Skip to content

Releases: Azure/sovereign-landing-zone

Release v1.2.1

06 Sep 22:43
@VeronicaSea VeronicaSea
v1.2.1
08fecf2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.2.1 Latest
Latest

Summary

We are excited to announce the v1.2.1 release of the Sovereign Landing Zone (SLZ) on GitHub. Please review our official Microsoft Cloud for Sovereignty documentation for more details.

This hotfix is removing code related to Customer Usage Attribution (CUA) telemetry when Managed Identities are deployed. Its removal should not impact any new or existing environments. While CUA telemetry does not impact any environment, the API being used is set to expire soon which may cause deployments to fail.

Highlights

  • Removing code related to Customer Usage Attribution (CUA) telemetry when Managed Identities are deployed.

Bug Fixes

  • Addressed the API being used is set to expire soon which may cause deployments to fail.
Assets 2
Loading

Release v1.2.0

16 Jul 19:55
@ugreg ugreg
v1.2.0
8965051
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.2.0

Summary

We are excited to announce the v1.2.0 release of the Sovereign Landing Zone (SLZ) on GitHub.

Highlights

  • Expanded upon parCustomSubnets parameter to enable managing assignments of NSGs and route tables.
  • Added the new parAzFirewallPoliciesEnabled parameter to enable post-deployment modifications to AFW policies.
  • Added the new parAzFirewallCustomPublicIps parameter to support HA firewall designs.
  • Announced deprecation for the parAzureBastionSubnet, parGatewaySubnet, and parAzureFirewallSubnet parameters. These are still supported, but will be removed in a future release.
    • These parameters are being rolled into the parCustomSubnets parameter. Review the upgrade notes for full details.

Bug Fixes

  • Addressed issues where NSGs and UDRs were being removed or reset.
  • Addressed issues where Azure Firewall Polices were removed or reset, sometimes causing the deployment to fail.
Assets 2
Loading

Release v1.1.1

30 May 22:44
@VeronicaSea VeronicaSea
v1.1.1
81d4f19
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.1.1

Summary

We are excited to announce the v1.1.1 release of the Sovereign Landing Zone (SLZ) on GitHub. Please review our official Microsoft Cloud for Sovereignty documentation for more details.

Highlights

  • Addresses issues where the VPN gateway could not be reliably deployed.
  • Fixes Bicep linter formatting for the compliance dashboard.
  • Fix the dead links in the documentation.
  • Improves troubleshooting documentation for Bicep installation errors.
Assets 2
Loading

Release v1.1.0

03 Apr 17:05
@ugreg ugreg
v1.1.0
cbac464
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.1.0

Summary

We are excited to announce the v1.1.0 release of the Sovereign Landing Zone (SLZ) on GitHub. Please review our official Microsoft Cloud for Sovereignty documentation for more details.

Highlights

  • Migrated to using the Azure Policy built-in Sovereignty Baseline Policy Initiatives. This decouples policy updates from the SLZ updates.
  • Added support for assigning existing initiatives at scopes other than the top-level.
  • Added support for assigning initiatives with parameters.
  • Added support for setting the policy enforcement mode.
    • More details can be found in our Deployment Parameters Doc with the parPolicyAssignmentEnforcementMode parameter.
    • Thanks Florian Wagner!

Bug Fixes

  • Addressed issues where NSGs and UDRs were being removed or reset.
    • This is short-term workaround while a fix is being developed. More details can be found here: Route Table and NSG FAQ
  • Addressed issues where Azure Firewall Polices were removed or reset, sometimes causing the deployment to fail.
  • Fixed URI encoding issues with links to the resulting SLZ deployment.
    • Thanks Simon Whalin!
Assets 2
Loading

General Availability v1.0.0

14 Dec 12:36
@ugreg ugreg
v1.0.0
dd486ba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
General Availability v1.0.0

Summary

We are excited for the Generally Available release of Microsoft Cloud for Sovereignty including the Sovereign Landing Zone (SLZ). Please review our official Microsoft Cloud for Sovereignty documentation for more details.

The capabilities offered as part of this release are identical to the ones available during Public Preview as our focus has been on improving documentation and addressing bugs. Future releases will focus around new feature areas as requested by the community.

Highlights

  • Improved documentation for running the SLZ deployments in a pipeline and as modular deployment steps.
  • Fixed a bug where policy effects were not being set appropriately.
  • Fixed a bug where subscription movements were being executed within the platform deployment step instead of the bootstep deployment step.
  • Updated the naming for various Microsoft Cloud for Sovereignty offerings going Generally Available in the documentation to remove ‘Preview’ from the names.
  • Replaced the Preview Notice with Microsoft Legal Notice.
Assets 2
Loading

Public Preview v0.3.2

02 Nov 22:43
@VeronicaSea VeronicaSea
v0.3.2
bfdd870
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Public Preview v0.3.2

This release addresses the following issues:

  • Inability to deploy to the Italy North region
  • The resource deployment output file listing resources that were not deployed
  • Custom policy definitions not being deployed unless ALZ policies were set to be assigned
  • Some asynchronous tasks being executed synchronously
  • Updated graphics and documentation
Assets 2
Loading

Public Preview v0.3.1

19 Oct 21:40
@ugreg ugreg
v0.3.1
212ce7f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Public Preview v0.3.1

This release addresses the following issues:

  • Inability to deploy the SLZ into child management groups with reduced permissions
  • VPN and ExpressRoute Gateways being deployed even when disabled
  • Compliance dashboard filtering not respecting environment suffixes
  • Inability to execute SLZ deployments in unattended mode on Linux systems
Assets 2
Loading

Public Preview v0.3.0

03 Oct 11:38
@ugreg ugreg
v0.3.0
c34a1a4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Public Preview v0.3.0

Summary

We are excited for the Public Preview release of Microsoft Cloud for Sovereignty. Please review our official Microsoft Cloud for Sovereignty documentation for more details.

These release notes are useful for users who have been part of the Private Preview program of the Sovereign Landing Zone (SLZ). It highlights what is new in this first publicly available preview version. This release introduces many new capabilities and configuration options past what was available during Private Preview that are designed to ease the adoption process and provide better support for organizations seeking to improve their workload sovereignty.

Highlights

Breaking Changes

  • After receiving a wide variety of feedback around resource naming, we have standardized our naming convention. Because Azure resources cannot be renamed, we cannot upgrade an SLZ deployment in-place, so Private Preview users will need to deploy a new SLZ. This is the only time we will be making broad changes to resource naming.
  • We have deprecated the parBillingScopeAccountId and parEnrollmentAccountId parameters in favor of a new parSubscriptionBillingScope parameter to enable deployments across a larger set of Azure Account types.

Full details about the changes relevant for our Private Preview users, please review the upgrade notes.

What's New

  • Improved subscription creation across multiple Azure Account types
  • Improved configuration options for the hub network
  • Added support for using the policy portfolio
  • Support for SLZ Preview deployments outside the tenant root group
  • Added support further management group customization
  • Standardized naming convention across all Azure resources deployed by the SLZ Preview
  • Further modularization of the deployment steps improving the ability to run in a CI/CD pipeline
  • Improved support for BYO subscription scenarios
  • Better linting rules for code styling
  • Configurable policy effects
  • Newer version of ALZ Bicep code base (v0.16.3)
  • Better input validation for parameter configurations
  • Simplified experience for managing multiple SLZ Preview deployments
  • Provided additional guidance for:
    • Deploying the SLZ Preview in a pipeline by an SPN
    • Deploying workload landing zones
    • Configuring the Sovereignty Policy Baseline and customizing Azure policies
    • Extending the compliance dashboard
    • Conducting a pilot of the SLZ Preview
  • Introduction of troubleshooting guides for common issues
  • Improved error messages across the board
  • And much more!
Assets 2
Loading