feat: Q2 FY25 Policy Refresh

[cae-pr-creator]

Overview/Summary

This pull request includes several updates to policy assignments and documentation within the Azure Landing Zones (ALZ) Bicep repository. The changes primarily involve renaming variables and updating policy definition versions.

Documentation updates:

• docs/wiki/AssigningPolicies.md: Updated variable names for policy assignment examples to align with new naming conventions. [1] [2]
• docs/wiki/PolicyDeepDive.md: Updated the policy definition ID in the Kusto query example.

Policy assignment updates:

• infra-as-code/bicep/modules/policy/assignments/lib/README.md: Renamed module variable modPolicyAssignmentDenyPublicIP to modPolAssiDenyPublicIP.
• Various policy assignment template files: Added or updated the definitionVersion field to specify the version of the policy definition being used. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16]

These changes ensure consistency in variable naming and keep the policy definitions up to date with the latest versions.

Related Issues/Work Items

Closes #952
Closes #959
Fixes AB#38989

This PR fixes/adds/changes/removes

1. Q2 2025 Policy Refresh
2. Cleanup of unnecessary AMA permissions

Breaking Changes

Notice: Breaking Changes in Bicep Module Configuration

As part of the migration to user-defined types (UDTs) for properties within the parVpnGatewayConfig and parExpressRouteGatewayConfig parameters, the following breaking changes have been introduced:

1. Supported SKUs Limited to Availability Zones

The list of supported SKUs for VPN and ExpressRoute gateways now only includes those with availability zones. This change aligns with the consolidation and migration updates outlined in the official Azure documentation. For more details, refer to the Gateway SKU Consolidation and Migration Guide.

2. Property Name Alignment for parVpnGatewayConfig

The generation property in parVpnGatewayConfig has been renamed to vpnGatewayGeneration to align with the schema property name already used for parExpressRouteGatewayConfig.

3. Case Sensitivity of bgpSettings

The bgpsettings property is now case-sensitive and must be written as bgpSettings.

Subproperty Changes:

• The asn and peerweight subproperties within bgpSettings now require integer values instead of strings, ensuring consistency with the resource schema.

---

Please update your configurations accordingly to avoid deployment errors.

Testing Evidence

Replace this with any testing evidence to show that your Pull Request works/fixes as described and planned (include screenshots, if appropriate).

As part of this Pull Request I have

• Read the Contribution Guide and ensured this PR is compliant with the guide
• Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
• Checked for duplicate Pull Requests
• Associated it with relevant GitHub Issues
• (ALZ Bicep Core Team Only) Associated it with relevant ADO Items
• Ensured my code/branch is up-to-date with the latest changes in the main branch
• Performed testing and provided evidence.
• Updated one or more of the following tests (if required)
  • Unit
  • Linting
  • E2E (End-To-End)
  • ValidateAzCloud (Base validation in Azure Cloud)
  • ValidateMcCloud (Base validation in Azure China Cloud)
• Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Wiki Docs etc.)
• If relevant, created or updated Code Tours here

[oZakari]

/azp run validateazcloud

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[jtracey93]

LGTM @oZakari

[oZakari]

/azp run validateazcloud

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[oZakari]

/azp run valdiateazcloud

[azure-pipelines]

No pipelines are associated with this pull request.