEXT: ${{ toJson(github) }}
+  #       run: echo "$GITHUB_CONTEXT"
+  #     - name: Actions azops
+  #       uses: Azure/AzOps@master
+  #       with:
+  #         azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
+  #         github_comments: ${{ github.event.pull_request._links.comments.href }}
+  #         github_issue: ${{ github.event.pull_request._links.issue.href }}
+  #         github_base_ref: ${{ github.event.pull_request.base.ref }}
+  #         github_head_ref: ${{ github.event.pull_request.head.ref }}
+  #         mode: push
+  #         verbose: "true"
+  #       env:
+  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  pull:
+    if: ${{ github.event_name == 'repository_dispatch' }}
+    name: Pull
+    runs-on: ubuntu-latest
+    steps:
+      - name: Actions checkout
+        uses: actions/checkout@v2
+      - name: GitHub context
+        env:
+          GITHUB_CONTEXT: ${{ toJson(github) }}
+        run: echo "$GITHUB_CONTEXT"
+      - name: Actions azops
+        uses: Azure/AzOps@master
+        with:
+          azure_credentials: ${{ secrets.AZURE_CREDENTIALS }}
+          mode: pull
+          verbose: "true"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,18 @@
+#Private
+**.private**
+
+#DSStore
+.DS_Store
+
+
+#VSCode
+.vs
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+*.code-workspace
+
+#Jupyter Notebook checkpoints
+**/.ipynb_checkpoints/*

CODE_OF_CONDUCT.md

@@ -0,0 +1,9 @@
+# Microsoft Open Source Code of Conduct
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+
+Resources:
+
+- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
+- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
+- Contact [[email protected]](mailto:[email protected]) with questions or concerns

LICENSE

@@ -0,0 +1,21 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE

README.md

@@ -0,0 +1,79 @@
+| Deploy ARM Template |
+|:--------------|
+|[![Deploy To Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://ms.portal.azure.com/?feature.customportal=false#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzOps%2Fmaster%2Ftemplate%2Fux-foundation.json) |
+
+# Enterprise-Scale - Reference Implementation
+
+## Navigation Menu
+
+* [Enterprise-Scale Architecture](./docs/EnterpriseScale-Architecture.md)
+* [Reference implementations](./docs/reference/Readme.md)
+  * [Contoso Reference - Scope and Design](./docs/reference/contoso/Readme.md)
+  * [AdventureWorks Reference - Scope and Design](./docs/reference/adventureworks/README.md)
+  * [WingTip Reference - Scope and Design](./docs/reference/wingtip/README.md)
+* [Getting started](./docs/Deploy/getting-started.md)
+  * [Setup GitHub](./docs/Deploy/setup-github.md)
+  * [Configure own environment](./docs/Deploy/configure-own-environment.md)
+  * [Initialize Git With Current Azure configuration](./docs/Deploy/discover-environment.md)
+  * [Deploy new Policy assignment](./docs/Deploy/deploy-new-policy-assignment.md)
+  * [Deploy landing zones](./docs/Deploy/deploy-landing-zones.md)
+<!--  * [Deploy new Policy Definition](./docs/Deploy/deploy-new-deploy-new-policy-definition.md) -->
+* [Known Issues](./docs/EnterpriseScale-known-issues.md)
+* [How Do I Contribute?](./docs/EnterpriseScale-Contribution.md)
+* [FAQ](./docs/EnterpriseScale-FAQ.md)
+* [Roadmap](./docs/EnterpriseScale-roadmap.md)
+---
+
+## Objective
+
+The Enterprise-Scale architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for **organizations to define their their Azure architecture. It will continue to evolve alongside the Azure platform and is ultimately defined by the various design decisions that organizations must make to define their Azure journey.
+
+---
+_The Enterprise-Scale architecture represents the strategic design path and target technical state for your Azure environment._
+***
+
+Not all enterprises adopt Azure in the same way, so the Enterprise-Scale architecture may vary between customers. Ultimately, the technical considerations and design recommendations of the Enterprise-Scale architecture may lead to different trade-offs based on the customer's scenario. Some variation is expected, but if core recommendations are followed, the resulting target architecture will put the customer on a path to sustainable scale.
+
+The reference implementations in this repository is intended to support Enterprise-Scale Azure adoption by leveraging learnings from previous engineering engagements and provide architecture design pattern.
+
+## Conditions for success
+
+To fully leverage this reference implementation in this repository, readers must have a collaborative engagement with key customer stakeholders across critical technical domains, such as identity, security, and networking. Ultimately, the success of cloud adoption hinges on cross-discipline cooperation within the organization, since key requisite Enterprise-Scale design decisions are cross cutting, and to be authoritative must involve domain Subject Matter Expertise (SME) and stakeholders within the customer. It is crucial that the organization has been defined their [Enterprise-Scale Architecture](./docs/EnterpriseScale-Architecture.md) following the design principals and critical design areas.
+
+It is also assumed that readers have a broad understanding of key Azure constructs and services in order to fully contextualize the prescriptive recommendations contained within this playbook.
+
+## How to get started
+
+Organization can use Azure Portal or Infrastructure-as-code to setup and configure Azure environment. It is also possible to **transition between portal and infrastructure-as-code (recommended)** when your ready to do so. 
+
+<!--
+![Enterprise-Scale ](./docs/media/ES-process.png)
+-->
+
+### Deploying Enterprise-Scale Architecture in your own environment
+
+The enterprise-scale architecture is modular by design and allow customers to start with foundational landing zones that support their application portfolios, regardless of whether the applications are being migrated or are newly developed and deployed to Azure. The architecture can scale alongside the customer's business requirements regardless of scale point.In this repository we are providing the following three templates representing different scenarios composed using ARM templates.
+
+| Reference implementation | Description | ARM Template | Link |
+|:-------------------------|:-------------|:-------------|------|
+| Contoso | On-premises connectivity using Azure vWAN |[![Deploy To Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://ms.portal.azure.com/?feature.customportal=false#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzOps%2Fmaster%2Ftemplate%2Fux-vwan.json) | [Detailed description](./docs/reference/contoso/Readme.md) |
+| AdventureWorks | On-premises connectivity with Hub & Spoke  | <!-- [![Deploy To Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://ms.portal.azure.com/?feature.customportal=false#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzOps%2Fmaster%2Ftemplate%2Fux-hub-spoke.json) --> ETA (7/31) | [Detailed description](./docs/reference/adventureworks/README.md) |
+| WingTip | Azure without hybrid connectivity |[![Deploy To Azure](https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/1-CONTRIBUTION-GUIDE/images/deploytoazure.svg?sanitize=true)](https://ms.portal.azure.com/?feature.customportal=false#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2FAzOps%2Fmaster%2Ftemplate%2Fux-foundation.json) | [Detailed description](./docs/reference/wingtip/README.md) |
+
+### Getting Started with Infrastructure-as-a-Code
+
+This repository aims to provide on-ramp path to enable DevOps journey and facilitate the transition when organizations are ready to do so by discovering current configuration and provide continuous deployment using pipeline to push new configuration changes in Azure as well as pull any OOB configuration changes. This reference implementation removes the need for custom orchestration to deploy and configure resources in Azure. Please see [this section](./docs/Deploy/Configure-run-initialization.md) to get started with infrastructure-as-a-code in your environment.
+
+## Contributing
+
+This project welcomes contributions and suggestions.  Most contributions require you to agree to a
+Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
+the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
+
+When you submit a pull request, a CLA bot will automatically determine whether you need to provide
+a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
+provided by the bot. You will only need to do this once across all repos using our CLA.
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
+For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
+contact [[email protected]](mailto:[email protected]) with any additional questions or comments.

SECURITY.md

@@ -0,0 +1,41 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.5 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/).
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [[email protected]](mailto:[email protected]).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/en-us/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

azopsreference/.gitignore

@@ -0,0 +1,9 @@
+#Ignore Everything
+*
+
+#Inlcude everything back
+!*/
+!**/contoso/**/Microsoft.Authorization*.parameters.json
+**/contoso/**/*SecurityCenter.parameters.json
+
+!.gitignore

azopsreference/3fc1081d-6105-4e19-b60c-1ec1252cf560/contoso/.AzState/Microsoft.Authorization_policyAssignments-Allowed-RGLocation.parameters.json

@@ -0,0 +1,32 @@
+{
+  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "input": {
+      "value": {
+        "Location": "northeurope",
+        "Name": "Allowed-RGLocation",
+        "ResourceGroupName": null,
+        "ResourceType": "Microsoft.Authorization/policyAssignments",
+        "SubscriptionId": null,
+        "Identity": null,
+        "Properties": {
+          "Scope": "<replace-me>",
+          "NotScopes": [],
+          "DisplayName": "Allowed locations for resource groups",
+          "Description": null,
+          "PolicyDefinitionId": "<replace-me>",
+          "Parameters": {
+            "listOfAllowedLocations": {
+              "value": [
+                "northeurope",
+                "westeurope",
+                "northcentralus"
+              ]
+            }
+          }
+        }
+      }
+    }
+  }
+}