chore: General maintenance and fixes

[oZakari]

Overview/Summary

This pull request enhances the flexibility and security of the Azure Firewall deployment in the hub networking Bicep modules. The main improvements are the introduction of parameters for custom management public IPs (including secondary locations), more granular resource lock configuration for firewall policies, and updates to ensure these new parameters are correctly handled throughout the code and parameter files.

Key changes:

Custom Management Public IP Support

• Added new parameters (parAzFirewallCustomManagementIp and parAzFirewallCustomManagementIpSecondaryLocation) to allow specifying custom management public IP resource IDs for Azure Firewall in both primary and secondary locations. This enables users to bring their own management public IPs if required. [1] [2]
• Updated logic and module conditions to use these custom management IPs when provided, and only deploy public IP modules if a custom IP is not specified. [1] [2] [3] [4] [5]

Resource Lock Configuration Enhancements

• Introduced a new parameter (parAzureFirewallPolicyLock) to configure resource locks specifically for Azure Firewall Policies, separate from the general firewall lock. This allows independent control over lock settings for firewall policies. [1] [2]
• Updated resource lock creation logic to use the new parAzureFirewallPolicyLock parameter, ensuring the correct lock type and notes are applied to firewall policy resources in both primary and secondary locations. [1] [2]

Firewall Resource Improvements

• Modified the Azure Firewall resource definitions to conditionally assign the management IP configuration and firewall policy only when the relevant subnets or policies are enabled, improving deployment robustness and flexibility. [1] [2] [3]

Parameter File Updates

• Added the new custom management IP and policy lock parameters to all relevant parameter files with default values, ensuring consistency and ease of use across environments. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

Related Issues/Work Items

Closes #1097
Closes #1095
Closes #1089

Breaking Changes

1. Logging Module

Removed Parameter: parSecurityInsightsOnboardingLock

Impact:
This parameter, which previously controlled the resource lock for Security Insights onboarding, has been removed.

Affected Files:

• logging.parameters.all.json
• mc-logging.parameters.all.json

Migration Guidance:
Remove parSecurityInsightsOnboardingLock from any custom parameter files, as it is no longer supported.

Testing Evidence

Replace this with any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).

As part of this Pull Request I have

• Read the Contribution Guide and ensured this PR is compliant with the guide
• Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
• Checked for duplicate Pull Requests
• Associated it with relevant GitHub Issues
• (ALZ Bicep Core Team Only) Associated it with relevant ADO Items
• Ensured my code/branch is up-to-date with the latest changes in the main branch
• Performed testing and provided evidence.
• Updated one or more of the following tests (if required)
  • Unit
  • Linting
  • E2E (End-To-End)
  • ValidateAzCloud (Base validation in Azure Cloud)
  • ValidateMcCloud (Base validation in Azure China Cloud)
• Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Wiki Docs etc.)
• If relevant, created or updated Code Tours here

[oZakari]

/azp run validateazcloud

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).