Bug Report: Policy initiative for Azure Bot Services only considers "Bot" groupId, missing "Token" groupId

**Describe the bug**
The [ESLZ policy initiative](https://github.com/Azure/Enterprise-Scale/blob/main/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.json) for Azure Bot Services only has "bot" groupId, but "Token" groupId is missing.

Notice that each groupId uses [different DNS Zones](https://learn.microsoft.com/azure/private-link/private-endpoint-dns#ai--machine-learning).

The initiative does not specify the privateEndpointGroupId used by the [built-in policy](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Bot%20Service/PrivateDNSZone_DINE.json), so it defaults to "Bot".

Will need two policyDefinitionReferenceIds, i.e. one "DINE-Private-DNS-Azure-BotService" for "Bot" and one for DINE-Private-DNS-Azure-BotServiceToken for "Token".

IIRC, previous versions of the initiative were including both groupIds.

**Steps to reproduce**

1. Create an Azure Bot Service.
2. Create a Private Endpoint for "Bot" and another for "Token" groupIds.
3. Only "Bot" gets the zone associated to "directline.botframework.com" zone.
4. The "Token" PE does not get associated to "privatelink.token.botframework.com" zone.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bug Report: Policy initiative for Azure Bot Services only considers "Bot" groupId, missing "Token" groupId #2012

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Bug Report: Policy initiative for Azure Bot Services only considers "Bot" groupId, missing "Token" groupId #2012

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions