From 6ee968d8e93a8323af31cc15ba08c497d431bfec Mon Sep 17 00:00:00 2001
From: Dany Contreras <78437433+danycontre@users.noreply.github.com>
Date: Fri, 19 Jan 2024 10:40:26 -0600
Subject: [PATCH] Update portal-ui-baseline.json
---
workload/portal-ui/portal-ui-baseline.json | 88 +++++++++++++---------
1 file changed, 54 insertions(+), 34 deletions(-)
diff --git a/workload/portal-ui/portal-ui-baseline.json b/workload/portal-ui/portal-ui-baseline.json
index 81027c10c..a41729a54 100644
--- a/workload/portal-ui/portal-ui-baseline.json
+++ b/workload/portal-ui/portal-ui-baseline.json
@@ -134,13 +134,13 @@
"visible": true,
"label": "Identity service provider",
"defaultValue": "Active Directory (AD DS)",
- "toolTip": "Identity service provider (ADDS or EntraDS) that already exist and will be used for Azure Virtual Desktop.",
+ "toolTip": "Identity service provider (ADDS or AADDS) that already exist and will be used for Azure Virtual Desktop.",
"constraints": {
"required": true,
"allowedValues": [
{
"label": "Microsoft Entra ID",
- "value": "EntraID"
+ "value": "AAD"
},
{
"label": "Active Directory (AD DS)",
@@ -148,7 +148,7 @@
},
{
"label": "Microsoft Entra Domain Services",
- "value": "EntraDS"
+ "value": "AADDS"
}
]
}
@@ -156,7 +156,7 @@
{
"name": "identityServiceProviderIntuneEnrollment",
"type": "Microsoft.Common.CheckBox",
- "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')]",
+ "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]",
"label": "Intune enrollment",
"defaultValue": false,
"toolTip": "If Intune is configured in your Microsoft Entra ID tenant, you can choose to have the VM automatically enrolled during the deployment by selecting this box."
@@ -164,12 +164,23 @@
{
"name": "identityServiceProviderInfo",
"type": "Microsoft.Common.InfoBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
"options": {
"text": "Identity service provider must already exist, as it is a prerequisite for the Azure Virtual Desktop LZA deployment.",
"uri": "https://github.com/Azure/avdaccelerator/blob/main/workload/docs/getting-started.md",
"style": "Info"
}
+ },
+ {
+ "name": "identityDomainName",
+ "type": "Microsoft.Common.TextBox",
+ "label": "AD Domain name",
+ "visible": "[or(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'ADDS'), equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AADDS'))]",
+ "toolTip": "The full qualified domain name of the ADDS or AADDS domain, this information is used for VMs and storage accounts domain join. It is additionally used to set NTFS permissions when deploying/configuring FSLogix",
+ "placeholder": "Example: contoso.com",
+ "constraints": {
+ "required": true
+ }
}
]
},
@@ -229,7 +240,7 @@
{
"name": "identityDomainCredentials",
"type": "Microsoft.Common.Section",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
"label": "Domain join credentials",
"elements": [
{
@@ -570,7 +581,7 @@
{
"name": "identityDomainOuPath",
"type": "Microsoft.Common.TextBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
"label": "Custom OU path (Optional)",
"toolTip": "Provide OU where to locate session hosts, if not provided session hosts will be placed on the default (computers) OU.",
"placeholder": "Example: OU=session-hosts,OU=avd,DC=contoso,DC=com",
@@ -678,6 +689,13 @@
"defaultValue": true,
"toolTip": "Enables low latency and high throughput on the network interface."
},
+ {
+ "name": "gpuExtensionPolicy",
+ "type": "Microsoft.Common.CheckBox",
+ "label": "Deploy GPU extension policies (AMD and Nvidia)",
+ "defaultValue": false,
+ "toolTip": "Deploy policies and assign policies at pool compute resource group to automatically apply GPU extension policies for AMD and/or Nvidia SKUs."
+ },
{
"name": "warningAcceleratedNetworkingSupport",
"type": "Microsoft.Common.InfoBox",
@@ -861,12 +879,12 @@
"name": "storageGeneralSettings",
"type": "Microsoft.Common.Section",
"label": "General settings:",
- "visible": true,
+ "visible": "[or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment)]",
"elements": [
{
"name": "identityDomainOuPathStorageExisting",
"type": "Microsoft.Common.TextBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
"label": "Custom OU path (Optional)",
"toolTip": "Provide OU where to locate storage account file share. If not provided, file share will be placed on the default (computers) OU.",
"placeholder": "Example: OU=storage,OU=avd,DC=contoso,DC=com",
@@ -875,7 +893,6 @@
{
"name": "storageGeneralSettingsZoneRedundancy",
"type": "Microsoft.Common.CheckBox",
- "visible": true,
"label": "Zone redundant storage",
"defaultValue": false,
"toolTip": "Select to replicate storage across availability zones or only use local redundancy."
@@ -937,7 +954,7 @@
{
"name": "StorageDeploymentDisabledAad",
"type": "Microsoft.Common.InfoBox",
- "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')]",
+ "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]",
"options": {
"text": "Granting admin consent to the storage account service principal (your-storage-account-name.file.core.windows.net) is a requirememt, the link in this box contains the steps to grant the consent.",
"uri": "https://learn.microsoft.com/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable?tabs=azure-portal#grant-admin-consent-to-the-new-service-principal",
@@ -1003,7 +1020,7 @@
{
"name": "StorageDeploymentDisabledAad",
"type": "Microsoft.Common.InfoBox",
- "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')]",
+ "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]",
"options": {
"text": "FSLogix storage for Microsoft Entra ID joined session hosts is currently only available for hybrid identities.",
"uri": "https://learn.microsoft.com/azure/virtual-desktop/create-profile-container-azure-ad",
@@ -1021,9 +1038,9 @@
{
"name": "virtualNetworklInfoBox",
"type": "Microsoft.Common.InfoBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
"options": {
- "text": "Azure Virtual Desktop LZA requires connectivity to identity services (ADDS, EntraDS or EntraID).",
+ "text": "Azure Virtual Desktop LZA requires connectivity to identity services (ADDS, AADDS or AAD).",
"uri": "https://docs.microsoft.com/azure/virtual-desktop/authentication",
"style": "info"
}
@@ -1108,10 +1125,12 @@
},
"options": {
"filter": {
- "subscription": "onBasics",
- "location": "[steps('SessionHosts').SessionHostsRegionSection.SessionHostsRegion.location.name]"
+ "subscription": "onBasics"
}
- }
+ },
+ "scope": {
+ "location": "[steps('sessionHosts').sessionHostsRegionSection.sessionHostsRegion]"
+ }
},
{
"name": "avdSubnetApi",
@@ -1360,7 +1379,7 @@
{
"name": "virtualNetworkPeeringInfoBox1",
"type": "Microsoft.Common.InfoBox",
- "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true),not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')))]",
+ "visible": "[and(equals(steps('network').createAvdVirtualNetwork, true),not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')))]",
"options": {
"text": "vNet peering will be created to existing vNet hub with access to identity and DNS services .",
"uri": "https://docs.microsoft.com/azure/architecture/example-scenario/wvd/windows-virtual-desktop?context=/azure/virtual-desktop/context/context",
@@ -1370,7 +1389,7 @@
{
"name": "hubVirtualNetworkPeeringInfoBox2",
"type": "Microsoft.Common.InfoBox",
- "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID')]",
+ "visible": "[equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD')]",
"options": {
"text": "vNet peering to identity services is not required when Microsoft Entra ID as identity service provider .",
"uri": "https://learn.microsoft.com/azure/architecture/example-scenario/wvd/azure-virtual-desktop-azure-active-directory-join",
@@ -1388,7 +1407,7 @@
{
"name": "hubVirtualNetworkSub",
"type": "Microsoft.Common.DropDown",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
"label": "Hub vNet Subscription",
"toolTip": "",
"multiselect": false,
@@ -1412,7 +1431,7 @@
{
"name": "existingHubVirtualNetwork",
"type": "Microsoft.Common.DropDown",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
"label": "Hub vNet",
"toolTip": "",
"multiselect": false,
@@ -1428,7 +1447,7 @@
{
"name": "hubVirtualNetworkGateway",
"type": "Microsoft.Common.CheckBox",
- "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'))]",
+ "visible": "[not(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'))]",
"label": "Gateway on hub",
"defaultValue": false,
"toolTip": "This information will be used to set remote gateway settings on vNet peering."
@@ -2070,7 +2089,7 @@
"name": "resourceTaggingParentCostInfo",
"type": "Microsoft.Common.InfoBox",
"options": {
- "text": "By default, the following tags will be created:
- Parent resource cost management tag (cm-resource-parent): reports all resources cost to the host pool (ResourceID).
- Environment (Environment): environment selected during deployment (Dev/Test/prod).
- Service Workload (ServiceWorkload): defaults to Azure Virtual Desktop.
- Creation time (CreationTimeUTC): deployment time in UTC.
- Domain Name (DomainName): identity service domain name (applied only to compute and storage).
- Identity service provider (IdentityServiceProvider): identity provider selected (ADDS/EntraDS/EntraID).",
+ "text": "By default, the following tags will be created:
- Parent resource cost management tag (cm-resource-parent): reports all resources cost to the host pool (ResourceID).
- Environment (Environment): environment selected during deployment (Dev/Test/prod).
- Service Workload (ServiceWorkload): defaults to Azure Virtual Desktop.
- Creation time (CreationTimeUTC): deployment time in UTC.
- Domain Name (DomainName): identity service domain name (applied only to compute and storage).
- Identity service provider (IdentityServiceProvider): identity provider selected (ADDS/AADDS/AAD).",
"uri": "https://learn.microsoft.com/azure/virtual-desktop/tag-virtual-desktop-resources#use-the-cm-resource-parent-tag-to-automatically-group-costs-by-host-pool",
"style": "Info"
}
@@ -2303,11 +2322,11 @@
"hostPoolMaxSessions": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolSettings.maxSessions, 1)]",
"avdPersonalAssignType": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Personal'), steps('managementPlane').managementPlaneHostPoolSettings.assignmentType, 'Automatic')]",
"avdIdentityServiceProvider": "[steps('identity').identityDomainInformation.identityServiceProvider]",
- "createIntuneEnrollment": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'), steps('identity').identityDomainInformation.identityServiceProviderIntuneEnrollment, false)]",
- "identityDomainName": "[if(and(or(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'ADDS'), equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraDS')), or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment)), steps('storage').storageGeneralSettings.identityDomainName, 'none')]",
- "avdOuPath": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'), 'no', steps('sessionHosts').sessionHostsComputeStorageSection.identityDomainOuPath)]",
- "avdDomainJoinUserName": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserName)]",
- "avdDomainJoinUserPassword": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'EntraID'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserPassword)]",
+ "createIntuneEnrollment": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), steps('identity').identityDomainInformation.identityServiceProviderIntuneEnrollment, false)]",
+ "identityDomainName": "[if(or(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'ADDS'), equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AADDS')), steps('identity').identityDomainInformation.identityDomainName, 'none')]",
+ "avdOuPath": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('sessionHosts').sessionHostsComputeStorageSection.identityDomainOuPath)]",
+ "avdDomainJoinUserName": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserName)]",
+ "avdDomainJoinUserPassword": "[if(equals(steps('identity').identityDomainInformation.identityServiceProvider, 'AAD'), 'no', steps('identity').identityDomainCredentials.identityDomainJoinUserPassword)]",
"avdVmLocalUserName": "[steps('identity').identityLocalCredentials.identityLocalUserName]",
"avdVmLocalUserPassword": "[steps('identity').identityLocalCredentials.identityLocalUserPassword.password]",
"createAvdVnet": "[steps('network').createAvdVirtualNetwork]",
@@ -2324,13 +2343,13 @@
"avdDeployScalingPlan": "[if(equals(steps('managementPlane').managementPlaneHostPoolSettings.hostPoolType, 'Pooled'), steps('managementPlane').managementPlaneHostPoolScaling.scalingPlan, false)]",
"avdEnterpriseAppObjectId": "[first(map(steps('managementPlane').managementPlaneHostPoolScaling.avdEnterpriseApplication.value, (item) => item.id))]",
"availabilityZonesCompute": "[steps('sessionHosts').sessionHostsRegionSection.sessionHostsAvailabilitySettings]",
- "zoneRedundantStorage": "[steps('storage').storageGeneralSettings.storageGeneralSettingsZoneRedundancy]",
+ "zoneRedundantStorage": "[if(or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment), steps('storage').storageGeneralSettings.storageGeneralSettingsZoneRedundancy, false)]",
"avdDeploySessionHostsCount": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsSettingsSection.sessionHostsCount, 1)]",
"useSharedImage": "[if(equals(steps('sessionHosts').deploySessionHosts, true), steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource, false)]",
"avdOsImage": "[if(equals(steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource, false), steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'win11_21h2')]",
- "securityType": "[steps('sessionHosts').sessionHostsSecuritySection.securityType]",
- "secureBootEnabled": "[steps('sessionHosts').sessionHostsSecuritySection.secureBootEnabled]",
- "vTpmEnabled": "[steps('sessionHosts').sessionHostsSecuritySection.vTpmEnabled]",
+ "securityType": "[if(and(or(contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'win11'), contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'g2')), empty(steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage)), steps('sessionHosts').sessionHostsSecuritySection.securityType, 'Standard')]",
+ "secureBootEnabled": "[if(and(or(contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'win11'), contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'g2')), empty(steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage)), steps('sessionHosts').sessionHostsSecuritySection.secureBootEnabled, false)]",
+ "vTpmEnabled": "[if(and(or(contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'win11'), contains(steps('sessionHosts').sessionHostsOsSection.sessionHostsOsImage, 'g2')), empty(steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage)), steps('sessionHosts').sessionHostsSecuritySection.vTpmEnabled, false)]",
"avdImageTemplateDefinitionId": "[if(equals(steps('sessionHosts').sessionHostsOsSection.sessionHostsImageSource, true), steps('sessionHosts').sessionHostsOsSection.sessionHostsComputeGalleryImage.id, 'no')]",
"avdSessionHostDiskType": "[steps('sessionHosts').sessionHostsSettingsSection.sessionHostDiskType]",
"enableAcceleratedNetworking": "[steps('sessionHosts').sessionHostsSettingsSection.acceleratedNetworking]",
@@ -2345,7 +2364,7 @@
"createMsixDeployment": "[steps('storage').storageMsix.msixDeployment]",
"msixStoragePerformance": "[if(equals(steps('storage').storageMsix.msixDeployment, true), steps('storage').storageMsix.msixStorageAccountSku, 'Premium')]",
"msixFileShareQuotaSize": "[if(equals(steps('storage').storageMsix.msixDeployment, true), steps('storage').storageMsix.sessionHostsMsixFileShareQuota, 1 )]",
- "storageOuPath": "[steps('storage').storageGeneralSettings.identityDomainOuPathStorageExisting]",
+ "storageOuPath": "[if(or(steps('storage').storageFslogix.fslogixDeployment, steps('storage').storageMsix.msixDeployment), steps('storage').storageGeneralSettings.identityDomainOuPathStorageExisting, '')]",
"avdUseCustomNaming": "[steps('resourceNaming').resourceNamingSelection]",
"avdServiceObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingAvdManagementPlane.serviceObjectsRgCustomName, 'no')]",
"avdNetworkObjectsRgCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingNetwork.networkObjectsRgCustomName, 'no')]",
@@ -2395,7 +2414,8 @@
"avdAlaWorkspaceCustomName": "[if(equals(steps('resourceNaming').resourceNamingSelection, true), steps('resourceNaming').resourceNamingMonitoring.monitoringLogAnalyticsWorkspaceName, 'no')]",
"ztDiskEncryptionSetCustomNamePrefix": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsDiskEncryptionSetCustomName]",
"ztKvPrefixCustomName ": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsKeyVaultCustomPrefix]",
- "ztManagedIdentityCustomName": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsManagedIdentityCustomName]"
+ "ztManagedIdentityCustomName": "[steps('resourceNaming').resourceNamingZeroTrust.zeroTrustObjectsManagedIdentityCustomName]",
+ "deployGpuPolicies": "[steps('sessionHosts').sessionHostsSettingsSection.gpuExtensionPolicy]"
},
"kind": "Subscription",
"location": "[steps('basics').resourceScope.location.name]",