- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.bicep files (156):

landingzones/scaffold-subscription.bicep
landingzones/utils/mg-move/move-subscription.bicep
landingzones/lz-healthcare/main.bicep
landingzones/lz-healthcare/networking.bicep
landingzones/lz-healthcare/lz.bicep
landingzones/lz-platform-connectivity-hub-azfw/main.bicep
landingzones/lz-platform-connectivity-hub-azfw/paz/paz.bicep
landingzones/lz-platform-connectivity-hub-azfw/main-azfw-policy.bicep
landingzones/lz-platform-connectivity-hub-azfw/hub/hub-vnet-routes.bicep
landingzones/lz-platform-connectivity-hub-azfw/hub/hub-vnet.bicep
landingzones/lz-platform-connectivity-hub-azfw/azfw-policy/azure-firewall-policy.bicep
landingzones/lz-platform-connectivity-hub-azfw/mrz/mrz-vnet.bicep
landingzones/lz-platform-connectivity-hub-azfw/mrz/mrz.bicep
landingzones/lz-platform-connectivity-hub-nva/main.bicep
landingzones/lz-platform-connectivity-hub-nva/paz/paz.bicep
landingzones/lz-platform-connectivity-hub-nva/nva/nva-vm.bicep
landingzones/lz-platform-connectivity-hub-nva/hub/lb-firewalls-hub.bicep
landingzones/lz-platform-connectivity-hub-nva/hub/hub-vnet.bicep
landingzones/lz-platform-connectivity-hub-nva/mrz/mrz-vnet.bicep
landingzones/lz-platform-connectivity-hub-nva/mrz/mrz.bicep
landingzones/lz-generic-subscription/main.bicep
landingzones/lz-generic-subscription/networking.bicep
landingzones/lz-machinelearning/main.bicep
landingzones/lz-machinelearning/networking.bicep
landingzones/lz-machinelearning/lz.bicep
landingzones/lz-platform-logging/main.bicep
landingzones/lz-platform-identity/main.bicep
landingzones/lz-platform-identity/networking.bicep
landingzones/lz-platform-identity/dnsResolver.bicep
policy/custom/assignments/DDoS.bicep
policy/custom/assignments/DNSPrivateEndpoints.bicep
policy/custom/assignments/LogAnalytics.bicep
policy/custom/assignments/AKS.bicep
policy/custom/assignments/Network.bicep
policy/custom/assignments/Tags.bicep
policy/custom/assignments/DefenderForCloud.bicep
policy/custom/definitions/policyset/DNSPrivateEndpoints.bicep
policy/custom/definitions/policyset/LogAnalytics.bicep
policy/custom/definitions/policyset/AKS.bicep
policy/custom/definitions/policyset/Network.bicep
policy/custom/definitions/policyset/Tags.bicep
policy/custom/definitions/policyset/DefenderForCloud.bicep
policy/builtin/assignments/location.bicep
policy/builtin/assignments/fedramp-moderate.bicep
policy/builtin/assignments/hitrust-hipaa.bicep
policy/builtin/assignments/nist80053r5.bicep
policy/builtin/assignments/cis-msft-130.bicep
policy/builtin/assignments/nist80053r4.bicep
policy/builtin/assignments/asb.bicep
policy/builtin/assignments/pbmm.bicep
management-groups/structure-v2.bicep
management-groups/structure.bicep
tests/landingzones/lz-healthcare/deployment-tests/main.bicep
tests/landingzones/lz-healthcare/deployment-tests/test-runner.bicep
tests/landingzones/lz-machinelearning/deployment-tests/main.bicep
tests/landingzones/lz-machinelearning/deployment-tests/test-runner.bicep
tests/landingzones/lz-machinelearning/deployment-tests/app-service-vnet.bicep
tests/landingzones/lz-machinelearning/deployment-tests/app-service.bicep
roles/la-vminsights-readonly.bicep
roles/lz-secops.bicep
roles/lz-netops.bicep
roles/lz-subowner.bicep
roles/lz-appowner.bicep
azresources/cost/budget-subscription.bicep
azresources/automation/automation-account.bicep
azresources/data/sqldb/main.bicep
azresources/data/sqldb/sqldb-without-cmk.bicep
azresources/data/sqldb/sqldb-with-cmk.bicep
azresources/data/sqldb/sqldb-with-cmk-enable-tde.bicep
azresources/data/sqlmi/sqlmi-without-cmk.bicep
azresources/data/sqlmi/main.bicep
azresources/data/sqlmi/sqlmi-with-cmk-enable-tde.bicep
azresources/data/sqlmi/sqlmi-with-cmk.bicep
azresources/analytics/databricks/main.bicep
azresources/analytics/aml/main.bicep
azresources/analytics/aml/aml-without-cmk.bicep
azresources/analytics/aml/aml-with-cmk.bicep
azresources/analytics/synapse/synapse-with-cmk.bicep
azresources/analytics/synapse/main.bicep
azresources/analytics/synapse/synapse-without-cmk.bicep
azresources/analytics/adf/main.bicep
azresources/analytics/adf/adf-without-cmk.bicep
azresources/analytics/adf/adf-with-cmk.bicep
azresources/analytics/stream-analytics/main.bicep
azresources/containers/aks/main.bicep
azresources/containers/aks/aks-with-cmk.bicep
azresources/containers/aks/aks-without-cmk.bicep
azresources/containers/acr/main.bicep
azresources/containers/acr/acr-with-cmk.bicep
azresources/containers/acr/acr-without-cmk.bicep
azresources/security-center/asc.bicep
azresources/management/backup-recovery-vault.bicep
azresources/monitor/ai-web.bicep
azresources/monitor/log-analytics.bicep
azresources/monitor/dcr-azure-monitor-logs.bicep
azresources/security/key-vault.bicep
azresources/security/key-vault-secret.bicep
azresources/security/key-vault-key-rsa2048.bicep
azresources/util/wait-on-arm.bicep
azresources/util/deployment-script.bicep
azresources/util/wait-subscription.bicep
azresources/util/delete-lock.bicep
azresources/util/wait-on-arm-subscription.bicep
azresources/util/wait.bicep
azresources/telemetry/customer-usage-attribution-tenant.bicep
azresources/telemetry/customer-usage-attribution-resource-group.bicep
azresources/telemetry/customer-usage-attribution-subscription.bicep
azresources/telemetry/customer-usage-attribution-management-group.bicep
azresources/service-health/service-health.bicep
azresources/network/app-gateway-v2-waf.bicep
azresources/network/udr/udr-sqlmi.bicep
azresources/network/udr/udr-databricks-public.bicep
azresources/network/udr/udr-databricks-private.bicep
azresources/network/udr/udr-custom.bicep
azresources/network/private-dns-zone-privatelinks.bicep
azresources/network/private-dns-zone.bicep
azresources/network/nsg/nsg-appgwv2.bicep
azresources/network/nsg/nsg-allowall.bicep
azresources/network/nsg/nsg-empty.bicep
azresources/network/nsg/nsg-bastion.bicep
azresources/network/nsg/nsg-sqlmi.bicep
azresources/network/nsg/nsg-databricks.bicep
azresources/network/dnsresolver-vnet-link.bicep
azresources/network/vnet-peering.bicep
azresources/network/dns-forwarding-ruleset.bicep
azresources/network/firewall.bicep
azresources/network/lb-egress.bicep
azresources/network/dnsresolver.bicep
azresources/network/bastion.bicep
azresources/network/private-dns-zone-virtual-network-link.bicep
azresources/network/ddos-standard.bicep
azresources/iam/subscription/role-assignment-to-group.bicep
azresources/iam/subscription/role-assignment-to-sp.bicep
azresources/iam/user-assigned-identity.bicep
azresources/iam/resourceGroup/role-assignment-to-sp.bicep
azresources/iam/resource/storage-role-assignment-to-sp.bicep
azresources/iam/resource/route-table-role-assignment-to-sp.bicep
azresources/iam/resource/private-dns-zone-role-assignment-to-sp.bicep
azresources/iam/resource/key-vault-role-assignment-to-sp.bicep
azresources/iam/resource/virtual-network-role-assignment-to-sp.bicep
azresources/storage/storage-enable-cmk.bicep
azresources/storage/storage-adlsgen2-fs.bicep
azresources/storage/storage-generalpurpose.bicep
azresources/storage/storage-adlsgen2.bicep
azresources/integration/eventhub.bicep
azresources/compute/vm-ubuntu1804/main.bicep
azresources/compute/vm-ubuntu1804/vm-ubuntu1804-without-cmk.bicep
azresources/compute/vm-ubuntu1804/vm-ubuntu1804-with-cmk.bicep
azresources/compute/fhir.bicep
azresources/compute/vm-win2019/main.bicep
azresources/compute/vm-win2019/vm-win2019-with-cmk.bicep
azresources/compute/vm-win2019/vm-win2019-without-cmk.bicep
azresources/compute/web/functions-python-linux.bicep
azresources/compute/web/appservice-linux.bicep
azresources/compute/web/appservice-linux-container.bicep
azresources/compute/web/app-service-plan-linux.bicep
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.yaml files (56):

.github/workflows/2-roles.yml
.github/workflows/3-logging.yml
.github/workflows/pull-request-check.yml
.github/workflows/7-subscriptions.yml
.github/workflows/5-azure-firewall-policy.yml
.github/workflows/1-management-groups.yml
.github/workflows/5-hub-network-with-azure-firewall.yml
.github/workflows/0-everything.yml
.github/workflows/6-identity.yml
.github/workflows/5-hub-network-with-nva.yml
.github/workflows/stale.yml
.github/workflows/consistency-check.yml
.github/workflows/4-policy.yml
config/linters/.ruby-lint.yml
config/linters/.golangci.yml
config/linters/analysis_options.yml
config/linters/.openapirc.yml
config/linters/.eslintrc.yml
config/linters/.protolintrc.yml
config/linters/.ansible-lint.yml
config/linters/.cfnlintrc.yml
config/linters/.markdown-lint.yml
config/linters/.yaml-lint.yml
config/variables/CanadaPubSecALZ-main.yml
config/variables/common.yml
.pipelines/policy.yml
.pipelines/platform-identity.yml
.pipelines/pull-request-check.yml
.pipelines/templates/steps/define-policy.yml
.pipelines/templates/steps/assign-policy.yml
.pipelines/templates/steps/define-policyset.yml
.pipelines/templates/steps/deploy-platform-identity.yml
.pipelines/templates/steps/deploy-subscription.yml
.pipelines/templates/steps/create-roles.yml
.pipelines/templates/steps/show-variables.yml
.pipelines/templates/steps/deploy-management-groups.yml
.pipelines/templates/steps/deploy-platform-connectivity-hub-azfw-policy.yml
.pipelines/templates/steps/deploy-platform-connectivity-hub-nva.yml
.pipelines/templates/steps/load-log-analytics-vars.yml
.pipelines/templates/steps/load-variables.yml
.pipelines/templates/steps/config-subscription.yml
.pipelines/templates/steps/deploy-platform-logging.yml
.pipelines/templates/steps/deploy-platform-connectivity-hub-azfw.yml
.pipelines/templates/steps/move-subscription.yml
.pipelines/templates/steps/run-linter.yml
.pipelines/templates/jobs/trigger-subscriptions.yml
.pipelines/templates/jobs/deploy-subscription.yml
.pipelines/linters.yml
.pipelines/platform-connectivity-hub-azfw.yml
.pipelines/platform-connectivity-hub-nva.yml
.pipelines/roles.yml
.pipelines/management-groups.yml
.pipelines/subscriptions.yml
.pipelines/platform-connectivity-hub-azfw-policy.yml
.pipelines/platform-logging.yml
.pipelines/demo-approval.yml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.jpg files (43):

docs/media/archetypes/resource-tags-and-naming-conventions.jpg
docs/media/archetypes/service-health-alerts-receivers.jpg
docs/media/archetypes/virtual-network-id.jpg
docs/media/archetypes/egressvirtualApplianceIP.jpg
docs/media/archetypes/subscription-role-assignments.jpg
docs/media/archetypes/security-center-contact-info.jpg
docs/media/architecture/archetype-generic-subscription.jpg
docs/media/architecture/archetype-healthcare-networking.jpg
docs/media/architecture/ado-pipelines.jpg
docs/media/architecture/management-group-structure.jpg
docs/media/architecture/policy-remediation-status.jpg
docs/media/architecture/archetype-machinelearning.jpg
docs/media/architecture/hubnetwork-nva/hubvnet-subnets.jpg
docs/media/architecture/hubnetwork-nva/mrzvnet-subnets.jpg
docs/media/architecture/hubnetwork-nva/mrz-udr.jpg
docs/media/architecture/hubnetwork-nva/mrzvnet-address-space.jpg
docs/media/architecture/hubnetwork-nva/hubnetwork-nva-design.jpg
docs/media/architecture/hubnetwork-nva/hubvnet-address-space.jpg
docs/media/architecture/hubnetwork-azfw/azfw-policy-app-rules.jpg
docs/media/architecture/hubnetwork-azfw/azfw-policy-rulecollections.jpg
docs/media/architecture/hubnetwork-azfw/azfw-policy-network-rules.jpg
docs/media/architecture/hubnetwork-azfw/hubvnet-subnets.jpg
docs/media/architecture/hubnetwork-azfw/hubnetwork-azfw-design.jpg
docs/media/architecture/hubnetwork-azfw/azfw-diagnostic-settings.jpg
docs/media/architecture/hubnetwork-azfw/mrzvnet-subnets.jpg
docs/media/architecture/hubnetwork-azfw/mrz-udr.jpg
docs/media/architecture/hubnetwork-azfw/mrzvnet-address-space.jpg
docs/media/architecture/hubnetwork-azfw/hubvnet-address-space.jpg
docs/media/architecture/hubnetwork-azfw/azfw-logs-dns.jpg
docs/media/architecture/hubnetwork-azfw/azfw-logs-fw.jpg
docs/media/architecture/tags.jpg
docs/media/architecture/ado-approvals-checks.jpg
docs/media/architecture/archetype-identity.jpg
docs/media/architecture/defender-security-policy.jpg
docs/media/architecture/policy-remediation.jpg
docs/media/architecture/log-analytics-workspace.jpg
docs/media/architecture/archetype-logging.jpg
docs/media/architecture/defender-regulatory-compliance.jpg
docs/media/architecture/archetype-machinelearning-networking.jpg
docs/media/architecture/policy-compliance.jpg
docs/media/architecture/archetype-healthcare-dataflow.jpg
docs/media/architecture/archetype-machinelearning-dataflow.jpg
docs/media/architecture/archetype-healthcare.jpg
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.png files (16):

docs/media/architecture/hubnetwork-private-link-central-dns.png
docs/media/onboarding/management-groups-02.png
docs/media/onboarding/run-1-2.png
docs/media/onboarding/run-3-2.png
docs/media/onboarding/management-groups-04.png
docs/media/onboarding/management-groups-01.png
docs/media/onboarding/import-a-git-repo.png
docs/media/onboarding/run-1-3.png
docs/media/onboarding/run-2-2.png
docs/media/onboarding/run-2-3.png
docs/media/onboarding/management-groups-03.png
docs/media/onboarding/run-2-4.png
docs/media/onboarding/run-3-1.png
docs/media/onboarding/run-1-1.png
docs/media/onboarding/run-3-3.png
docs/media/onboarding/run-2-1.png
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.vsdx files (5):

docs/visio/04 - Hub Network Design.vsdx
docs/visio/03 - Tags Design.vsdx
docs/visio/02 - Logging Design.vsdx
docs/visio/01 - Management Group Design.vsdx
docs/visio/05 - Archetypes.vsdx
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*. files (2):

.github/CODEOWNERS
LICENSE
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.ecrc files (1):

config/linters/.ecrc
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.python-lint files (1):

config/linters/.python-lint
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.lintr files (1):

config/linters/.lintr
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.toml files (1):

config/linters/.snakefmt.toml
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.flake8 files (1):

config/linters/.flake8
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.luacheckrc files (1):

config/linters/.luacheckrc
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.perlcriticrc files (1):

config/linters/.perlcriticrc
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.chktexrc files (1):

config/linters/.chktexrc
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*.python-black files (1):

config/linters/.python-black
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -