From 7df7d06608439f3fc51fc6b14c8bd43b93cd3310 Mon Sep 17 00:00:00 2001 From: "Rodrigo Reis Santos (AZURE)" Date: Wed, 10 Apr 2024 04:09:49 -0400 Subject: [PATCH] updating learn more links --- .../AVS/privateClouds/recommendations.yaml | 138 ++--- .../service/recommendations.yaml | 30 +- .../automationAccounts/recommendations.yaml | 10 +- .../Batch/batchAccounts/recommendations.yaml | 12 +- .../Cache/Redis/recommendations.yaml | 6 +- .../Cdn/profiles/recommendations.yaml | 118 ++--- .../Compute/galleries/recommendations.yaml | 30 +- .../recommendations.yaml | 82 +-- .../virtualMachines/recommendations.yaml | 200 +++---- .../registries/recommendations.yaml | 76 +-- .../managedClusters/recommendations.yaml | 240 ++++----- .../flexibleServers/recommendations.yaml | 12 +- .../flexibleServers/recommendations.yaml | 12 +- .../workspaces/recommendations.yaml | 196 +++---- .../hostPools/recommendations.yaml | 212 ++++---- .../Devices/IotHubs/recommendations.yaml | 48 +- .../databaseAccounts/recommendations.yaml | 62 +-- .../EventGrid/topics/recommendations.yaml | 18 +- .../EventHub/namespaces/recommendations.yaml | 12 +- .../activityLogAlerts/recommendations.yaml | 24 +- .../Insights/components/recommendations.yaml | 6 +- .../KeyVault/vaults/recommendations.yaml | 30 +- .../netAppAccounts/recommendations.yaml | 92 ++-- .../recommendations.yaml | 38 +- .../applicationGateways/recommendations.yaml | 98 ++-- .../azureFirewalls/recommendations.yaml | 48 +- .../Network/connections/recommendations.yaml | 12 +- .../ddosProtectionPlans/recommendations.yaml | 6 +- .../expressRouteCircuits/recommendations.yaml | 54 +- .../expressRoutePorts/recommendations.yaml | 18 +- .../loadBalancers/recommendations.yaml | 28 +- .../recommendations.yaml | 30 +- .../networkWatchers/recommendations.yaml | 12 +- .../privateDnsZones/recommendations.yaml | 18 +- .../privateEndpoints/recommendations.yaml | 6 +- .../publicIPAddresses/recommendations.yaml | 30 +- .../Network/routeTables/recommendations.yaml | 12 +- .../recommendations.yaml | 36 +- .../recommendations.yaml | 100 ++-- .../virtualNetworks/recommendations.yaml | 38 +- .../recommendations.yaml | 6 +- .../workspaces/recommendations.yaml | 34 +- .../vaults/recommendations.yaml | 40 +- .../resourceGroups/recommendations.yaml | 16 +- .../namespaces/recommendations.yaml | 14 +- .../SignalR/recommendations.yaml | 6 +- .../Sql/servers/recommendations.yaml | 52 +- .../storageAccounts/recommendations.yaml | 84 +-- .../subscriptions/recommendations.yaml | 6 +- .../imageTemplates/recommendations.yaml | 16 +- .../Web/serverFarms/recommendations.yaml | 38 +- .../Web/sites/recommendations.yaml | 40 +- .../recommendations.yaml | 497 ++++++++++++++++++ azure-waf/define/recommendations.yaml | 16 +- azure-waf/deploy/recommendations.yaml | 12 +- azure-waf/design/recommendations.yaml | 58 +- azure-waf/monitor/recommendations.yaml | 34 +- azure-waf/respond/recommendations.yaml | 10 +- azure-waf/test/recommendations.yaml | 30 +- 59 files changed, 1878 insertions(+), 1381 deletions(-) create mode 100644 azure-specialized-workloads/recommendations.yaml diff --git a/azure-resources/AVS/privateClouds/recommendations.yaml b/azure-resources/AVS/privateClouds/recommendations.yaml index 3efc8c780..ec3a22166 100644 --- a/azure-resources/AVS/privateClouds/recommendations.yaml +++ b/azure-resources/AVS/privateClouds/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Ensure Azure Service Health notifications are set for Azure VMware Solution across all used regions and subscriptions. This communicates service/security issues and maintenance activities like host replacements and upgrades, reducing service request submissions. - potentialBenefits: Prompt mitigation of issues. + potentialBenefits Prompt mitigation of issues. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-management-and-monitoring#design-recommendations + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-management-and-monitoring#design-recommendations" - description: Monitor when Azure VMware Solution Private Cloud is reaching the capacity limit aprlGuid: 29d7a115-dfb6-4df1-9205-04824109548f @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Set an alert for when the node count in Azure VMware Solution Private Cloud hits or exceeds 90 hosts, enabling timely planning for a new private cloud. - potentialBenefits: Proactive capacity planning + potentialBenefits Proactive capacity planning pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure and streamline alerts - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + - name: Configure and streamline alerts + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" - description: Monitor when Azure VMware Solution Cluster Size is approaching the host limit aprlGuid: f86355e3-de7c-4dad-8080-1b0b411e66c8 @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Alert when the cluster size reaches 14 hosts. Set up periodic alerts for planning new clusters or datastores due to growth, especially from storage needs. Beyond 14 hosts, trigger alerts for each new host addition for proactive resource monitoring. - potentialBenefits: Proactive resource management + potentialBenefits Proactive resource management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" - description: Use the AVS Interconnect feature to connect private clouds in different availability zones aprlGuid: 726abfe3-adae-4a6d-8eb8-4b27a7214ca1 @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Use the Interconnect feature for direct communication between private clouds in different availability zones, enabling connectivity between the private clouds management and workload networks. - potentialBenefits: Enhanced private cloud connectivity + potentialBenefits Enhanced private cloud connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Connect Private Clouds in the same region - url: https://learn.microsoft.com/en-us/azure/azure-vmware/connect-multiple-private-clouds-same-region + - name: Connect Private Clouds in the same region + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/connect-multiple-private-clouds-same-region" - description: Integrate LDAPS Identity with dual sources for enhanced NSX and vCenter security aprlGuid: c2794660-ffd7-4da3-96ba-5d546b70b1c6 @@ -83,17 +83,17 @@ recommendationMetadataState: Active longDescription: | Ensure two external identity sources are configured for NSX and vCenter Server. The VMware vCenter Server and NSX Manager use these for authentication with external identities. - potentialBenefits: Continuous login access during maintenances + potentialBenefits Continuous login access during maintenances pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Set an external identity source for vCenter - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-identity-source-vcenter - - name: Set an external identity for NSX-T - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-external-identity-source-nsx-t + - name: Set an external identity source for vCenter + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-identity-source-vcenter" + - name: Set an external identity for NSX-T + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-external-identity-source-nsx-t" - description: Use HCX Network Extension High Availability aprlGuid: bce16eee-0933-4baa-ab4d-8d1bb5653fc2 @@ -104,17 +104,17 @@ recommendationMetadataState: Active longDescription: | Enable Network Extension High Availability for appliance failure tolerance in HCX service. It pairs selected appliances for Active Standby configuration, ensuring high availability and quick recovery, keeping configurations in-service despite failures. - potentialBenefits: Improves HCX service continuity + potentialBenefits Improves HCX service continuity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: HCX Network extension high availability - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-hcx-network-extension-high-availability - - name: Understanding Network Extension High Availability - url: https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-E1353511-697A-44B0-82A0-852DB55F97D7.html + - name: HCX Network extension high availability + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-hcx-network-extension-high-availability" + - name: Understanding Network Extension High Availability + url: "https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-E1353511-697A-44B0-82A0-852DB55F97D7.html" - description: Verify Management Networks are not extended with HCX Network Extension aprlGuid: 6be9a543-cf82-4926-82ea-7e1f1ffaad80 @@ -125,15 +125,15 @@ recommendationMetadataState: Active longDescription: | Do not extend the network used by the HCX Management devices to ensure the network's security and stability. - potentialBenefits: Enhanced network safety & performance + potentialBenefits Enhanced network safety & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Requirements for Network Extension - url: https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-0C746416-850E-46F7-85DD-4D4326A23785.html + - name: Requirements for Network Extension + url: "https://docs.vmware.com/en/VMware-HCX/4.8/hcx-user-guide/GUID-0C746416-850E-46F7-85DD-4D4326A23785.html" - description: Enable Stretched Clusters for Multi-AZ Availability of the vSAN Datastore aprlGuid: 9ec5b4c8-3dd8-473a-86ee-3273290331b9 @@ -144,17 +144,17 @@ recommendationMetadataState: Active longDescription: | For Azure VMware Solution, enabling Stretched Clusters offers 99.99% SLA, synchronous storage replication (RPO=0), and spreads vSAN datastore across two AZs. Must be done at initial setup, needing double quota due to extension across AZs. - potentialBenefits: 99.99% SLA, 0 RPO, Multi-AZ + potentialBenefits 99.99% SLA, 0 RPO, Multi-AZ pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/infrastructure#implement-high-availability - - name: Stretched Clusters - url: https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/infrastructure#implement-high-availability" + - name: Stretched Clusters + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters" - description: Verify vSAN FTT configuration aligns with the cluster size aprlGuid: 0943aa90-e3db-4c61-aef1-782b6a6a3881 @@ -165,17 +165,17 @@ recommendationMetadataState: Active longDescription: | The Azure VMware Solution's service SLA is influenced by vSAN storage policies, which change based on cluster size. For clusters over 6 hosts, an FTT-2 policy (RAID-1 or RAID-6) is advised. FTT refers to the Fault Tolerance feature. - potentialBenefits: Enhanced cluster reliability + potentialBenefits Enhanced cluster reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Use fault domains - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/application-platform#use-fault-domains - - name: Configure storage policy - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-storage-policy + - name: Use fault domains + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/application-platform#use-fault-domains" + - name: Configure storage policy + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-storage-policy" - description: Configure Azure Monitor Alert warning thresholds for vSAN datastore utilization aprlGuid: 4232eb32-3241-4049-9e14-9b8005817b56 @@ -186,15 +186,15 @@ recommendationMetadataState: Active longDescription: | Ensure VMware vSAN datastore slack space is maintained for SLA by monitoring storage utilization and setting alerts at 70% and 75% utilization to allow for capacity planning. To expand, add hosts or external storage like Azure Elastic SAN, Azure NetApp Files, if CPU and RAM requirements are met. - potentialBenefits: Optimized capacity planning for vSAN + potentialBenefits Optimized capacity planning for vSAN pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-alerts-for-azure-vmware-solution#supported-metrics-and-activities + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-alerts-for-azure-vmware-solution#supported-metrics-and-activities" - description: Configure Syslog in Diagnostic Settings for Azure VMware Solution aprlGuid: fa4ab927-bced-429a-971a-53350de7f14b @@ -205,15 +205,15 @@ recommendationMetadataState: Active longDescription: | Ensure Diagnostic Settings are configured for each private cloud to send syslogs to external sources for analysis and/or archiving. Azure VMware Solution Syslogs contain data for troubleshooting and performance, aiding quicker issue resolution and early detection of issues. - potentialBenefits: Faster issue resolution, early detection + potentialBenefits Faster issue resolution, early detection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#manage-logs-and-archives + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#manage-logs-and-archives" - description: Monitor CPU Utilization to ensure sufficient resources for workloads aprlGuid: 4ee5d535-c47b-470a-9557-4a3dd297d62f @@ -224,15 +224,15 @@ recommendationMetadataState: Active longDescription: | Ensure sufficient compute resources to avoid host resource exhaustion in Azure VMware Solution, which utilizes vSphere DRS and HA for dynamic workload resource management. However, sustained CPU utilization over 95% may increase CPU Ready times, impacting workloads. - potentialBenefits: Avoids resource exhaustion, optimizes performance + potentialBenefits Avoids resource exhaustion, optimizes performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" - description: Monitor Memory Utilization to ensure sufficient resources for workloads aprlGuid: 029208c8-5186-4a76-8ee8-6e3445fef4dd @@ -243,15 +243,15 @@ recommendationMetadataState: Active longDescription: | Ensure sufficient memory resources to prevent host resource exhaustion in Azure VMware Solution. It uses vSphere DRS and vSphere HA for dynamic workload management. Yet, continuous memory use over 95% leads to disk swapping, affecting workloads. - potentialBenefits: Avoids host exhaustion & swapping + potentialBenefits Avoids host exhaustion & swapping pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-vmware/monitoring#configure-and-streamline-alerts" - description: Apply Resource delete lock on the resource group hosting the private cloud aprlGuid: a5ef7c05-c611-4842-9af5-11efdc99123a @@ -262,15 +262,15 @@ recommendationMetadataState: Active longDescription: | Applying a resource delete lock to the Azure VMware Solution Private Cloud resource group prevents unauthorized or accidental deletion by anyone with contributor access, ensuring the protection and reliability of the Azure VMware Solution Private Cloud. - potentialBenefits: Prevents accidental deletion + potentialBenefits Prevents accidental deletion pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Lock your resources to protect your infrastructure - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources + - name: Lock your resources to protect your infrastructure + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources" - description: Align ExpressRoute configuration with best practices for circuit resilience aprlGuid: 6f573d60-be93-4f18-8016-42e923e3c05e @@ -281,17 +281,17 @@ recommendationMetadataState: Active longDescription: | Microsoft suggests using two or more ExpressRoute circuits at distinct peering locations for critical workloads. Connect these circuits and your Azure VMware Solutions private clouds using Global Reach. - potentialBenefits: Enhanced circuit resilience for Azure VMware + potentialBenefits Enhanced circuit resilience for Azure VMware pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: APRL guidance for ExpressRoute circuits - url: https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-circuits - - name: Create a new ExpressRoute circuit - url: https://learn.microsoft.com/azure/expressroute/expressroute-howto-circuit-portal-resource-manager?pivots=expressroute-preview#create-a-new-expressroute-circuit-preview + - name: APRL guidance for ExpressRoute circuits + url: "https://azure.github.io/Azure-Proactive-Resiliency-Library/services/networking/expressroute-circuits" + - name: Create a new ExpressRoute circuit + url: "https://learn.microsoft.com/azure/expressroute/expressroute-howto-circuit-portal-resource-manager?pivots=expressroute-preview#create-a-new-expressroute-circuit-preview" - description: Deploy dual Azure VMware Solution clouds in different regions for disaster recovery aprlGuid: bdac462a-2eda-4a67-887d-46d58f141afe @@ -302,17 +302,17 @@ recommendationMetadataState: Active longDescription: | Two Azure VMware Solution private clouds can be deployed in different regions for business continuity, implementing a mesh network topology based on ExpressRoute Gateway Connections and Global Reach Connections. - potentialBenefits: Enhanced disaster recovery + potentialBenefits Enhanced disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Private Clouds in two regions - url: https://learn.microsoft.com/en-us/azure/azure-vmware/move-azure-vmware-solution-across-regions - - name: Dual Region Network Topology - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-dual-region-network-topology + - name: Private Clouds in two regions + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/move-azure-vmware-solution-across-regions" + - name: Dual Region Network Topology + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-vmware/eslz-dual-region-network-topology" - description: Deploy two or more circuits in different peering locations when using stretched clusters aprlGuid: 91c84596-1c41-48fe-8d5e-3f817e6a273b @@ -323,15 +323,15 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution vSAN stretched clusters cover 2 Availability Zones plus a third for witness. Use ExpressRoute for added resilience by deploying two circuits in different locations. With Global Reach, create a mesh topology by connecting on-premises circuits to Azure's managed circuits. - potentialBenefits: Enhanced resilience & connectivity + potentialBenefits Enhanced resilience & connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Deploy vSAN streched cluster - url: https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters#deploy-a-stretched-cluster-private-cloud + - name: Deploy vSAN streched cluster + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/deploy-vsan-stretched-clusters#deploy-a-stretched-cluster-private-cloud" - description: Use key autorotation for vSAN datastore customer-managed keys aprlGuid: e0ac2f57-c8c0-4b8c-a7c8-19e5797828b5 @@ -342,15 +342,15 @@ recommendationMetadataState: Active longDescription: | When using customer-managed keys for encrypting vSAN datastores, leveraging Azure Key Vault for central management and accessing them via a managed identity linked to the private cloud is advised. The expiration of these keys can render the vSAN datastore and its associated workloads inaccessible. - potentialBenefits: Avoid outages with key auto-rotation + potentialBenefits Avoid outages with key auto-rotation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure Customer Managed Keys - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-customer-managed-keys?tabs=azure-portal + - name: Configure Customer Managed Keys + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-customer-managed-keys?tabs=azure-portal" - description: Use multiple DNS servers per private FQDN zone aprlGuid: fcc2e257-23af-4c68-aac8-9cc03033c939 @@ -361,13 +361,13 @@ recommendationMetadataState: Active longDescription: | Azure VMware Solution private clouds support up to three DNS servers for a single FQDN, preventing a single DNS server from becoming a point of failure. It's crucial to use multiple DNS servers for on-premises FQDN resolution from each private cloud. - potentialBenefits: Enhances reliability & avoids failure + potentialBenefits Enhances reliability & avoids failure pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure DNS forwarder - url: https://learn.microsoft.com/en-us/azure/azure-vmware/configure-dns-azure-vmware-solution#configure-dns-forwarder + - name: Configure DNS forwarder + url: "https://learn.microsoft.com/en-us/azure/azure-vmware/configure-dns-azure-vmware-solution#configure-dns-forwarder" diff --git a/azure-resources/ApiManagement/service/recommendations.yaml b/azure-resources/ApiManagement/service/recommendations.yaml index e645e0c3a..68ad59dde 100644 --- a/azure-resources/ApiManagement/service/recommendations.yaml +++ b/azure-resources/ApiManagement/service/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Upgrading the API Management instance to the Premium SKU adds support for Availability Zones, enhancing availability and resilience by distributing services across physically separate locations within Azure regions. - potentialBenefits: Enhanced availability & resilience + potentialBenefits Enhanced availability & resilience pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Change your API Management service tier - url: https://learn.microsoft.com/en-us/azure/api-management/upgrade-and-scale#change-your-api-management-service-tier - - name: Migrate Azure API Management to availability zone support - url: https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt + - name: Change your API Management service tier + url: "https://learn.microsoft.com/en-us/azure/api-management/upgrade-and-scale#change-your-api-management-service-tier" + - name: Migrate Azure API Management to availability zone support + url: "https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt" - description: Enable Availability Zones on Premium API Management instances aprlGuid: 740f2c1c-8857-4648-80eb-47d2c56d5a50 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | Zone redundancy for APIM instances ensures the gateway and control plane (Management API, developer portal, Git configuration) are replicated across datacenters in physically separated zones, boosting resilience to zone failures. - potentialBenefits: Improved resilience to zone failures + potentialBenefits Improved resilience to zone failures pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Ensure API Management availability and reliability - url: https://learn.microsoft.com/en-us/azure/api-management/high-availability#availability-zones - - name: Migrate Azure API Management to availability zone support - url: https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt + - name: Ensure API Management availability and reliability + url: "https://learn.microsoft.com/en-us/azure/api-management/high-availability#availability-zones" + - name: Migrate Azure API Management to availability zone support + url: "https://learn.microsoft.com/en-us/azure/reliability/migrate-api-mgt" - description: Upgrade to platform version stv2 aprlGuid: e35cf148-8eee-49d1-a1c9-956160f99e0b @@ -49,15 +49,15 @@ recommendationMetadataState: Active longDescription: | Upgrading to API Management stv2 is required as stv1 retires on 31 Aug 2024, offering enhanced capabilities with the new platform version. - potentialBenefits: Ensures service continuity + potentialBenefits Ensures service continuity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure API Management - stv1 platform retirement (August 2024) - url: https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/stv1-platform-retirement-august-2024 - - name: Azure API Management compute platform - url: https://learn.microsoft.com/en-us/azure/api-management/compute-infrastructure + - name: Azure API Management - stv1 platform retirement (August 2024) + url: "https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/stv1-platform-retirement-august-2024" + - name: Azure API Management compute platform + url: "https://learn.microsoft.com/en-us/azure/api-management/compute-infrastructure" diff --git a/azure-resources/Automation/automationAccounts/recommendations.yaml b/azure-resources/Automation/automationAccounts/recommendations.yaml index 6bcbc0d29..87c5b823d 100644 --- a/azure-resources/Automation/automationAccounts/recommendations.yaml +++ b/azure-resources/Automation/automationAccounts/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Set up disaster recovery for Automation accounts and resources like Modules, Connections, Credentials, Certificates, Variables, and Schedules to deal with region or zone failures. A replica Automation account should be ready in a secondary region for failover. - potentialBenefits: Ensures continuity during outages + potentialBenefits Ensures continuity during outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Disaster recovery for Automation accounts - url: https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one - - name: Disaster recovery scenarios for cloud and hybrid jobs - url: https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one#scenarios-for-cloud-and-hybrid-jobs + - name: Disaster recovery for Automation accounts + url: "https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one" + - name: Disaster recovery scenarios for cloud and hybrid jobs + url: "https://learn.microsoft.com/en-us/azure/automation/automation-disaster-recovery?tabs=win-hrw%2Cps-script%2Coption-one#scenarios-for-cloud-and-hybrid-jobs" diff --git a/azure-resources/Batch/batchAccounts/recommendations.yaml b/azure-resources/Batch/batchAccounts/recommendations.yaml index bb3776f76..545165065 100644 --- a/azure-resources/Batch/batchAccounts/recommendations.yaml +++ b/azure-resources/Batch/batchAccounts/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | To ensure cross-region disaster recovery and business continuity, set the right quotas for all Batch accounts to allocate necessary core numbers upfront, preventing execution interruptions from reaching quota limits. - potentialBenefits: Ensures business continuity + potentialBenefits Ensures business continuity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/azure/reliability/reliability-batch#cross-region-disaster-recovery-and-business-continuity + - name: Learn More + url: "https://learn.microsoft.com/azure/reliability/reliability-batch#cross-region-disaster-recovery-and-business-continuity" - description: Create an Azure Batch pool across Availability Zones aprlGuid: 71cfab8f-d588-4742-b175-b6e07ae48dbd @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | When using Virtual Machine Configuration for Azure Batch pools, opting to distribute your pool across Availability Zones bolsters your compute nodes against Azure datacenter failures. - potentialBenefits: Enhanced reliability & failure protection + potentialBenefits Enhanced reliability & failure protection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/azure/batch/create-pool-availability-zones + - name: Learn More + url: "https://learn.microsoft.com/azure/batch/create-pool-availability-zones" diff --git a/azure-resources/Cache/Redis/recommendations.yaml b/azure-resources/Cache/Redis/recommendations.yaml index 35d7abff4..9e57f4ac1 100644 --- a/azure-resources/Cache/Redis/recommendations.yaml +++ b/azure-resources/Cache/Redis/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | Azure Cache for Redis offers zone redundancy in Premium and Enterprise tiers, using VMs across multiple Availability Zones to ensure greater resilience and availability. - potentialBenefits: Higher resilience & availability + potentialBenefits Higher resilience & availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Enable zone redundancy for Azure Cache for Redis - url: https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy + - name: Enable zone redundancy for Azure Cache for Redis + url: "https://learn.microsoft.com/azure/azure-cache-for-redis/cache-how-to-zone-redundancy" diff --git a/azure-resources/Cdn/profiles/recommendations.yaml b/azure-resources/Cdn/profiles/recommendations.yaml index d42141865..cecc36a05 100644 --- a/azure-resources/Cdn/profiles/recommendations.yaml +++ b/azure-resources/Cdn/profiles/recommendations.yaml @@ -7,21 +7,21 @@ recommendationMetadataState: Active longDescription: | For most solutions, choose either Azure Front Door for content caching, CDN, TLS termination, and WAF, or Traffic Manager for simple global load balancing. - potentialBenefits: Optimized network routing and security + potentialBenefits Optimized network routing and security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Load Balancing Options - url: https://learn.microsoft.com/azure/architecture/guide/technology-choices/load-balancing-overview - - name: Azure Traffic Manager - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-overview - - name: Azure Front Door - url: https://learn.microsoft.com/azure/frontdoor/front-door-overview - - name: Mission-critical global content delivery - url: https://learn.microsoft.com/en-us/azure/architecture/guide/networking/global-web-applications/mission-critical-content-delivery + - name: Azure Load Balancing Options + url: "https://learn.microsoft.com/azure/architecture/guide/technology-choices/load-balancing-overview" + - name: Azure Traffic Manager + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-overview" + - name: Azure Front Door + url: "https://learn.microsoft.com/azure/frontdoor/front-door-overview" + - name: Mission-critical global content delivery + url: "https://learn.microsoft.com/en-us/azure/architecture/guide/networking/global-web-applications/mission-critical-content-delivery" - description: Restrict traffic to your origins aprlGuid: 6c40b7ae-2bea-5748-be1a-9e9e3b834649 @@ -32,15 +32,15 @@ recommendationMetadataState: Active longDescription: | Front Door's features perform optimally when traffic exclusively comes through Front Door. It's advised to set up your origin to deny access to traffic that bypasses Front Door. - potentialBenefits: Enhances security & performance + potentialBenefits Enhances security & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Secure traffic to Azure Front Door origins - url: https://learn.microsoft.com/azure/frontdoor/origin-security?tabs=app-service-functions&pivots=front-door-standard-premium + - name: Secure traffic to Azure Front Door origins + url: "https://learn.microsoft.com/azure/frontdoor/origin-security?tabs=app-service-functions&pivots=front-door-standard-premium" - description: Use the latest API version and SDK version aprlGuid: 52bc9a7b-23c8-bc4c-9d2a-7bc43b50104a @@ -51,19 +51,19 @@ recommendationMetadataState: Active longDescription: | When working with Azure Front Door through APIs, ARM templates, Bicep, or SDKs, using the latest API or SDK version is crucial. Updates bring new functions, important security patches, and bug fixes. - potentialBenefits: Enhanced security & features + potentialBenefits Enhanced security & features pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: REST API Reference - url: https://learn.microsoft.com/rest/api/frontdoor/ - - name: Client library for Java - url: https://learn.microsoft.com/java/api/overview/azure/resourcemanager-frontdoor-readme?view=azure-java-preview - - name: SDK for Python - url: https://learn.microsoft.com/python/api/overview/azure/front-door?view=azure-python + - name: REST API Reference + url: "https://learn.microsoft.com/rest/api/frontdoor/" + - name: Client library for Java + url: "https://learn.microsoft.com/java/api/overview/azure/resourcemanager-frontdoor-readme?view=azure-java-preview" + - name: SDK for Python + url: "https://learn.microsoft.com/python/api/overview/azure/front-door?view=azure-python" - description: Configure logs aprlGuid: 1ad74c3c-e3d7-0046-b83f-a2199974ef15 @@ -74,19 +74,19 @@ recommendationMetadataState: Active longDescription: | Front Door logs offer comprehensive telemetry on each request, crucial for understanding your solution's performance and responses, especially when caching is enabled, as origin servers might not receive every request. - potentialBenefits: Enhanced insights and solution monitoring + potentialBenefits Enhanced insights and solution monitoring pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitor metrics and logs in Azure Front Door - url: https://learn.microsoft.com/azure/frontdoor/front-door-diagnostics?pivots=front-door-standard-premium - - name: WAF logs - url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#waf-logs - - name: Configure Azure Front Door logs - url: https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-logs + - name: Monitor metrics and logs in Azure Front Door + url: "https://learn.microsoft.com/azure/frontdoor/front-door-diagnostics?pivots=front-door-standard-premium" + - name: WAF logs + url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#waf-logs" + - name: Configure Azure Front Door logs + url: "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-logs" - description: Use end-to-end TLS aprlGuid: d9bd6780-0d6f-cd4c-bc66-8ddcab12f3d1 @@ -97,15 +97,15 @@ recommendationMetadataState: Active longDescription: | Front Door terminates TCP and TLS connections from clients and establishes new connections from each PoP to the origin. Securing these connections with TLS, even for Azure-hosted origins, ensures data is always encrypted during transit. - potentialBenefits: Ensures data encryption in transit + potentialBenefits Ensures data encryption in transit pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: End-to-end TLS with Azure Front Door - url: https://learn.microsoft.com/azure/frontdoor/end-to-end-tls?pivots=front-door-standard-premium + - name: End-to-end TLS with Azure Front Door + url: "https://learn.microsoft.com/azure/frontdoor/end-to-end-tls?pivots=front-door-standard-premium" - description: Use HTTP to HTTPS redirection aprlGuid: 24ab9f11-a3e4-3043-a985-22cf94c4933a @@ -116,15 +116,15 @@ recommendationMetadataState: Active longDescription: | Using HTTPS is ideal for secure connections. However, for compatibility with older clients, HTTP requests may be necessary. Azure Front Door enables auto redirection of HTTP to HTTPS, enhancing security without sacrificing accessibility. - potentialBenefits: Enhances security and compliance + potentialBenefits Enhances security and compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Create HTTP to HTTPS redirect rule - url: https://learn.microsoft.com/azure/frontdoor/front-door-how-to-redirect-https#create-http-to-https-redirect-rule + - name: Create HTTP to HTTPS redirect rule + url: "https://learn.microsoft.com/azure/frontdoor/front-door-how-to-redirect-https#create-http-to-https-redirect-rule" - description: Use managed TLS certificates aprlGuid: 29d65c41-2fad-d142-95eb-9eab95f6c0a5 @@ -135,15 +135,15 @@ recommendationMetadataState: Active longDescription: | When Front Door manages your TLS certificates, it reduces your operational costs and helps you to avoid costly outages caused by forgetting to renew a certificate. Front Door automatically issues and rotates the managed TLS certificates. - potentialBenefits: Lowers costs, avoids outages + potentialBenefits Lowers costs, avoids outages pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure HTTPS on an Azure Front Door custom domain using the Azure portal - url: https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell + - name: Configure HTTPS on an Azure Front Door custom domain using the Azure portal + url: "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell" - description: Use latest version for customer-managed certificates aprlGuid: 4638c2c0-03de-6d42-9e09-82ee4478cbf3 @@ -154,15 +154,15 @@ recommendationMetadataState: Active longDescription: | If you use your own TLS certificates, set the Key Vault certificate version to 'Latest' to avoid reconfiguring Azure Front Door for new certificate versions and waiting for deployment across Front Door's environments. - potentialBenefits: Saves time & automates TLS updates + potentialBenefits Saves time & automates TLS updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Select the certificate for Azure Front Door to deploy - url: https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell#select-the-certificate-for-azure-front-door-to-deploy + - name: Select the certificate for Azure Front Door to deploy + url: "https://learn.microsoft.com/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain?tabs=powershell#select-the-certificate-for-azure-front-door-to-deploy" - description: Use the same domain name on Front Door and your origin aprlGuid: cd6a32af-747a-e649-82a7-a98f528ca842 @@ -173,15 +173,15 @@ recommendationMetadataState: Active longDescription: | Front Door can rewrite Host headers for custom domain names routing to a single origin, useful for avoiding custom domain configuration at both Front Door and the origin. - potentialBenefits: Improves session/auth handling + potentialBenefits Improves session/auth handling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Preserve the original HTTP host name between a reverse proxy and its back-end web application - url: https://learn.microsoft.com/azure/architecture/best-practices/host-name-preservation + - name: Preserve the original HTTP host name between a reverse proxy and its back-end web application + url: "https://learn.microsoft.com/azure/architecture/best-practices/host-name-preservation" - description: Enable the WAF aprlGuid: 1bd2b7e8-400f-e64a-99a2-c572f7b08a62 @@ -192,15 +192,15 @@ recommendationMetadataState: Active longDescription: | For internet-facing applications, enabling the Front Door web application firewall (WAF) and configuring it to use managed rules is recommended for protection against a wide range of attacks using Microsoft-managed rules. - potentialBenefits: Enhances web app security + potentialBenefits Enhances web app security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: https://learn.microsoft.com/azure/frontdoor/web-application-firewall - url: https://learn.microsoft.com/azure/frontdoor/web-application-firewall + - name: https://learn.microsoft.com/azure/frontdoor/web-application-firewall + url: "https://learn.microsoft.com/azure/frontdoor/web-application-firewall" - description: Disable health probes when there is only one origin in an origin group aprlGuid: 38f3d542-6de6-a44b-86c6-97e3be690281 @@ -211,15 +211,15 @@ recommendationMetadataState: Active longDescription: | Front Door health probes help detect unavailable or unhealthy origins, directing traffic to alternate origins if needed. - potentialBenefits: Reduces unnecessary origin traffic + potentialBenefits Reduces unnecessary origin traffic pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Health probes - url: https://learn.microsoft.com/azure/frontdoor/health-probes + - name: Health probes + url: "https://learn.microsoft.com/azure/frontdoor/health-probes" - description: Select good health probe endpoints aprlGuid: 5225bba3-28ec-1e43-8986-7eedfd466d65 @@ -230,15 +230,15 @@ recommendationMetadataState: Active longDescription: | Consider selecting a webpage or location specifically designed for health monitoring as the endpoint for Azure Front Door's health probes. This should encompass the status of critical components like application servers, databases, and caches to serve production traffic efficiently. - potentialBenefits: Improves traffic routing & uptime + potentialBenefits Improves traffic routing & uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Health Endpoint Monitoring pattern - url: https://learn.microsoft.com/azure/architecture/patterns/health-endpoint-monitoring + - name: Health Endpoint Monitoring pattern + url: "https://learn.microsoft.com/azure/architecture/patterns/health-endpoint-monitoring" - description: Use HEAD health probes aprlGuid: 5783defe-b49e-d947-84f7-d8677593f324 @@ -249,15 +249,15 @@ recommendationMetadataState: Active longDescription: | Health probes in Azure Front Door can use GET or HEAD HTTP methods. Using the HEAD method for health probes is a recommended practice because it reduces the traffic load on your origins, being less resource-intensive. - potentialBenefits: Reduces traffic load on origins + potentialBenefits Reduces traffic load on origins pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Supported HTTP methods for health probes - url: https://learn.microsoft.com/azure/frontdoor/health-probes#supported-http-methods-for-health-probes + - name: Supported HTTP methods for health probes + url: "https://learn.microsoft.com/azure/frontdoor/health-probes#supported-http-methods-for-health-probes" - description: Use geo-filtering in Azure Front Door aprlGuid: b515690d-3bf9-3a49-8d38-188e0fd45896 @@ -268,15 +268,15 @@ recommendationMetadataState: Active longDescription: | Azure Front Door's geo-filtering through WAF enables defining custom access rules by country/region to restrict or allow web app access. - potentialBenefits: Enhanced regional access control + potentialBenefits Enhanced regional access control pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Geo filter WAF policy - GeoMatch - url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-geo-filtering + - name: Geo filter WAF policy - GeoMatch + url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-geo-filtering" - description: Secure your Origin with Private Link in Azure Front Door aprlGuid: 1cfe7834-56ec-ff41-b11d-993734705dba @@ -287,13 +287,13 @@ recommendationMetadataState: Active longDescription: | Azure Private Link enables secure access to Azure PaaS and services over a private endpoint in your virtual network, ensuring traffic goes over the Microsoft backbone network, not the public internet. - potentialBenefits: Enhanced security & private connectivity + potentialBenefits Enhanced security & private connectivity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Private link for Azure Front Door - url: https://learn.microsoft.com/azure/frontdoor/private-link + - name: Private link for Azure Front Door + url: "https://learn.microsoft.com/azure/frontdoor/private-link" diff --git a/azure-resources/Compute/galleries/recommendations.yaml b/azure-resources/Compute/galleries/recommendations.yaml index f29d6dda5..75269c691 100644 --- a/azure-resources/Compute/galleries/recommendations.yaml +++ b/azure-resources/Compute/galleries/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Keeping a minimum of 3 replicas for production images in Azure's Compute Gallery ensures scalability and prevents throttling in multi-VM deployments by distributing VM deployments across different replicas. This reduces the risk of overloading a single replica. - potentialBenefits: Enhances scalability & avoids throttling + potentialBenefits Enhances scalability & avoids throttling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Compute Gallery best practices - url: https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices + - name: Compute Gallery best practices + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices" - description: Zone redundant storage should be used for image versions aprlGuid: 488dcc8b-f2e3-40ce-bf95-73deb2db095f @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | Use ZRS for high availability when creating image/VM versions in Azure Compute Gallery, offering resilience against Availability Zone failures. ZRS accounts are advisable in regions with Availability Zones, with the choice of Standard_ZRS recommended over Standard_LRS for these regions. - potentialBenefits: Enhances image version availability + potentialBenefits Enhances image version availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Compute Gallery best practices - url: https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices - - name: Zone-redundant storage - url: https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy#zone-redundant-storage + - name: Compute Gallery best practices + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices" + - name: Zone-redundant storage + url: "https://learn.microsoft.com/en-us/azure/storage/common/storage-redundancy#zone-redundant-storage" - description: Consider creating TrustedLaunchSupported images where possible aprlGuid: 1c5e1e58-4e56-491c-8529-10f37af9d4ed @@ -47,17 +47,17 @@ recommendationMetadataState: Active longDescription: | We recommend creating Trusted Launch Supported Images for benefits like Secure Boot, vTPM, trusted launch VMs, large boot volume. These are Gen 2 Images by default and you cannot change a VM's generation after creation, so review the considerations first. - potentialBenefits: Enhances VM security and features + potentialBenefits Enhances VM security and features pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Compute Gallery best practices - url: https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices - - name: Generation 1 vs Generation 2 in Hyper-V - url: https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v - - name: Images in Compute gallery - url: https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries?tabs=azure-cli + - name: Compute Gallery best practices + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/azure-compute-gallery#best-practices" + - name: Generation 1 vs Generation 2 in Hyper-V + url: "https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v" + - name: Images in Compute gallery + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/shared-image-galleries?tabs=azure-cli" diff --git a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml index 530d1289d..f88340672 100644 --- a/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml +++ b/azure-resources/Compute/virtualMachineScaleSets/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Deploying even single instance VMs into a scale set with Flexible orchestration mode future-proofs applications for scaling and availability. This mode guarantees high availability (up to 1000 VMs) by distributing VMs across fault domains in a region or within an Availability Zone. - potentialBenefits: Higher scalability & availability + potentialBenefits Higher scalability & availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: When to use VMSS instead of VMs - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-design-overview#when-to-use-scale-sets-instead-of-virtual-machines - - name: Azure Well-Architected Framework review - Virtual Machines and Scale Sets - url: https://learn.microsoft.com/azure/well-architected/services/compute/virtual-machines/virtual-machines-review + - name: When to use VMSS instead of VMs + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-design-overview#when-to-use-scale-sets-instead-of-virtual-machines" + - name: Azure Well-Architected Framework review - Virtual Machines and Scale Sets + url: "https://learn.microsoft.com/azure/well-architected/services/compute/virtual-machines/virtual-machines-review" - description: Enable VMSS application health monitoring aprlGuid: 94794d2a-eff0-2345-9b67-6f9349d0a627 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Monitoring application health in Azure Virtual Machine Scale Sets is crucial for deployment management. It supports rolling upgrades such as automatic OS-image upgrades and VM guest patching, leveraging health monitoring for upgrading. - potentialBenefits: Enhances deployment management & upgrades + potentialBenefits Enhances deployment management & upgrades pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Using Application Health extension with Virtual Machine Scale Sets - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension?tabs=rest-api + - name: Using Application Health extension with Virtual Machine Scale Sets + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-health-extension?tabs=rest-api" - description: Enable Automatic Repair policy aprlGuid: 820f4743-1f94-e946-ae0b-45efafd87962 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Enabling automatic instance repairs in Azure Virtual Machine Scale Sets enhances application availability through a continuous health check and maintenance process. - potentialBenefits: Boosts app availability by auto-repair + potentialBenefits Boosts app availability by auto-repair pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Automatic instance repairs for Azure Virtual Machine Scale Sets - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs#requirements-for-using-automatic-instance-repairs + - name: Automatic instance repairs for Azure Virtual Machine Scale Sets + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs#requirements-for-using-automatic-instance-repairs" - description: Configure VMSS Autoscale to custom and configure the scaling metrics aprlGuid: ee66ff65-9aa3-2345-93c1-25827cf79f44 @@ -66,17 +66,17 @@ recommendationMetadataState: Active longDescription: | Use custom autoscale for VMSS based on metrics and schedules to improve performance and cost effectiveness, adjusting instances as demand changes. - potentialBenefits: Enhances performance & cost-efficiency + potentialBenefits Enhances performance & cost-efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Get started with autoscale in Azure - url: https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-get-started?WT.mc_id=Portal-Microsoft_Azure_Monitoring - - name: Overview of autoscale in Azure - url: https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-overview + - name: Get started with autoscale in Azure + url: "https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-get-started?WT.mc_id=Portal-Microsoft_Azure_Monitoring" + - name: Overview of autoscale in Azure + url: "https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-overview" - description: Enable Predictive autoscale and configure at least for Forecast Only aprlGuid: 3f85a51c-e286-9f44-b4dc-51d00768696c @@ -87,15 +87,15 @@ recommendationMetadataState: Active longDescription: | Predictive autoscale utilizes machine learning to efficiently manage and scale Azure Virtual Machine Scale Sets by forecasting CPU load through historical usage analysis, ensuring timely scale-out to meet demand. - potentialBenefits: Optimizes scaling with ML predictions + potentialBenefits Optimizes scaling with ML predictions pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use predictive autoscale to scale out before load demands in virtual machine scale sets - url: https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-predictive + - name: Use predictive autoscale to scale out before load demands in virtual machine scale sets + url: "https://learn.microsoft.com/azure/azure-monitor/autoscale/autoscale-predictive" - description: Disable Force strictly even balance across zones to avoid scale in and out fail attempts aprlGuid: b5a63aa0-c58e-244f-b8a6-cbba0560a6db @@ -106,15 +106,15 @@ recommendationMetadataState: Active longDescription: | Microsoft advises disabling strictly even VM instance distribution across Availability Zones in VMSS to improve scalability and flexibility, noting that uneven distribution may better serve application load demands despite the potential trade-off in resilience. - potentialBenefits: Improves scaling, reduces fail attempts + potentialBenefits Improves scaling, reduces fail attempts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use scale-in policies with Azure Virtual Machine Scale Sets - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-scale-in-policy + - name: Use scale-in policies with Azure Virtual Machine Scale Sets + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-scale-in-policy" - description: Configure Allocation Policy Spreading algorithm to Max Spreading aprlGuid: 457e1648-8aa2-214d-a854-11a4084ecdc9 @@ -125,15 +125,15 @@ recommendationMetadataState: Active longDescription: | Max spreading distributes VMs across multiple fault domains per zone, potentially more or less than five, enhancing resilience. Static spreading limits VMs to exactly five fault domains. If five distinct domains aren't available, allocation fails. - potentialBenefits: Enhances fault tolerance + potentialBenefits Enhances fault tolerance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Availability Considerations - url: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#availability-considerations + - name: Availability Considerations + url: "https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#availability-considerations" - description: Deploy VMSS across availability zones with VMSS Flex aprlGuid: 1422c567-782c-7148-ac7c-5fc14cf45adc @@ -144,17 +144,17 @@ recommendationMetadataState: Active longDescription: | When creating VMSS, implement availability zones as a protection measure for your applications and data against the rare event of datacenter failure. - potentialBenefits: Enhances disaster resilience + potentialBenefits Enhances disaster resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Create a Virtual Machine Scale Set that uses Availability Zones - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones - - name: Update scale set to add availability zones - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones?tabs=cli-1%2Cportal-2#update-scale-set-to-add-availability-zones + - name: Create a Virtual Machine Scale Set that uses Availability Zones + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones" + - name: Update scale set to add availability zones + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones?tabs=cli-1%2Cportal-2#update-scale-set-to-add-availability-zones" - description: Set Patch orchestration options to Azure-orchestrated aprlGuid: e4ffd7b0-ba24-c84e-9352-ba4819f908c0 @@ -165,17 +165,17 @@ recommendationMetadataState: Active longDescription: | Enabling automatic VM guest patching eases update management by safely, automatically patching virtual machines to maintain security compliance, while limiting blast radius of VMs. Note, the KQL will not return sets using Uniform orchestration. - potentialBenefits: Eases patch management, enhances security + potentialBenefits Eases patch management, enhances security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Automatic VM Guest Patching for Azure VMs - url: https://learn.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching - - name: Auto OS Image Upgrades - url: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade + - name: Automatic VM Guest Patching for Azure VMs + url: "https://learn.microsoft.com/azure/virtual-machines/automatic-vm-guest-patching" + - name: Auto OS Image Upgrades + url: "https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-upgrade" - description: Upgrade VMSS Image versions scheduled to be deprecated or already retired aprlGuid: 83d61669-7bd6-9642-a305-175db8adcdf4 @@ -186,15 +186,15 @@ recommendationMetadataState: Active longDescription: | Using current image versions prevents disruption from deprecation, ensuring uninterrupted deployment of VMs and VMSS. - potentialBenefits: Avoid disruptions by updating VMSS images. + potentialBenefits Avoid disruptions by updating VMSS images. pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Deprecated Azure Marketplace images - url: https://learn.microsoft.com/en-us/azure/virtual-machines/deprecated-images + - name: Deprecated Azure Marketplace images + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/deprecated-images" - description: Production VMSS instances should be using SSD disks aprlGuid: 1074f391-22bf-42f5-9c95-68af5ad89bf6 @@ -205,13 +205,13 @@ recommendationMetadataState: Active longDescription: | Using SSD disks for Production workloads is advised as HDDs could negatively impact resources, being suitable only for non-critical resources or those needing infrequent access. - potentialBenefits: Faster access & reliability for VMSS + potentialBenefits Faster access & reliability for VMSS pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Disk Comparison - url: https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison + - name: Disk Comparison + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" diff --git a/azure-resources/Compute/virtualMachines/recommendations.yaml b/azure-resources/Compute/virtualMachines/recommendations.yaml index a729ba040..dbae4ce7f 100644 --- a/azure-resources/Compute/virtualMachines/recommendations.yaml +++ b/azure-resources/Compute/virtualMachines/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Production VM workloads should be deployed on multiple VMs and grouped in a VMSS Flex instance to intelligently distribute across the platform, minimizing the impact of platform faults and updates. - potentialBenefits: Enhanced fault/update resilience + potentialBenefits Enhanced fault/update resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: What has changed with Flexible orchestration mode - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#what-has-changed-with-flexible-orchestration-mode - - name: Attach or detach a Virtual Machine to or from a Virtual Machine Scale Set - url: https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-attach-detach-vm?branch=main&tabs=portal-1%2Cportal-2%2Cportal-3 + - name: What has changed with Flexible orchestration mode + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-orchestration-modes#what-has-changed-with-flexible-orchestration-mode" + - name: Attach or detach a Virtual Machine to or from a Virtual Machine Scale Set + url: "https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-attach-detach-vm?branch=main&tabs=portal-1%2Cportal-2%2Cportal-3" - description: Deploy VMs across Availability Zones aprlGuid: 2bd0be95-a825-6f47-a8c6-3db1fb5eb387 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Azure Availability Zones, within each Azure region, are tolerant to local failures, protecting applications and data against unlikely datacenter failures by being physically separate. - potentialBenefits: Enhanced VM resilience to failures + potentialBenefits Enhanced VM resilience to failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Create virtual machines in an availability zone using the Azure portal - url: https://learn.microsoft.com/azure/virtual-machines/create-portal-availability-zone?tabs=standard + - name: Create virtual machines in an availability zone using the Azure portal + url: "https://learn.microsoft.com/azure/virtual-machines/create-portal-availability-zone?tabs=standard" - description: Migrate VMs using availability sets to VMSS Flex aprlGuid: a8d25876-7951-b646-b4e8-880c9031596b @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Availability sets will soon be retired. Migrate workloads from VMs to VMSS Flex for deployment across zones or within the same zone across different fault domains (FDs) and update domains (UD) for better reliability. - potentialBenefits: Enhances reliability & future-proofs VMs + potentialBenefits Enhances reliability & future-proofs VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for Virtual Machines - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines + - name: Resiliency checklist for Virtual Machines + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines" - description: Replicate VMs using Azure Site Recovery aprlGuid: cfe22a65-b1db-fd41-9e8e-d573922709ae @@ -66,17 +66,17 @@ recommendationMetadataState: Active longDescription: | Replicating Azure VMs via Site Recovery entails continuous, asynchronous disk replication to a target region. Recovery points are generated every few minutes, ensuring a Recovery Point Objective (RPO) in minutes. - potentialBenefits: Minimize downtime in disasters + potentialBenefits Minimize downtime in disasters pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for Virtual Machines - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines - - name: Run a test failover (disaster recovery drill) to Azure - url: https://learn.microsoft.com/azure/site-recovery/site-recovery-test-failover-to-azure + - name: Resiliency checklist for Virtual Machines + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#virtual-machines" + - name: Run a test failover (disaster recovery drill) to Azure + url: "https://learn.microsoft.com/azure/site-recovery/site-recovery-test-failover-to-azure" - description: Use Managed Disks for VM disks aprlGuid: 122d11d7-b91f-8747-a562-f56b79bcfbdc @@ -87,19 +87,19 @@ recommendationMetadataState: Active longDescription: | Azure is retiring unmanaged disks on September 30, 2025. Users should plan the migration to avoid disruptions and maintain service reliability. - potentialBenefits: Avoid retirement disruption, enhance reliability + potentialBenefits Avoid retirement disruption, enhance reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Migrate your Azure unmanaged disks by Sep 30, 2025 - url: https://learn.microsoft.com/azure/virtual-machines/unmanaged-disks-deprecation - - name: Migrate Windows VM from unmanaged disks to managed disks - url: https://learn.microsoft.com/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks - - name: Migrate Linux VM from unmanaged disks to managed disks - url: https://learn.microsoft.com/azure/virtual-machines/linux/convert-unmanaged-to-managed-disks + - name: Migrate your Azure unmanaged disks by Sep 30, 2025 + url: "https://learn.microsoft.com/azure/virtual-machines/unmanaged-disks-deprecation" + - name: Migrate Windows VM from unmanaged disks to managed disks + url: "https://learn.microsoft.com/azure/virtual-machines/windows/convert-unmanaged-to-managed-disks" + - name: Migrate Linux VM from unmanaged disks to managed disks + url: "https://learn.microsoft.com/azure/virtual-machines/linux/convert-unmanaged-to-managed-disks" - description: Host database data on a data disk aprlGuid: 4ea2878f-0d69-8d4a-b715-afc10d1e538e @@ -110,17 +110,17 @@ recommendationMetadataState: Active longDescription: | A data disk is a managed disk attached to a virtual machine for storing database or other essential data. These disks are SCSI drives labeled as per choice. - potentialBenefits: Enhances performance, recovery, migration flexibility + potentialBenefits Enhances performance, recovery, migration flexibility pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Introduction to Azure managed disks - Data disks - url: https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk - - name: Azure managed disk types - url: https://learn.microsoft.com/azure/virtual-machines/disks-types + - name: Introduction to Azure managed disks - Data disks + url: "https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk" + - name: Azure managed disk types + url: "https://learn.microsoft.com/azure/virtual-machines/disks-types" - description: Backup VMs with Azure Backup service aprlGuid: 1981f704-97b9-b645-9c57-33f8ded9261a @@ -131,15 +131,15 @@ recommendationMetadataState: Active longDescription: | Enable backups for your virtual machines with Azure Backup to secure and quickly recover your data. This service offers simple, secure, and cost-effective solutions for backing up and recovering data from the Microsoft Azure cloud. - potentialBenefits: Secure data recovery and backup + potentialBenefits Secure data recovery and backup pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: What is the Azure Backup service? - url: https://learn.microsoft.com/azure/backup/backup-overview + - name: What is the Azure Backup service? + url: "https://learn.microsoft.com/azure/backup/backup-overview" - description: Production VMs should be using SSD disks aprlGuid: d3f3ee41-b9aa-d34d-b442-5d46d20232b2 @@ -150,15 +150,15 @@ recommendationMetadataState: Active longDescription: | Premium SSD disks support I/O-intensive apps with high performance, low latency, ideal for production. Standard SSDs offer cost-effective solutions for less critical workloads with consistent performance. - potentialBenefits: High-performance & reliability for critical apps + potentialBenefits High-performance & reliability for critical apps pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure managed disk types - url: https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd + - name: Azure managed disk types + url: "https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd" - description: Review VMs in stopped state aprlGuid: 98b334c0-8578-6046-9e43-b6e8fce6318e @@ -169,15 +169,15 @@ recommendationMetadataState: Active longDescription: | Azure Virtual Machines (VM) instances have various states, like provisioning and power states. A non-running VM may indicate issues or it being unnecessary, suggesting removal could help cut costs. - potentialBenefits: Reduce costs by removing unused VMs + potentialBenefits Reduce costs by removing unused VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: States and billing status of Azure Virtual Machines - url: https://learn.microsoft.com/azure/virtual-machines/states-billing?context=%2Ftroubleshoot%2Fazure%2Fvirtual-machines%2Fcontext%2Fcontext#power-states-and-billing + - name: States and billing status of Azure Virtual Machines + url: "https://learn.microsoft.com/azure/virtual-machines/states-billing?context=%2Ftroubleshoot%2Fazure%2Fvirtual-machines%2Fcontext%2Fcontext#power-states-and-billing" - description: Enable Accelerated Networking (AccelNet) aprlGuid: dfedbeb1-1519-fc47-86a5-52f96cf07105 @@ -188,15 +188,15 @@ recommendationMetadataState: Active longDescription: | Accelerated networking enables SR-IOV to a VM, greatly improving its networking performance by bypassing the host from the data path, which reduces latency, jitter, and CPU utilization for demanding network workloads on supported VM types. - potentialBenefits: Reduces latency, jitter & CPU use + potentialBenefits Reduces latency, jitter & CPU use pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Accelerated Networking (AccelNet) overview - url: https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview + - name: Accelerated Networking (AccelNet) overview + url: "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview" - description: When AccelNet is enabled, you must manually update the GuestOS NIC driver aprlGuid: 73d1bb04-7d3e-0d47-bc0d-63afe773b5fe @@ -207,15 +207,15 @@ recommendationMetadataState: Active longDescription: | When Accelerated Networking is enabled, the default Azure VNet interface in GuestOS is swapped for a Mellanox, and its driver comes from a 3rd party. Marketplace images have the latest Mellanox drivers, but post-deployment, updating the driver is the user's responsibility. - potentialBenefits: Enhanced VM network efficiency + potentialBenefits Enhanced VM network efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Accelerated Networking (AccelNet) overview - url: https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview + - name: Accelerated Networking (AccelNet) overview + url: "https://learn.microsoft.com/azure/virtual-network/accelerated-networking-overview" - description: VMs should not have a Public IP directly associated aprlGuid: 1f629a30-c9d0-d241-82ee-6f2eb9d42cb4 @@ -226,15 +226,15 @@ recommendationMetadataState: Active longDescription: | For outbound internet connectivity of Virtual Machines, using NAT Gateway or Azure Firewall is recommended to enhance security and service resilience, thanks to their higher availability and SNAT ports. - potentialBenefits: Enhanced security and service resiliency + potentialBenefits Enhanced security and service resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use Source Network Address Translation (SNAT) for outbound connections - url: https://learn.microsoft.com/azure/load-balancer/load-balancer-outbound-connections + - name: Use Source Network Address Translation (SNAT) for outbound connections + url: "https://learn.microsoft.com/azure/load-balancer/load-balancer-outbound-connections" - description: VM network interfaces and associated subnets both have a Network Security Group (NSG) associated aprlGuid: 82b3cf6b-9ae2-2e44-b193-10793213f676 @@ -245,15 +245,15 @@ recommendationMetadataState: Active longDescription: | Unless you have a specific reason, it's advised to associate a network security group to a subnet or a network interface, but not both, to avoid unexpected communication issues and troubleshooting due to potential rule conflicts between the two associations. - potentialBenefits: Reduces communication problems + potentialBenefits Reduces communication problems pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: How network security groups filter network traffic - url: https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works#intra-subnet-traffic + - name: How network security groups filter network traffic + url: "https://learn.microsoft.com/azure/virtual-network/network-security-group-how-it-works#intra-subnet-traffic" - description: IP Forwarding should only be enabled for Network Virtual Appliances aprlGuid: 41a22a5e-5e08-9647-92d0-2ffe9ef1bdad @@ -264,15 +264,15 @@ recommendationMetadataState: Active longDescription: | IP forwarding allows a virtual machine network interface to receive and send network traffic not destined for or originating from its assigned IP addresses. - potentialBenefits: Enhances network appliance function + potentialBenefits Enhances network appliance function pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Enable or disable IP forwarding - url: https://learn.microsoft.com/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#enable-or-disable-ip-forwarding + - name: Enable or disable IP forwarding + url: "https://learn.microsoft.com/azure/virtual-network/virtual-network-network-interface?tabs=network-interface-portal#enable-or-disable-ip-forwarding" - description: Customer DNS Servers should be configured in the Virtual Network level aprlGuid: 1cf8fe21-9593-1e4e-966b-779a294c0d30 @@ -283,15 +283,15 @@ recommendationMetadataState: Active longDescription: | Configure the DNS Server at the Virtual Network level to prevent any inconsistency across the environment. - potentialBenefits: Ensures DNS consistency + potentialBenefits Ensures DNS consistency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Name resolution for resources in Azure virtual networks - url: https://learn.microsoft.com/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances + - name: Name resolution for resources in Azure virtual networks + url: "https://learn.microsoft.com/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances" - description: Shared disks should only be enabled in clustered servers aprlGuid: 3263a64a-c256-de48-9818-afd3cbc55c2a @@ -302,17 +302,17 @@ recommendationMetadataState: Active longDescription: | Azure shared disks let you attach a disk to multiple VMs at once for deploying or migrating clustered applications, suitable only when a disk is shared among VM cluster members. - potentialBenefits: Enhances clustered server performance + potentialBenefits Enhances clustered server performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Shared Disk Introduction - url: https://learn.microsoft.com/azure/virtual-machines/disks-shared - - name: Enable Shared Disks - url: https://learn.microsoft.com/azure/virtual-machines/disks-shared-enable?tabs=azure-portal + - name: Azure Shared Disk Introduction + url: "https://learn.microsoft.com/azure/virtual-machines/disks-shared" + - name: Enable Shared Disks + url: "https://learn.microsoft.com/azure/virtual-machines/disks-shared-enable?tabs=azure-portal" - description: Network access to the VM disk should be set to Disable public access and enable private access aprlGuid: 70b1d2be-e6c4-b54e-9959-b1b690f9e485 @@ -323,15 +323,15 @@ recommendationMetadataState: Active longDescription: | Recommended changing to "Disable public access and enable private access" and creating a Private Endpoint to improve security by restricting direct public access and ensuring connections are made privately, enhancing data protection and minimizing potential external threats. - potentialBenefits: Enhances VM security & privacy + potentialBenefits Enhances VM security & privacy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Restrict import/export access for managed disks using Azure Private Link - url: https://learn.microsoft.com/azure/virtual-machines/disks-enable-private-links-for-import-export-portal + - name: Restrict import/export access for managed disks using Azure Private Link + url: "https://learn.microsoft.com/azure/virtual-machines/disks-enable-private-links-for-import-export-portal" - description: Ensure that your VMs are compliant with Azure Policies aprlGuid: c42343ae-2712-2843-a285-3437eb0b28a1 @@ -342,17 +342,17 @@ recommendationMetadataState: Active longDescription: | Keeping your virtual machine (VM) secure is crucial for the applications you run. This involves using various Azure services and features to ensure secure access to your VMs and the secure storage of your data, aiming for overall security of your VM and applications. - potentialBenefits: Secure VMs & applications + potentialBenefits Secure VMs & applications pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Policy-driven governance - url: https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles#policy-driven-governance - - name: Azure Policy Regulatory Compliance controls for Azure Virtual Machines - url: https://learn.microsoft.com/azure/virtual-machines/security-policy + - name: Policy-driven governance + url: "https://learn.microsoft.com/azure/cloud-adoption-framework/ready/landing-zone/design-principles#policy-driven-governance" + - name: Azure Policy Regulatory Compliance controls for Azure Virtual Machines + url: "https://learn.microsoft.com/azure/virtual-machines/security-policy" - description: Enable advanced encryption options for your managed disks aprlGuid: f0a97179-133a-6e4f-8a49-8a44da73ffce @@ -363,15 +363,15 @@ recommendationMetadataState: Active longDescription: | Azure Disk Storage encrypts data at rest automatically for managed disks, including OS and data disks. - potentialBenefits: Enhances data security and integrity + potentialBenefits Enhances data security and integrity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Overview of managed disk encryption options - url: https://learn.microsoft.com/azure/virtual-machines/disk-encryption-overview + - name: Overview of managed disk encryption options + url: "https://learn.microsoft.com/azure/virtual-machines/disk-encryption-overview" - description: Enable VM Insights aprlGuid: b72214bb-e879-5f4b-b9cd-642db84f36f4 @@ -382,17 +382,17 @@ recommendationMetadataState: Active longDescription: | VM Insights monitors VM and scale set performance, health, running processes, and dependencies. It enhances the predictability of application performance and availability by pinpointing performance bottlenecks and network issues, and it clarifies if problems are related to other dependencies. - potentialBenefits: Improves VM performance & health + potentialBenefits Improves VM performance & health pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Overview of VM insights - url: https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-overview - - name: Did the extension install properly? - url: https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-troubleshoot#did-the-extension-install-properly + - name: Overview of VM insights + url: "https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-overview" + - name: Did the extension install properly? + url: "https://learn.microsoft.com/azure/azure-monitor/vm/vminsights-troubleshoot#did-the-extension-install-properly" - description: Configure diagnostic settings for all Azure Virtual Machines aprlGuid: 4a9d8973-6dba-0042-b3aa-07924877ebd5 @@ -403,15 +403,15 @@ recommendationMetadataState: Active longDescription: | Azure Monitor Metrics automatically receives platform metrics, but platform logs, which offer detailed diagnostics and auditing for resources and their Azure platform, need to be manually routed for collection. - potentialBenefits: Enhanced diagnostics & auditing capability + potentialBenefits Enhanced diagnostics & auditing capability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Diagnostic settings in Azure Monitor - url: https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal + - name: Diagnostic settings in Azure Monitor + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings?tabs=portal" - description: Use maintenance configurations for the VMs aprlGuid: 52ab9e5c-eec0-3148-8bd7-b6dd9e1be870 @@ -422,15 +422,15 @@ recommendationMetadataState: Active longDescription: | The maintenance configuration settings let users schedule and manage updates, making sure the updates or interruptions on the VM are performed within a planned timeframe. - potentialBenefits: Scheduled updates for VMs + potentialBenefits Scheduled updates for VMs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use maintenance configurations to control and manage the VM updates - url: https://learn.microsoft.com/azure/virtual-machines/maintenance-configurations + - name: Use maintenance configurations to control and manage the VM updates + url: "https://learn.microsoft.com/azure/virtual-machines/maintenance-configurations" - description: Don't use A or B-Series VMs for production needing constant full CPU performance aprlGuid: 3201dba8-d1da-4826-98a4-104066545170 @@ -441,15 +441,15 @@ recommendationMetadataState: Active longDescription: | A-series VMs are tailored for entry-level workloads like development and testing, including use cases such as development and test servers, low traffic web servers, and small to medium databases. - potentialBenefits: Ensures full CPU usage for heavy tasks + potentialBenefits Ensures full CPU usage for heavy tasks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: B-series burstable virtual machine sizes - url: https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable + - name: B-series burstable virtual machine sizes + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/sizes-b-series-burstable" - description: Mission Critical Workloads should be using Premium or Ultra Disks aprlGuid: df0ff862-814d-45a3-95e4-4fad5a244ba6 @@ -460,15 +460,15 @@ recommendationMetadataState: Active longDescription: | Azure Premium SSDs provide high-performance, low-latency for IO-intensive VM workloads. Premium SSD v2 offers better performance at a lower cost, with adjustable capacity, throughput, IOPS, ideal for shifting needs, but not as OS Disks. - potentialBenefits: Enhanced performance & cost efficiency + potentialBenefits Enhanced performance & cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Disk type comparison and decision tree - url: https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison + - name: Disk type comparison and decision tree + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/disks-types#disk-type-comparison" - description: Use Azure Boost VMs for Maintenance sensitive workload aprlGuid: 9ab499d8-8844-424d-a2d4-8f53690eb8f8 @@ -479,17 +479,17 @@ recommendationMetadataState: Active longDescription: | If the workload is Maintenance sensitive, consider using Azure Boost compatible VMs designed to lessen the impact on customers when Azure maintenance activities occur. - potentialBenefits: Less maintenance impact + potentialBenefits Less maintenance impact pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Microsoft Azure Boost - url: https://learn.microsoft.com/azure/azure-boost/overview - - name: Announcing the general availability of Azure Boost - url: https://aka.ms/AzureBoostGABlog + - name: Microsoft Azure Boost + url: "https://learn.microsoft.com/azure/azure-boost/overview" + - name: Announcing the general availability of Azure Boost + url: "https://aka.ms/AzureBoostGABlog" - description: Enable Scheduled Events for Maintenance sensitive workload VMs aprlGuid: 2de8fa5e-14f4-4c4c-857f-1520f87a629f @@ -500,17 +500,17 @@ recommendationMetadataState: Active longDescription: | If your workload is Maintenance sensitive, enable Scheduled Events. This Azure Metadata Service lets your app prepare for virtual machine maintenance by providing information on upcoming events like reboots, reducing disruptions. - potentialBenefits: Minimize downtime for VMs + potentialBenefits Minimize downtime for VMs pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitor scheduled events for your Azure VMs - url: https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-event-service - - name: Azure Metadata Service: Scheduled Events for Linux VMs - url: https://learn.microsoft.com/azure/virtual-machines/linux/scheduled-events - - name: Azure Metadata Service: Scheduled Events for Windows VMs - url: https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-events + - name: Monitor scheduled events for your Azure VMs + url: "https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-event-service" + - name: Azure Metadata Service: Scheduled Events for Linux VMs + url: "https://learn.microsoft.com/azure/virtual-machines/linux/scheduled-events" + - name: Azure Metadata Service: Scheduled Events for Windows VMs + url: "https://learn.microsoft.com/azure/virtual-machines/windows/scheduled-events" diff --git a/azure-resources/ContainerRegistry/registries/recommendations.yaml b/azure-resources/ContainerRegistry/registries/recommendations.yaml index f9183cac4..9e5e80e9e 100644 --- a/azure-resources/ContainerRegistry/registries/recommendations.yaml +++ b/azure-resources/ContainerRegistry/registries/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Choose a service tier of Azure Container Registry to meet your performance needs. Premium offers the most bandwidth and highest rate of read and write operations for high-volume deployments. Use Basic to start, Standard for production, and Premium for hyper-scale performance and geo-replication. - potentialBenefits: High-volume support & geo-replication + potentialBenefits High-volume support & geo-replication pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Container Registry Best Practices - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices + - name: Container Registry Best Practices + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices" - description: Enable zone redundancy aprlGuid: 63491f70-22e4-3b4a-8b0c-845450e46fac @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Azure Container Registry's optional zone redundancy enhances resiliency and high availability for registries or replication resources in a specific region by distributing resources across multiple zones. - potentialBenefits: Enhances resiliency & high availability + potentialBenefits Enhances resiliency & high availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Registry best practices - Enable zone redundancy - url: https://review.learn.microsoft.com/en-us/azure/container-registry/zone-redundancy?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json&branch=main + - name: Registry best practices - Enable zone redundancy + url: "https://review.learn.microsoft.com/en-us/azure/container-registry/zone-redundancy?toc=%2Fazure%2Freliability%2Ftoc.json&bc=%2Fazure%2Freliability%2Fbreadcrumb%2Ftoc.json&branch=main" - description: Enable geo-replication aprlGuid: 36ea6c09-ef6e-d743-9cfb-bd0c928a430b @@ -45,17 +45,17 @@ recommendationMetadataState: Active longDescription: | Use Azure Container Registry's geo-replication for multi-region deployments to simplify registry management and minimize latency. It enables serving global customers from local data centers and supports distributed development teams. Regional webhooks can notify of events in replicas. - potentialBenefits: Simplifies management, reduces latency + potentialBenefits Simplifies management, reduces latency pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Registry best practices - Enable geo-replication - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#geo-replicate-multi-region-deployments - - name: Geo-Replicate Container Registry - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-geo-replication + - name: Registry best practices - Enable geo-replication + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#geo-replicate-multi-region-deployments" + - name: Geo-Replicate Container Registry + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-geo-replication" - description: Use Repository namespaces aprlGuid: a5a0101a-a240-8742-90ba-81dbde9a0c0c @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | Using repository namespaces allows a single registry to be shared across multiple groups and deployments within an organization, supporting nested namespaces for group isolation. However, repositories are managed independently, not hierarchically. - potentialBenefits: Enables sharing & group isolation + potentialBenefits Enables sharing & group isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Registry best practices - use repository namespaces - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#repository-namespaces + - name: Registry best practices - use repository namespaces + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#repository-namespaces" - description: Move Container Registry to a dedicated resource group aprlGuid: 8e389532-5db5-7e4c-9d4d-443b3e55ae82 @@ -85,15 +85,15 @@ recommendationMetadataState: Active longDescription: | Container registries, used across multiple hosts, should be in their own resource group to prevent accidental deletion of images when container instances are deleted, preserving the image collection while experimenting with hosts. - potentialBenefits: Safeguards image collection + potentialBenefits Safeguards image collection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Registry best practices - Use dedicated resource group - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#dedicated-resource-group + - name: Registry best practices - Use dedicated resource group + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#dedicated-resource-group" - description: Manage registry size aprlGuid: 3ef86f16-f65b-c645-9901-7830d6dc3a1b @@ -104,17 +104,17 @@ recommendationMetadataState: Active longDescription: | The storage constraints of Azure Container Registry's service tiers align with usage scenarios: Basic for starters, Standard for production, and Premium for high-scale performance & geo-replication. - potentialBenefits: Reduce costs, optimize storage + potentialBenefits Reduce costs, optimize storage pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Registry best practices - Manage registry size - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#manage-registry-size - - name: Retention Policy - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-retention-policy#about-the-retention-policy + - name: Registry best practices - Manage registry size + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-best-practices#manage-registry-size" + - name: Retention Policy + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-retention-policy#about-the-retention-policy" - description: Disable anonymous pull access aprlGuid: 03f4a7d8-c5b4-7842-8e6e-14997a34842b @@ -125,15 +125,15 @@ recommendationMetadataState: Active longDescription: | By default, Azure container registry requires authentication for pull/push actions. Enabling anonymous pull access exposes all content for public read actions. This applies to all repositories, potentially allowing unrestricted access if repository-scoped tokens are used. - potentialBenefits: Enhanced security & controlled access + potentialBenefits Enhanced security & controlled access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Enable anonymous pull access - url: https://learn.microsoft.com/en-us/azure/container-registry/anonymous-pull-access#about-anonymous-pull-access + - name: Enable anonymous pull access + url: "https://learn.microsoft.com/en-us/azure/container-registry/anonymous-pull-access#about-anonymous-pull-access" - description: Configure Diagnostic Settings for all Azure Container Registries aprlGuid: 44107155-7a32-9348-89f3-d5aa7e7c5a1d @@ -144,17 +144,17 @@ recommendationMetadataState: Active longDescription: | Resource Logs are not collected and stored until you create a diagnostic setting and route them to one or more locations. - potentialBenefits: Enhanced tracking and debugging + potentialBenefits Enhanced tracking and debugging pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitoring Azure Container Registry data reference - Resource Logs - url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#resource-logs - - name: Monitor Azure Container Registry - Enable diagnostic logs - url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service#collection-and-routing + - name: Monitoring Azure Container Registry data reference - Resource Logs + url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#resource-logs" + - name: Monitor Azure Container Registry - Enable diagnostic logs + url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service#collection-and-routing" - description: Monitor Azure Container Registry with Azure Monitor aprlGuid: d594cde6-4116-d143-a64a-25f63289a2f8 @@ -165,17 +165,17 @@ recommendationMetadataState: Active longDescription: | Monitoring Azure resources using Azure Monitor enhances their availability, performance, and operation. Azure Container Registry, a full-stack monitoring service, provides features for Azure and other cloud and on-premises resources. - potentialBenefits: Enhanced monitoring & operation + potentialBenefits Enhanced monitoring & operation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitoring Azure Container Registry data reference - url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#metrics - - name: Monitor Azure Container Registry - url: https://learn.microsoft.com/en-us/azure/container-registry/monitor-service + - name: Monitoring Azure Container Registry data reference + url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service-reference#metrics" + - name: Monitor Azure Container Registry + url: "https://learn.microsoft.com/en-us/azure/container-registry/monitor-service" - description: Enable soft delete policy aprlGuid: e7f0fd54-fba0-054e-9ab8-e676f2851f88 @@ -186,13 +186,13 @@ recommendationMetadataState: Active longDescription: | Enabling soft delete in Azure Container Registry (ACR) allows for the management of deleted artifacts with a specified retention period. Users can list, filter, and restore these artifacts until automatically purged post-retention. - potentialBenefits: Recovery of deleted artifacts + potentialBenefits Recovery of deleted artifacts pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Enable soft delete policy - url: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-soft-delete-policy + - name: Enable soft delete policy + url: "https://learn.microsoft.com/en-us/azure/container-registry/container-registry-soft-delete-policy" diff --git a/azure-resources/ContainerService/managedClusters/recommendations.yaml b/azure-resources/ContainerService/managedClusters/recommendations.yaml index 1fe523c31..a3ff6eb42 100644 --- a/azure-resources/ContainerService/managedClusters/recommendations.yaml +++ b/azure-resources/ContainerService/managedClusters/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Azure Availability Zones ensure high availability by offering independent locations within regions, equipped with their own power, cooling, and networking to ensure applications and data are protected from datacenter-level failures. - potentialBenefits: Enhanced fault tolerance for AKS + potentialBenefits Enhanced fault tolerance for AKS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: AKS Availability Zones - url: https://learn.microsoft.com/en-us/azure/aks/availability-zones - - name: Zone Balancing - url: https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#zone-balancing + - name: AKS Availability Zones + url: "https://learn.microsoft.com/en-us/azure/aks/availability-zones" + - name: Zone Balancing + url: "https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-use-availability-zones#zone-balancing" - description: Isolate system and application pods aprlGuid: 5ee083cd-6ac3-4a83-8913-9549dd36cf56 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | AKS assigns the kubernetes.azure.com/mode: system label to nodes in system node pools signaling system pods should be scheduled there. - potentialBenefits: Enhanced reliability via pod isolation + potentialBenefits Enhanced reliability via pod isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: System and user node pools - url: https://learn.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools + - name: System and user node pools + url: "https://learn.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools" - description: Disable local accounts aprlGuid: ca324d71-54b0-4a3e-b9e4-10e767daa9fc @@ -47,19 +47,19 @@ recommendationMetadataState: Active longDescription: | Local Kubernetes accounts in AKS, being non-auditable and legacy, are discouraged. Microsoft Entra's integration offers centralized management, multi-factor authentication, RBAC for detailed access, and a secure, scalable authentication system compatible with Azure and external identity providers. - potentialBenefits: Enhanced security & access control + potentialBenefits Enhanced security & access control pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Entra integration - url: https://learn.microsoft.com/en-us/azure/aks/concepts-identity#azure-ad-integration - - name: Use Azure role-based access control for AKS - url: https://learn.microsoft.com/en-us/azure/aks/manage-azure-rbac?source=recommendations - - name: Manage AKS local accounts - url: https://learn.microsoft.com/en-us/azure/aks/manage-local-accounts-managed-azure-ad?source=recommendations + - name: Entra integration + url: "https://learn.microsoft.com/en-us/azure/aks/concepts-identity#azure-ad-integration" + - name: Use Azure role-based access control for AKS + url: "https://learn.microsoft.com/en-us/azure/aks/manage-azure-rbac?source=recommendations" + - name: Manage AKS local accounts + url: "https://learn.microsoft.com/en-us/azure/aks/manage-local-accounts-managed-azure-ad?source=recommendations" - description: Configure Azure CNI networking for dynamic allocation of IPs aprlGuid: c22db132-399b-4e7c-995d-577a60881be8 @@ -70,17 +70,17 @@ recommendationMetadataState: Active longDescription: | Azure CNI enhances cluster IP and network management, allowing dynamic IP allocation, scalable subnets, direct pod-VNET connectivity, and supports diverse network policies for pods and nodes with Azure Network Policies and Calico, optimizing network efficiency and security - potentialBenefits: Dynamic IP allocation, scalable subnets, direct VNET access + potentialBenefits Dynamic IP allocation, scalable subnets, direct VNET access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Configure Azure CNI networking - url: https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni-dynamic-ip-allocation - - name: Configure Azure CNI Overlay networking - url: https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay + - name: Configure Azure CNI networking + url: "https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni-dynamic-ip-allocation" + - name: Configure Azure CNI Overlay networking + url: "https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay" - description: Enable the cluster auto-scaler on an existing cluster aprlGuid: 902c82ff-4910-4b61-942d-0d6ef7f39b67 @@ -91,21 +91,21 @@ recommendationMetadataState: Active longDescription: | The cluster auto-scaler in AKS adjusts node counts based on pod resource needs and available capacity, enabling scaling as per demand to prevent outages. - potentialBenefits: Optimizes scaling & prevents outages + potentialBenefits Optimizes scaling & prevents outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use the Cluster Autoscaler on AKS - url: https://learn.microsoft.com/azure/aks/cluster-autoscaler?tabs=azure-cli - - name: Best practices for advanced scheduler features - url: https://learn.microsoft.com/azure/aks/operator-best-practices-advanced-scheduler - - name: Node pool scaling considerations and best practices - url: https://learn.microsoft.com/azure/aks/best-practices-performance-scale-large#node-pool-scaling - - name: Best practices for basic scheduler features - url: https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler + - name: Use the Cluster Autoscaler on AKS + url: "https://learn.microsoft.com/azure/aks/cluster-autoscaler?tabs=azure-cli" + - name: Best practices for advanced scheduler features + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-advanced-scheduler" + - name: Node pool scaling considerations and best practices + url: "https://learn.microsoft.com/azure/aks/best-practices-performance-scale-large#node-pool-scaling" + - name: Best practices for basic scheduler features + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler" - description: Back up Azure Kubernetes Service aprlGuid: 269a9f1a-6675-460a-831e-b05a887a8c4b @@ -116,17 +116,17 @@ recommendationMetadataState: Active longDescription: | AKS, popular for stateful apps needing backups, can now use Azure Backup to secure clusters and attached volumes through an installed Backup Extension, enabling backup and restore operations via a Backup Vault. - potentialBenefits: Ensures data safety for AKS + potentialBenefits Ensures data safety for AKS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: AKS Backups - url: https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup - - name: Best Practices for AKS Backups - url: https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-storage + - name: AKS Backups + url: "https://learn.microsoft.com/en-us/azure/backup/azure-kubernetes-service-cluster-backup" + - name: Best Practices for AKS Backups + url: "https://learn.microsoft.com/en-us/azure/aks/operator-best-practices-storage" - description: Plan an AKS version upgrade aprlGuid: e6188d3b-7fbc-4ecf-a37b-b658f9efcdc4 @@ -137,19 +137,19 @@ recommendationMetadataState: Active longDescription: | Minor version releases bring new features and improvements. Patch releases, often weekly, focus on critical bug fixes within a minor version, including security vulnerabilities or major bugs. Unsupported Kubernetes versions may lead to unsupported clusters when seeking AKS support. - potentialBenefits: Enhances features, fixes bugs, ensures support + potentialBenefits Enhances features, fixes bugs, ensures support pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Updating to the latest AKS version - url: https://learn.microsoft.com/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli#regularly-update-to-the-latest-version-of-kubernetes - - name: Upgrade cluster - url: https://learn.microsoft.com/azure/aks/upgrade-cluster?tabs=azure-cli - - name: Auto-upgrading cluster - url: https://learn.microsoft.com/azure/aks/auto-upgrade-cluster + - name: Updating to the latest AKS version + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-cluster-security?tabs=azure-cli#regularly-update-to-the-latest-version-of-kubernetes" + - name: Upgrade cluster + url: "https://learn.microsoft.com/azure/aks/upgrade-cluster?tabs=azure-cli" + - name: Auto-upgrading cluster + url: "https://learn.microsoft.com/azure/aks/auto-upgrade-cluster" - description: Use zone-redundant storage for persistent volumes when running multi-zone AKS aprlGuid: d3111036-355d-431b-ab49-8ddad042800b @@ -160,23 +160,23 @@ recommendationMetadataState: Active longDescription: | ZRS ensures data replication across three zones, protecting against zonal outages. It's available for Azure Disks, Container Storage, Files, and Blob by setting the SKU to ZRS in storage classes, enhancing multi-zone AKS clusters from v1.29. - potentialBenefits: Increases data durability and availability + potentialBenefits Increases data durability and availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Availability zones overview - url: https://learn.microsoft.com/azure/reliability/availability-zones-overview?tabs=azure-cli - - name: Zone-redundant storage - url: https://learn.microsoft.com/azure/storage/common/storage-redundancy#zone-redundant-storage - - name: ZRS disks - url: https://learn.microsoft.com/azure/virtual-machines/disks-redundancy#zone-redundant-storage-for-managed-disks - - name: Convert a disk from LRS to ZRS - url: https://learn.microsoft.com/azure/virtual-machines/disks-migrate-lrs-zrs - - name: Enable multi-zone storage redundancy in Azure Container Storage - url: https://learn.microsoft.com/azure/storage/container-storage/enable-multi-zone-redundancy + - name: Availability zones overview + url: "https://learn.microsoft.com/azure/reliability/availability-zones-overview?tabs=azure-cli" + - name: Zone-redundant storage + url: "https://learn.microsoft.com/azure/storage/common/storage-redundancy#zone-redundant-storage" + - name: ZRS disks + url: "https://learn.microsoft.com/azure/virtual-machines/disks-redundancy#zone-redundant-storage-for-managed-disks" + - name: Convert a disk from LRS to ZRS + url: "https://learn.microsoft.com/azure/virtual-machines/disks-migrate-lrs-zrs" + - name: Enable multi-zone storage redundancy in Azure Container Storage + url: "https://learn.microsoft.com/azure/storage/container-storage/enable-multi-zone-redundancy" - description: Upgrade Persistent Volumes using in-tree drivers to Azure CSI drivers aprlGuid: b002c030-72e6-4a37-8217-1cb276c43169 @@ -187,17 +187,17 @@ recommendationMetadataState: Active longDescription: | From Kubernetes 1.26, Azure Disk and Azure File in-tree drivers are deprecated in favor of CSI drivers. Existing deployments remain operational but untested; users should switch to CSI drivers for new features and SKUs. - potentialBenefits: Ensures future compatibility + potentialBenefits Ensures future compatibility pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: CSI Storage Drivers - url: https://learn.microsoft.com/azure/aks/csi-storage-drivers - - name: CSI Migrate in Tree Volumes - url: https://learn.microsoft.com/azure/aks/csi-migrate-in-tree-volumes + - name: CSI Storage Drivers + url: "https://learn.microsoft.com/azure/aks/csi-storage-drivers" + - name: CSI Migrate in Tree Volumes + url: "https://learn.microsoft.com/azure/aks/csi-migrate-in-tree-volumes" - description: Implement Resource Quota to ensure that Kubernetes resources do not exceed hard resource limits aprlGuid: 9a1c17e5-c9a0-43db-b920-adaf54d1bcb7 @@ -208,15 +208,15 @@ recommendationMetadataState: Active longDescription: | A ResourceQuota object sets limits on resource use per namespace, controlling the number and type of objects created, and the total compute resources available. - potentialBenefits: Limits AKS resource usage per namespace + potentialBenefits Limits AKS resource usage per namespace pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resource Quotas - url: https://kubernetes.io/docs/concepts/policy/resource-quotas/ + - name: Resource Quotas + url: "https://kubernetes.io/docs/concepts/policy/resource-quotas/" - description: Attach Virtual Nodes (ACI) to the AKS cluster aprlGuid: b4639ca7-6308-429a-8b98-92f0bf9bf813 @@ -227,17 +227,17 @@ recommendationMetadataState: Active longDescription: | To rapidly scale AKS workloads, utilize virtual nodes for quick pod provisioning, unlike Kubernetes auto-scaler. For clusters with availability zones, ensure one nodepool per AZ due to persistent volumes not working across AZs, preventing auto-scaler pod creation failures if lacking access. - potentialBenefits: Faster scaling with virtual nodes + potentialBenefits Faster scaling with virtual nodes pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Virtual Nodes - url: https://learn.microsoft.com/azure/aks/virtual-nodes - - name: Azure Container Instances - url: https://learn.microsoft.com/azure/container-instances/container-instances-overview + - name: Virtual Nodes + url: "https://learn.microsoft.com/azure/aks/virtual-nodes" + - name: Azure Container Instances + url: "https://learn.microsoft.com/azure/container-instances/container-instances-overview" - description: Update AKS tier to Standard aprlGuid: 0611251f-e70f-4243-8ddd-cfe894bec2e7 @@ -248,17 +248,17 @@ recommendationMetadataState: Active longDescription: | Production AKS clusters require the Standard tier for a financially backed SLA and enhanced node scalability, as the free service lacks these features. - potentialBenefits: SLA guarantee & better scalability + potentialBenefits SLA guarantee & better scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Pricing Tiers - url: https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers - - name: AKS Baseline Architecture - url: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#kubernetes-api-server-sla + - name: Pricing Tiers + url: "https://learn.microsoft.com/en-us/azure/aks/free-standard-pricing-tiers" + - name: AKS Baseline Architecture + url: "https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#kubernetes-api-server-sla" - description: Enable AKS Monitoring aprlGuid: dcaf8128-94bd-4d53-9235-3a0371df6b74 @@ -269,15 +269,15 @@ recommendationMetadataState: Active longDescription: | Azure Monitor enables real-time health and performance insights for AKS by collecting events, capturing container logs, and gathering CPU/Memory data from the Metrics API. It allows data visualization using Azure Monitor Container Insights, Prometheus, Grafana, or others. - potentialBenefits: Real-time AKS health/performance insights + potentialBenefits Real-time AKS health/performance insights pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Monitor AKS - url: https://learn.microsoft.com/azure/aks/monitor-aks + - name: Monitor AKS + url: "https://learn.microsoft.com/azure/aks/monitor-aks" - description: Use Ephemeral OS disks on AKS clusters aprlGuid: a7bfcc18-b0d8-4d37-81f3-8131ed8bead5 @@ -288,19 +288,19 @@ recommendationMetadataState: Active longDescription: | Ephemeral OS disks on AKS offer lower read/write latency due to local attachment, eliminating the need for replication seen with managed disks. This enhances performance and speeds up cluster operations such as scaling or upgrading due to quicker re-imaging and boot times. - potentialBenefits: Lower latency, faster re-imaging & booting + potentialBenefits Lower latency, faster re-imaging & booting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Ephemeral OS disk - url: https://learn.microsoft.com/azure/aks/concepts-storage#ephemeral-os-disk - - name: Configure an AKS cluster - url: https://learn.microsoft.com/azure/aks/cluster-configuration - - name: Everything you want to know about ephemeral OS disks and AKS - url: https://learn.microsoft.com/samples/azure-samples/aks-ephemeral-os-disk/aks-ephemeral-os-disk/ + - name: Ephemeral OS disk + url: "https://learn.microsoft.com/azure/aks/concepts-storage#ephemeral-os-disk" + - name: Configure an AKS cluster + url: "https://learn.microsoft.com/azure/aks/cluster-configuration" + - name: Everything you want to know about ephemeral OS disks and AKS + url: "https://learn.microsoft.com/samples/azure-samples/aks-ephemeral-os-disk/aks-ephemeral-os-disk/" - description: Enable and remediate Azure Policies configured for AKS aprlGuid: 26ebaf1f-c70d-4ebd-8641-4b60a0ce0094 @@ -311,17 +311,17 @@ recommendationMetadataState: Active longDescription: | Azure Policies in AKS clusters help enforce governance best practices concerning security, authentication, provisioning, networking, and more, ensuring a robust and secure environment for operations. - potentialBenefits: Enhanced AKS governance & security + potentialBenefits Enhanced AKS governance & security pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: AKS Baseline - Policy Management - url: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#policy-management - - name: Built-in Policy Definitions for AKS - url: https://learn.microsoft.com/en-us/azure/aks/policy-reference + - name: AKS Baseline - Policy Management + url: "https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/containers/aks/baseline-aks?toc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fazure%2Fbread%2Ftoc.json#policy-management" + - name: Built-in Policy Definitions for AKS + url: "https://learn.microsoft.com/en-us/azure/aks/policy-reference" - description: Enable GitOps when using DevOps frameworks aprlGuid: 5f3cbd68-692a-4121-988c-9770914859a9 @@ -332,17 +332,17 @@ recommendationMetadataState: Active longDescription: | GitOps, an operating model for cloud-native apps, uses Git for storing application and infrastructure code as a source of truth for continuous delivery. - potentialBenefits: Ensures AKS config consistency + potentialBenefits Ensures AKS config consistency pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: GitOps with AKS - url: https://learn.microsoft.com/en-us/azure/architecture/guide/aks/aks-cicd-github-actions-and-gitops - - name: GitOps for AKS - Reference Architecture - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gitops-aks/gitops-blueprint-aks + - name: GitOps with AKS + url: "https://learn.microsoft.com/en-us/azure/architecture/guide/aks/aks-cicd-github-actions-and-gitops" + - name: GitOps for AKS - Reference Architecture + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gitops-aks/gitops-blueprint-aks" - description: Configure affinity or anti-affinity rules based on application requirements aprlGuid: 928fcc6f-5e9a-42d9-9bd4-260af42de2e5 @@ -353,17 +353,17 @@ recommendationMetadataState: Active longDescription: | Configure Topology Spread Constraints to spread Pods across your cluster among failure-domains like regions, zones, nodes, and other domains for high availability and efficient resource utilization. - potentialBenefits: Ensures high availability and efficient use + potentialBenefits Ensures high availability and efficient use pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Topology Spread Constraints - url: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ - - name: Assign Pod Node - url: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + - name: Topology Spread Constraints + url: "https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/" + - name: Assign Pod Node + url: "https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/" - description: Configures Pods Liveness, Readiness, and Startup Probes aprlGuid: cd6791b1-c60e-4b37-ac98-9897b1e6f4b8 @@ -374,17 +374,17 @@ recommendationMetadataState: Active longDescription: | AKS kubelet controller uses liveness probes to validate containers and applications health, ensuring the system knows when to restart a container based on its health status. - potentialBenefits: Enhances container health monitoring + potentialBenefits Enhances container health monitoring pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure probes - url: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ - - name: Assign Pod Node - url: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/ + - name: Configure probes + url: "https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/" + - name: Assign Pod Node + url: "https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/" - description: Configure pod replica sets in production applications to guarantee availability aprlGuid: bcfe71f1-ebed-49e5-a84a-193b81ad5d27 @@ -395,15 +395,15 @@ recommendationMetadataState: Active longDescription: | Configuring ReplicaSets in Pod or Deployment manifests stabilizes the number of replica Pods, ensuring that a specified number of identical Pods are always available, thereby guaranteeing their availability. - potentialBenefits: Ensures stable pod availability + potentialBenefits Ensures stable pod availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Replica Sets - url: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ + - name: Replica Sets + url: "https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/" - description: Configure system nodepool count aprlGuid: 7f7ae535-a5ba-4665-b7e0-c451dbdda01f @@ -414,15 +414,15 @@ recommendationMetadataState: Active longDescription: | The system node pool should be configured with a minimum node count of two to ensure critical system pods are resilient to node outages. - potentialBenefits: Ensures pod resilience + potentialBenefits Ensures pod resilience pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: System nodepools - url: https://learn.microsoft.com/azure/aks/use-system-pools?tabs=azure-cli + - name: System nodepools + url: "https://learn.microsoft.com/azure/aks/use-system-pools?tabs=azure-cli" - description: Configure user nodepool count aprlGuid: 005ccbbd-aeab-46ef-80bd-9bd4479412ec @@ -433,15 +433,15 @@ recommendationMetadataState: Active longDescription: | Configuring the user node pool with at least two nodes is essential for applications needing high availability, ensuring they remain operational and accessible without interruption. - potentialBenefits: Ensures high app availability + potentialBenefits Ensures high app availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Well-Architected Framework review for Azure Kubernetes Service (AKS) - url: https://learn.microsoft.com/azure/well-architected/service-guides/azure-kubernetes-service#design-checklist + - name: Azure Well-Architected Framework review for Azure Kubernetes Service (AKS) + url: "https://learn.microsoft.com/azure/well-architected/service-guides/azure-kubernetes-service#design-checklist" - description: Configure pod disruption budgets (PDBs) aprlGuid: a08a06a0-e41a-4b99-83bb-69ce8bca54cb @@ -452,17 +452,17 @@ recommendationMetadataState: Active longDescription: | A Pod Disruption Budget is a Kubernetes resource configuring the minimum number or percentage of pods that should remain available during disruptions like maintenance or scaling, ensuring a minimum number of pods are always available in the cluster. - potentialBenefits: Ensures cluster resiliency during disruptions + potentialBenefits Ensures cluster resiliency during disruptions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure PDBs - url: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ - - name: Plan availability using PDBs - url: https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#plan-for-availability-using-pod-disruption-budgets + - name: Configure PDBs + url: "https://kubernetes.io/docs/tasks/run-application/configure-pdb/" + - name: Plan availability using PDBs + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#plan-for-availability-using-pod-disruption-budgets" - description: Nodepool subnet size needs to accommodate maximum auto-scale settings aprlGuid: e620fa98-7a40-41a0-bfc9-b4407297fb58 @@ -473,15 +473,15 @@ recommendationMetadataState: Active longDescription: | Nodepool subnets sized for max auto-scale settings enable AKS to efficiently scale out nodes, meeting increased demand while reducing resource constraints and potential service disruptions. - potentialBenefits: Efficient scaling, reduced disruptions + potentialBenefits Efficient scaling, reduced disruptions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: AKS Networking - url: https://learn.microsoft.com/azure/aks/concepts-network + - name: AKS Networking + url: "https://learn.microsoft.com/azure/aks/concepts-network" - description: Enforce resource quotas at the namespace level aprlGuid: d479df28-d367-4ef0-8b86-0495ab94fabd @@ -492,13 +492,13 @@ recommendationMetadataState: Active longDescription: | Enforcing namespace-level resource quotas in AKS is crucial for reliability, preventing resource exhaustion and maintaining cluster stability. It stops applications or users from monopolizing resources, avoiding degraded performance or outages for others. - potentialBenefits: Prevents resource monopoly, ensures stability + potentialBenefits Prevents resource monopoly, ensures stability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resource quotas - url: https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#enforce-resource-quotas + - name: Resource quotas + url: "https://learn.microsoft.com/azure/aks/operator-best-practices-scheduler#enforce-resource-quotas" diff --git a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml index fa284adc6..bf7384244 100644 --- a/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforMySQL/flexibleServers/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Enable HA with zone redundancy on flexible server instances to deploy a standby replica in a different zone, offering automatic failover capability for improved reliability and disaster recovery. - potentialBenefits: Enhanced uptime & data protection + potentialBenefits Enhanced uptime & data protection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: High availability concepts in Azure Database for MySQL - Flexible Server - url: https://learn.microsoft.com/azure/mysql/flexible-server/concepts-high-availability + - name: High availability concepts in Azure Database for MySQL - Flexible Server + url: "https://learn.microsoft.com/azure/mysql/flexible-server/concepts-high-availability" - description: Enable custom maintenance schedule aprlGuid: 82a9a0f2-24ee-496f-9ad2-25f81710942d @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Use custom maintenance schedule on flexible server instances to select a preferred time for service updates to be applied. - potentialBenefits: Control update timings + potentialBenefits Control update timings pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Scheduled maintenance in Azure Database for MySQL - Flexible Server - url: https://learn.microsoft.com/azure/mysql/flexible-server/concepts-maintenance + - name: Scheduled maintenance in Azure Database for MySQL - Flexible Server + url: "https://learn.microsoft.com/azure/mysql/flexible-server/concepts-maintenance" diff --git a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml index a9c031522..6d989628e 100644 --- a/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml +++ b/azure-resources/DBforPostgreSQL/flexibleServers/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Enable HA with zone redundancy on flexible server instances to deploy a standby replica in a different zone, offering automatic failover capability for improved reliability and disaster recovery. - potentialBenefits: Enhanced uptime & data protection + potentialBenefits Enhanced uptime & data protection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Overview of high availability with Azure Database for PostgreSQL - url: https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-high-availability + - name: Overview of high availability with Azure Database for PostgreSQL + url: "https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-high-availability" - description: Enable custom maintenance schedule aprlGuid: b2bad57d-7e03-4c0f-9024-597c9eb295bb @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Use custom maintenance schedule on flexible server instances to select a preferred time for service updates to be applied. - potentialBenefits: Control update timings + potentialBenefits Control update timings pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Scheduled maintenance in Azure Database for PostgreSQL - Flexible Server - url: https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-maintenance + - name: Scheduled maintenance in Azure Database for PostgreSQL - Flexible Server + url: "https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-maintenance" diff --git a/azure-resources/Databricks/workspaces/recommendations.yaml b/azure-resources/Databricks/workspaces/recommendations.yaml index 7df78ff73..e5f86b7d3 100644 --- a/azure-resources/Databricks/workspaces/recommendations.yaml +++ b/azure-resources/Databricks/workspaces/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Databricks recommends migrating workloads to the latest or LTS version of its runtime for enhanced stability and support. If on Runtime 11.3 LTS or above, move directly to the latest 12.x version. If below, first migrate to 11.3 LTS, then to the latest 12.x version as per the migration guide. - potentialBenefits: Enhanced stability & support + potentialBenefits Enhanced stability & support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Databricks runtime support lifecycles - url: https://learn.microsoft.com/en-us/azure/databricks/release-notes/runtime/databricks-runtime-ver + - name: Databricks runtime support lifecycles + url: "https://learn.microsoft.com/en-us/azure/databricks/release-notes/runtime/databricks-runtime-ver" - description: Use Databricks Pools aprlGuid: c166602e-0804-e34b-be8f-09b4d56e1fcd @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Databricks pools pre-provision VMs, reducing risks of provisioning errors during cluster start or scale, enhancing reliability. - potentialBenefits: Reduces provisioning errors + potentialBenefits Reduces provisioning errors pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use SSD backed VMs for Worker VM Type and Driver type aprlGuid: 5877a510-8444-7a4c-8412-a8dab8662f7e @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Upgrade HDDs in premium VMs to SSDs for better speed and reliability. Premium SSDs boost IO-heavy apps; Standard SSDs balance cost and performance. Ideal for critical workloads, upgrading improves connectivity with brief reboot. Consider for vital VMs - potentialBenefits: Faster, reliable VM performance + potentialBenefits Faster, reliable VM performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure managed disk types - url: https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd + - name: Azure managed disk types + url: "https://learn.microsoft.com/azure/virtual-machines/disks-types#premium-ssd" - description: Enable autoscaling for batch workloads aprlGuid: 5c72f0d6-55ec-d941-be84-36c194fa78c0 @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Autoscaling adjusts cluster sizes automatically based on workload demands, offering benefits for many use cases in terms of costs and performance. It includes guidance on when and how to best utilize Autoscaling. For streaming, Delta Live Tables with autoscaling is advised. - potentialBenefits: Cost & performance optimization + potentialBenefits Cost & performance optimization pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-batch-workloadss + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-batch-workloadss" - description: Enable autoscaling for SQL warehouse aprlGuid: 362ad2b6-b92c-414f-980a-0cf69467ccce @@ -83,15 +83,15 @@ recommendationMetadataState: Active longDescription: | The scaling parameter of a SQL warehouse defines the min and max number of clusters for distributing queries. By default, it's set to one. Increasing the cluster count can accommodate more concurrent users effectively. - potentialBenefits: Improves concurrency & efficiency + potentialBenefits Improves concurrency & efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-sql-warehouse + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#enable-autoscaling-for-sql-warehouse" - description: Use Delta Live Tables enhanced autoscaling aprlGuid: cd77db98-9b13-6e4b-bd2b-74c2cb538628 @@ -102,17 +102,17 @@ recommendationMetadataState: Active longDescription: | Databricks enhanced autoscaling optimizes cluster utilization by automatically allocating cluster resources based on workload volume, with minimal impact on the data processing latency of your pipelines. - potentialBenefits: Optimized resource use & minimal latency + potentialBenefits Optimized resource use & minimal latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/azure/databricks/lakehouse-architecture/reliability/best-practices - - name: Databricks enhanced autoscaling - url: https://learn.microsoft.com/azure/databricks/delta-live-tables/settings#use-autoscaling-to-increase-efficiency-and-reduce-resource-usage + - name: Best practices for reliability + url: "https://learn.microsoft.com/azure/databricks/lakehouse-architecture/reliability/best-practices" + - name: Databricks enhanced autoscaling + url: "https://learn.microsoft.com/azure/databricks/delta-live-tables/settings#use-autoscaling-to-increase-efficiency-and-reduce-resource-usage" - description: Automatic Job Termination is enabled, ensure there are no user-defined local processes aprlGuid: 3d3e53b5-ebd1-db42-b43b-d4fad74824ec @@ -123,15 +123,15 @@ recommendationMetadataState: Active longDescription: | To conserve cluster resources, you can terminate a cluster to store its configuration for future reuse or autostart jobs. Clusters can auto-terminate after inactivity, but this only tracks Spark jobs, not local processes, which might still be running even after Spark jobs end. - potentialBenefits: Saves cluster resources, avoids idle use + potentialBenefits Saves cluster resources, avoids idle use pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability? - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability? + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Enable Logging-Cluster log delivery aprlGuid: 7fb90127-5364-bb4d-86fa-30778ed713fb @@ -142,15 +142,15 @@ recommendationMetadataState: Active longDescription: | When creating a Databricks cluster, you can set a log delivery location for the Spark driver, worker nodes, and events. Logs are delivered every 5 mins and archived hourly. Upon cluster termination, all generated logs until that point are guaranteed to be delivered. - potentialBenefits: Improved troubleshooting & audit + potentialBenefits Improved troubleshooting & audit pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Create a cluster - url: https://learn.microsoft.com/en-us/azure/databricks/clusters/configure#cluster-log-delivery + - name: Create a cluster + url: "https://learn.microsoft.com/en-us/azure/databricks/clusters/configure#cluster-log-delivery" - description: Use Delta Lake for higher reliability aprlGuid: da4ea916-4df3-8c4d-8060-17b49da45977 @@ -161,15 +161,15 @@ recommendationMetadataState: Active longDescription: | Delta Lake is an open source storage format enhancing data lakes' reliability with ACID transactions, schema enforcement, and scalable metadata handling. - potentialBenefits: Enhances data reliability & processing + potentialBenefits Enhances data reliability & processing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use Photon Acceleration aprlGuid: 892ca809-e2b5-9a47-924a-71132bf6f902 @@ -180,15 +180,15 @@ recommendationMetadataState: Active longDescription: | Apache Spark in Databricks Lakehouse ensures resilient distributed data processing by automatically rescheduling failed tasks, aiding in overcoming external issues like network problems or revoked VMs. - potentialBenefits: Boosts speed & reliability for Spark tasks + potentialBenefits Boosts speed & reliability for Spark tasks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-apache-spark-or-photon-for-distributed-compute + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-apache-spark-or-photon-for-distributed-compute" - description: Automatically rescue invalid or nonconforming data with Databricks Auto Loader or Delta Live Tables aprlGuid: 7e52d64d-8cc0-8548-a593-eb49ab45630d @@ -199,15 +199,15 @@ recommendationMetadataState: Active longDescription: | Invalid or nonconforming data can crash workloads dependent on specific data formats. Best practices recommend filtering such data at ingestion to improve end-to-end resilience, ensuring no data is lost or missed. - potentialBenefits: Enhanced data resilience and integrity + potentialBenefits Enhanced data resilience and integrity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Configure jobs for automatic retries and termination aprlGuid: 84e44da6-8cd7-b349-b02c-c8bf72cf587c @@ -218,15 +218,15 @@ recommendationMetadataState: Active longDescription: | Use Databricks and MLflow for deploying models as Spark UDFs for job scheduling, retries, autoscaling. Model serving offers scalable infrastructure, processes models using MLflow, and serves them via REST API using serverless compute managed in Databricks cloud. - potentialBenefits: Enhanced reliability & autoscaling + potentialBenefits Enhanced reliability & autoscaling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use a scalable and production-grade model serving infrastructure aprlGuid: 4cbb7744-ff3d-0447-badb-baf068c95696 @@ -237,15 +237,15 @@ recommendationMetadataState: Active longDescription: | Use Databricks and MLflow for deploying models as Apache Spark UDFs, benefiting from job scheduling, retries, autoscaling, etc. - potentialBenefits: Enhances scalability & reliability + potentialBenefits Enhances scalability & reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use a layered storage architecture aprlGuid: 1b0d0893-bf0e-8f4c-9dc6-f18f145c1ecf @@ -256,15 +256,15 @@ recommendationMetadataState: Active longDescription: | Curate data by creating a layered architecture to increase data quality across layers. Start with a raw layer for ingested source data, continue with a curated layer for cleansed and refined data, and finish with a final layer catered to business needs, focusing on security and performance. - potentialBenefits: Enhances data quality & trust + potentialBenefits Enhances data quality & trust pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Improve data integrity by reducing data redundancy aprlGuid: e93fe702-e385-d741-ba37-1f1656482ecd @@ -275,15 +275,15 @@ recommendationMetadataState: Active longDescription: | Copying data leads to redundancy, lost integrity, lineage, and access issues, affecting lakehouse data quality. Temporary copies are useful for agility and innovation but can become problematic operational data silos, questioning data's master status and currency. - potentialBenefits: Enhanced data integrity and quality + potentialBenefits Enhanced data integrity and quality pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Actively manage schemas aprlGuid: b7e1d13f-54c9-1648-8a52-34c0abe8ce16 @@ -294,15 +294,15 @@ recommendationMetadataState: Active longDescription: | Uncontrolled schema changes can lead to invalid data and failing jobs. Databricks validates and enforces schema through Delta Lake, which prevents bad records during ingestion, and Auto Loader, which detects new columns and supports schema evolution to maintain data integrity. - potentialBenefits: Prevents invalid data & job failures + potentialBenefits Prevents invalid data & job failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Use constraints and data expectations aprlGuid: a42297c4-7e4f-8b41-8d4b-114033263f0e @@ -313,15 +313,15 @@ recommendationMetadataState: Active longDescription: | Delta tables verify data quality automatically with SQL constraints, triggering an error for violations. Delta Live Tables enhance this by defining expectations for data quality, utilizing Python or SQL, to manage actions for record failures, ensuring data integrity and compliance. - potentialBenefits: Ensures data quality and integrity + potentialBenefits Ensures data quality and integrity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-constraints-and-data-expectations + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#use-constraints-and-data-expectations" - description: Create regular backups aprlGuid: 932d45d6-b46d-e341-abfb-d97bce832f1f @@ -332,15 +332,15 @@ recommendationMetadataState: Active longDescription: | To recover from a failure, regular backups are needed. The Databricks Labs project migrate lets admins create backups by exporting workspace assets using the Databricks CLI/API. These backups help in restoring or migrating workspaces. - potentialBenefits: Ensures data recovery & migration + potentialBenefits Ensures data recovery & migration pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#create-regular-backups + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#create-regular-backups" - description: Recover from Structured Streaming query failures aprlGuid: 12e9d852-5cdc-2743-bffe-ee21f2ef7781 @@ -351,15 +351,15 @@ recommendationMetadataState: Active longDescription: | Structured Streaming ensures fault-tolerance and data consistency in streaming queries. With Azure Databricks workflows, you can set up your queries to automatically restart after failure, picking up precisely where they left off. - potentialBenefits: Fault-tolerance & auto-restart for queries + potentialBenefits Fault-tolerance & auto-restart for queries pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-from-structured-streaming-query-failures + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-from-structured-streaming-query-failures" - description: Recover ETL jobs based on Delta time travel aprlGuid: a18d60f8-c98c-ba4e-ad6e-2fac72879df1 @@ -370,15 +370,15 @@ recommendationMetadataState: Active longDescription: | Despite thorough testing, a production job can fail or yield unexpected data. Sometimes, repairs are done by adding jobs post-issue identification and pipeline correction. - potentialBenefits: Easy rollback and fix for ETL jobs + potentialBenefits Easy rollback and fix for ETL jobs pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-etl-jobs-based-on-delta-time-travel + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices#recover-etl-jobs-based-on-delta-time-travel" - description: Use Databricks Workflows and built-in recovery aprlGuid: c0e22580-3819-444d-8546-a80e4ed85c83 @@ -389,15 +389,15 @@ recommendationMetadataState: Active longDescription: | Databricks Workflows enable efficient error recovery in multi-task jobs by offering a matrix view for issue examination. Fixes can be applied to initiate repair runs targeting only failed and dependent tasks, preserving successful outcomes and thereby saving time and money. - potentialBenefits: Saves time and money with smart recovery + potentialBenefits Saves time and money with smart recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for reliability - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices + - name: Best practices for reliability + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/reliability/best-practices" - description: Configure a disaster recovery pattern aprlGuid: 4fdb7112-4531-6f48-b60e-c917a6068d9b @@ -408,15 +408,15 @@ recommendationMetadataState: Active longDescription: | Implementing a disaster recovery pattern is vital for Azure Databricks, a cloud-native data analytics platform, ensuring data teams' access even during rare regional outages caused by disasters like hurricanes or earthquakes. - potentialBenefits: Ensures service continuity during disasters + potentialBenefits Ensures service continuity during disasters pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks Best Practices - url: https://github.com/Azure/AzureDatabricksBestPractices/tree/master + - name: Azure Databricks Best Practices + url: "https://github.com/Azure/AzureDatabricksBestPractices/tree/master" - description: Automate deployments and workloads aprlGuid: 42aedaa8-6151-424d-b782-b8666c779969 @@ -427,15 +427,15 @@ recommendationMetadataState: Active longDescription: | The Databricks Terraform provider manages Azure Databricks workspaces and cloud infrastructure flexibly and powerfully. - potentialBenefits: Efficient, reliable automation + potentialBenefits Efficient, reliable automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for operational excellence - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#2-automate-deployments-and-workloads + - name: Best practices for operational excellence + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#2-automate-deployments-and-workloads" - description: Set up monitoring, alerting, and logging aprlGuid: 20193ff9-dbcd-a74e-b197-71d7d9d3c1e6 @@ -446,15 +446,15 @@ recommendationMetadataState: Active longDescription: | The Databricks Terraform provider is a flexible, powerful tool for managing Azure Databricks workspaces and cloud infrastructure. - potentialBenefits: Enhanced reliability & automation + potentialBenefits Enhanced reliability & automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Best practices for operational excellence - url: https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#system-monitoring + - name: Best practices for operational excellence + url: "https://learn.microsoft.com/en-us/azure/databricks/lakehouse-architecture/operational-excellence/best-practices#system-monitoring" - description: Deploy workspaces in separate Subscriptions aprlGuid: 397cdebb-9d6e-ab4f-83a1-8c481de0a3a7 @@ -465,15 +465,15 @@ recommendationMetadataState: Active longDescription: | Customers often naturally divide workspaces by teams or departments. However, it's crucial to also consider Azure Subscription and ADB Workspace limits when partitioning. - potentialBenefits: Enhanced limits management, team separation + potentialBenefits Enhanced limits management, team separation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks Best Practices - url: https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#deploy-workspaces-in-multiple-subscriptions-to-honor-azure-capacity-limits + - name: Azure Databricks Best Practices + url: "https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#deploy-workspaces-in-multiple-subscriptions-to-honor-azure-capacity-limits" - description: Isolate each workspace in its own Vnet aprlGuid: 5e722c4f-415a-9b4c-bd4c-96b74dce29ad @@ -484,15 +484,15 @@ recommendationMetadataState: Active longDescription: | Deploying only one Databricks Workspace per VNet aligns with ADB's isolation model. - potentialBenefits: Enhanced security & resource isolation + potentialBenefits Enhanced security & resource isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks Best Practices - url: https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#consider-isolating-each-workspace-in-its-own-vnet + - name: Azure Databricks Best Practices + url: "https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#consider-isolating-each-workspace-in-its-own-vnet" - description: Do not Store any Production Data in Default DBFS Folders aprlGuid: 14310ba6-77ad-3641-a2db-57a2218b9bc7 @@ -503,15 +503,15 @@ recommendationMetadataState: Active longDescription: | Driven by security and data availability concerns, each Azure Databricks Workspace comes with a default DBFS designed for system-level artifacts like libraries and Init scripts, not for production data. - potentialBenefits: Enhanced security, data protection + potentialBenefits Enhanced security, data protection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks Best Practices - url: https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#do-not-store-any-production-data-in-default-dbfs-foldersr + - name: Azure Databricks Best Practices + url: "https://github.com/Azure/AzureDatabricksBestPractices/blob/master/toc.md#do-not-store-any-production-data-in-default-dbfs-foldersr" - description: Do not use Azure Spot VMs for critical Production workloads aprlGuid: b5af7e26-3939-1b48-8fba-f8d4a475c67a @@ -522,15 +522,15 @@ recommendationMetadataState: Active longDescription: | Azure Spot VMs are not suitable for critical production workloads needing high availability and reliability. They are meant for fault-tolerant tasks and can be evicted with 30-seconds notice if Azure needs the capacity, with no SLA guarantees. - potentialBenefits: Ensures high reliability for production + potentialBenefits Ensures high reliability for production pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Use Azure Spot Virtual Machines - url: https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms + - name: Use Azure Spot Virtual Machines + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms" - description: Migrate Legacy Workspaces aprlGuid: 8aa63c34-dd9d-49bd-9582-21ec310dfbdd @@ -541,19 +541,19 @@ recommendationMetadataState: Active longDescription: | Azure Databricks transitioned from a shared to dedicated in-region control planes to prevent regional outages affecting customer workspaces. Legacy workspaces, established before this change, differ from newer workspaces that utilize in-region control planes. - potentialBenefits: Improves resilience and data sovereignty + potentialBenefits Improves resilience and data sovereignty pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Databricks regions - IP addresses and domains - url: https://learn.microsoft.com/azure/databricks/resources/supported-regions#--ip-addresses-and-domains - - name: Migrate - maintained by Databricks Inc. - url: https://github.com/databrickslabs/migrate - - name: Databricks Terraform Exporter - maintained by Databricks Inc. (Experimental) - url: https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/experimental-exporter + - name: Azure Databricks regions - IP addresses and domains + url: "https://learn.microsoft.com/azure/databricks/resources/supported-regions#--ip-addresses-and-domains" + - name: Migrate - maintained by Databricks Inc. + url: "https://github.com/databrickslabs/migrate" + - name: Databricks Terraform Exporter - maintained by Databricks Inc. (Experimental) + url: "https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/experimental-exporter" - description: Define alternate VM SKUs aprlGuid: 028593be-956e-4736-bccf-074cb10b92f4 @@ -564,15 +564,15 @@ recommendationMetadataState: Active longDescription: | Azure Databricks planning should include VM SKU swap strategies for capacity issues. VMs are regional, and allocation failures may occur, shown by a "CLOUD PROVIDER" error. - potentialBenefits: Ensures service availability + potentialBenefits Ensures service availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Compute configuration best practices - url: https://learn.microsoft.com/azure/databricks/compute/cluster-config-best-practices - - name: GPU-enabled compute - url: https://learn.microsoft.com/azure/databricks/compute/gpu + - name: Compute configuration best practices + url: "https://learn.microsoft.com/azure/databricks/compute/cluster-config-best-practices" + - name: GPU-enabled compute + url: "https://learn.microsoft.com/azure/databricks/compute/gpu" diff --git a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml index b395db6a1..736d6affd 100644 --- a/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml +++ b/azure-resources/DesktopVirtualization/hostPools/recommendations.yaml @@ -9,15 +9,15 @@ At least one Validation Pool to have early warning if a planned update to AVD causes an issue. Also check that the host pool has been used regularly to test planned updates. Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. - potentialBenefits: Early issue detection & testing for AVD updates + potentialBenefits Early issue detection & testing for AVD updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal" - description: (Pooled) Configure scheduled agent updates aprlGuid: 9fc522c1-d5b0-4bad-8169-1e1d32855afd @@ -29,15 +29,15 @@ To ensure your apps work with the latest updates, the validation host pool shoul longDescription: | Ensure schedules have been created to provide maintenance windows for AVD agent updates. The Scheduled Agent Updates feature lets you create up to two maintenance windows for the Azure Virtual Desktop agent, side-by-side stack, and Geneva Monitoring agent to get updated so that updates don't happen during peak business hours. - potentialBenefits: Minimizes disruptions, ensures updates + potentialBenefits Minimizes disruptions, ensures updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates" - description: (Pooled) Create a validation pool for testing of planned updates aprlGuid: 0a22b144-6fa7-4032-be77-fa64152858eb @@ -51,15 +51,15 @@ At least one Validation Pool to have early warning if a planned update to AVD ca Also check that the host pool has been used regularly to test planned updates. Host pools are a collection of one or more identical virtual machines within Azure Virtual Desktop environment. We highly recommend you create a validation host pool where service updates are applied first. Validation host pools let you monitor service updates before the service applies them to your standard or non-validation environment. Without a validation host pool, you may not discover changes that introduce errors, which could result in downtime for users in your standard environment. To ensure your apps work with the latest updates, the validation host pool should be as similar to host pools in your non-validation environment as possible. Users should connect as frequently to the validation host pool as they do to the standard host pool. If you have automated testing on your host pool, you should include automated testing on the validation host pool. - potentialBenefits: Early detection of update issues. + potentialBenefits Early detection of update issues. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/configure-validation-environment?tabs=azure-portal" - description: Use Private link when connecting to File Share or Key Vault aprlGuid: dc55be60-6f8c-461e-a9d5-a3c7686ed94e @@ -70,17 +70,17 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | Private Link is available for other Azure services that work in conjunction with Azure Virtual Desktop, such as Azure Files and Key Vault. From a resiliency standpoint, we recommending implementing private endpoints for these services to reduce exposure to potential internet-related issues such as latency, packet loss, and/or downtime. This can lead to more reliable communication between AVD and dependent services. - potentialBenefits: Enhances AVD reliability + potentialBenefits Enhances AVD reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link - - name: Private link - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link" + - name: Private link + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/networking#private-endpoints-private-link" - description: Configure AVD Insights Workbook aprlGuid: 0cf72d91-644d-4591-9bb7-84ba3f705a41 @@ -91,15 +91,15 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | AVD Insights is an Azure Workbook template provided by the AVD product team. It is highly recommended in order to monitor and troubleshoot AVD workloads across metrics, logs, events, and more. Both Production and DR workloads should be enabled with AVD Insights. - potentialBenefits: Enhanced AVD monitoring & troubleshooting + potentialBenefits Enhanced AVD monitoring & troubleshooting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/insights?tabs=monitor + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/insights?tabs=monitor" - description: Provision Secondary Key Vault for Disaster Recovery aprlGuid: 1f57434f-f884-41f3-b818-129bbe3c5d3b @@ -110,15 +110,15 @@ To ensure your apps work with the latest updates, the validation host pool shoul recommendationMetadataState: Active longDescription: | To ensure continuous availability and disaster recovery readiness, it is recommended to provision a secondary Key Vault in a secondary region. In the event of a primary region failure, this secondary Key Vault will ensure that critical secrets are accessible for use in deployments in the secondary region. - potentialBenefits: Ensures DR readiness and access + potentialBenefits Ensures DR readiness and access pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/key-vault/general/disaster-recovery-guidance" - description: Ensure virtual networks isolation with separate IP space and NSGs for Prod and DR aprlGuid: 37d1091b-e599-4548-a067-a9286be16e45 @@ -130,15 +130,15 @@ To ensure your apps work with the latest updates, the validation host pool shoul longDescription: | NSG and ASG per AVD persona and IP space per Prod/DR regions. It's important your organization plans for IP addressing in Azure. Planning ensures the IP address space doesn't overlap across on-premises locations and Azure regions. Overlapping IP address spaces across on-premises and Azure regions create major contention challenges. - potentialBenefits: Enhances security & prevents IP conflicts + potentialBenefits Enhances security & prevents IP conflicts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-ip-addressing" - description: Ensure virtual networks have route tables/route server configured for all regions aprlGuid: db1727d1-5c8e-4a01-a31e-f0d58cfd95b1 @@ -149,15 +149,15 @@ It's important your organization plans for IP addressing in Azure. Planning ensu recommendationMetadataState: Active longDescription: | For high availability connections back to on-premises datacenters should consider backup paths across the regions that have been utilized. Ensure redundancy in routing by having a secondary route table in the secondary region. - potentialBenefits: Enhanced availability & routing + potentialBenefits Enhanced availability & routing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering#need-for-redundant-connectivity-solution" - description: Segregate App attach storage in disaster recovery plans with distinct file shares aprlGuid: 7d9c96a6-1ce5-4cf0-ad1b-638a37f753cb @@ -170,15 +170,15 @@ It's important your organization plans for IP addressing in Azure. Planning ensu App Attach packages should be on a separate share from profiles. And App Attach files should be backed up. Best practice is to separate App Attach VHD files in a separate file share away from user profiles, both for performance and scalability purposes. Requirements can vary greatly depending on how many packaged applications are stored in an image, and you need to test your applications to understand your requirements. Your file share should be in the same Azure region as your session hosts. - potentialBenefits: Enhances performance & scalability + potentialBenefits Enhances performance & scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach" - description: Turn on Continuous Availability for ANF if using App Attach aprlGuid: 9b2301af-9cac-4f1a-871a-f17475d01812 @@ -190,15 +190,15 @@ Your file share should be in the same Azure region as your session hosts. longDescription: | Turn on Continuous Availability if using Azure Netapp Files. Verify the number of users connecting to each file share to make sure the SMB path can handle the number of file connections. Currently, Azure Files supports up to 10k handles per root directory. - potentialBenefits: Enhanced stability & user limit checks + potentialBenefits Enhanced stability & user limit checks pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/app-attach-overview?pivots=msix-app-attach" - description: Manually update new FSLogix image when available aprlGuid: d51e0a70-8b50-4be3-af8a-7c9065e47360 @@ -209,15 +209,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Ensure a process is in place to regularly check for FSLogix agent upgrades and maintain FSLogix up to date. We recommend customers upgrade to the latest version of FSLogix as quickly as their deployment process can allow. FSLogix will provide hotfix releases which address current and potential bugs that impact customer deployments. Additionally, it is the first requirement when opening any support case. - potentialBenefits: Enhanced reliability & support + potentialBenefits Enhanced reliability & support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/fslogix/how-to-install-fslogix + - name: Learn More + url: "https://learn.microsoft.com/en-us/fslogix/how-to-install-fslogix" - description: Configure Diagnostic Settings for FSLogix logs and enable review for accounts aprlGuid: 483f5a00-84a0-49f7-903b-ef6f1fc0c389 @@ -228,15 +228,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Regularly review FSLogix logs for errors and issues related to login and mounting the profile. Events can be reviewed by looking locally inside the Session Host and also in Log Analytics when the Azure Monitor Agent is used. - potentialBenefits: Enhanced AVD error tracking and resolution + potentialBenefits Enhanced AVD error tracking and resolution pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/fslogix/troubleshooting-events-logs-diagnostics + - name: Learn More + url: "https://learn.microsoft.com/en-us/fslogix/troubleshooting-events-logs-diagnostics" - description: Ensure user permissions are set correctly on SMB shares aprlGuid: 7b170ddd-5770-4945-9bc3-cd1ccf5f8672 @@ -247,15 +247,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Verify user permissions are correctly set on SMB shares so that users have appropriate access to only their own profile and not other user profiles, while administrators have full access at the root volume. Also ensure secondary storage path permissions are set in case of a DR event. - potentialBenefits: Enhanced security & disaster recovery + potentialBenefits Enhanced security & disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions + - name: Learn More + url: "https://learn.microsoft.com/en-us/fslogix/how-to-configure-storage-permissions" - description: Ensure the standard FSLogix configuration is deployed aprlGuid: c15b2b73-52a1-4db2-88dd-d592424ff4e4 @@ -266,15 +266,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa recommendationMetadataState: Active longDescription: | Ensure all session hosts have the standard FSLogix configuration deployed. Regularly validate settings for consistency and alignment with best practices. - potentialBenefits: Optimized session reliability and performance + potentialBenefits Optimized session reliability and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/fslogix/reference-configuration-settings?tabs=profiles + - name: Learn More + url: "https://learn.microsoft.com/en-us/fslogix/reference-configuration-settings?tabs=profiles" - description: Ensure a unique OU when deploying VMs to Domain aprlGuid: 939cb85c-102a-4e0a-ab82-5c92116d3778 @@ -286,15 +286,15 @@ Verify the number of users connecting to each file share to make sure the SMB pa longDescription: | Hybrid VMs should be in a unique OU. When using AD-joined session hosts will benefit from using a unique OU to target specific AVD configurations per hostpool. Examples include Fslogix, time out limits, session controls, and much more. It�s also important to segment Prod and DR organization units to ensure resources are configured per environment. - potentialBenefits: Improved AVD hostpool config & segmentation + potentialBenefits Improved AVD hostpool config & segmentation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/virtual-dc/adds-on-azure-vm#configure-the-vms-and-install-active-directory-domain-services + - name: Learn More + url: "https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/virtual-dc/adds-on-azure-vm#configure-the-vms-and-install-active-directory-domain-services" - description: Use Azure Site Recovery or Backups on VMs supporting personal desktops aprlGuid: 38721758-2cc2-4d6b-b7b7-8b47dadbf7df @@ -305,15 +305,15 @@ When using AD-joined session hosts will benefit from using a unique OU to target recommendationMetadataState: Active longDescription: | Leverage Azure Site Recovery (ASR) or implement Azure Backup for personal host pools for seamless failover and failback capabilities, enabling the replication of VMs supporting personal desktops to a secondary Azure region. In the event of a disaster or unexpected outage, this ensures the recovery of these VMs from a known-state. - potentialBenefits: Ensures VM recovery & failover + potentialBenefits Ensures VM recovery & failover pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/scheduled-agent-updates" - description: Create updated image version and replace session hosts rather than updating host directly aprlGuid: 2831dab9-6a43-44a1-8aec-90a8e84894bc @@ -325,15 +325,15 @@ When using AD-joined session hosts will benefit from using a unique OU to target longDescription: | Establish a systematic process for handling image updates within your Azure Virtual Desktop environment. Instead of directly updating individual session hosts, create a new version of the updated image. This process involves creating and configuring a golden image with the necessary updates and configurations. Once the new image is prepared, replace existing session hosts with instances using the updated image. This approach ensures consistency across all session hosts and minimizes the risk of configuration drift. Additionally, it enables quick rollback to a previous image version in case of any issues with the update. Implementing this process helps streamline maintenance activities and ensures that all session hosts are up-to-date with the latest configurations and updates. has context menu - potentialBenefits: Ensures consistency; minimizes drift + potentialBenefits Ensures consistency; minimizes drift pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/training/modules/create-manage-session-host-image/ + - name: Learn More + url: "https://learn.microsoft.com/en-us/training/modules/create-manage-session-host-image/" - description: Monitor Service Health and Resource Health of AVD aprlGuid: a75a20e7-8cc0-4f7b-b4a9-e2476bd72429 @@ -346,15 +346,15 @@ has context menu Use Service Health to stay informed about the health of the Azure services and regions that you use to insure their availability. Set up Service Health alerts so that you stay aware of service issues, planned maintenance, or other changes that might affect your Azure Virtual Desktop resources. Use Resource Health to monitor your VMs and storage solutions. - potentialBenefits: Enhanced AVD uptime and awareness + potentialBenefits Enhanced AVD uptime and awareness pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/monitoring#resource-health + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/monitoring#resource-health" - description: Deploy Domain Controllers and DNS Servers in Azure Virtual Network Across Availability Zones aprlGuid: 99bf5c94-aa68-4bb3-8b7f-45d1c5f09b5d @@ -366,15 +366,15 @@ Use Resource Health to monitor your VMs and storage solutions. longDescription: | When using an AD DS identity solution with AVD, it is recommended to deploy domain controllers and DNS servers on Azure virtual machines across availability zones. This improves the environment�s reliability by removing a dependency on an on-premises service and improves performance by creating a shorter path for user authentication. This recommendation is not relevant when you are utilizing Microsoft Entra as the identity provider. - potentialBenefits: Enhanced reliability and performance + potentialBenefits Enhanced reliability and performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/identity/adds-extend-domain#reliability + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/identity/adds-extend-domain#reliability" - description: Implement RDP Shortpath for Public or Managed Networks aprlGuid: 3835b4b3-0479-4be8-9ffd-34ae29fa33b9 @@ -385,15 +385,15 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | It is recommended to enable RDP Shortpath for AVD. RDP Shortpath is a feature of Azure Virtual Desktop that establishes a direct UDP-based transport between a supported Windows Remote Desktop client and session host. By default, Remote Desktop Protocol (RDP) tries to establish connection using UDP and uses a TCP-based reverse connect transport as a fallback connection mechanism. TCP-based reverse connect transport provides the best compatibility with various networking configurations and has a high success rate for establishing RDP connections. UDP-based transport offers better connection reliability and more consistent latency. - potentialBenefits: Better reliability & consistent latency + potentialBenefits Better reliability & consistent latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-shortpath?tabs=managed-networks + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-shortpath?tabs=managed-networks" - description: Implement a Multi-Region BCDR Plan aprlGuid: 0714d039-535e-468d-9732-e32b5c094faa @@ -404,17 +404,17 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | It is recommended to adopt a multi-region deployment (active-active) for AVD. Each region should contain at least identity, name resolution, AVD management resources, and session hosts in case of a primary region outage. - potentialBenefits: Enhanced resilience & uptime + potentialBenefits Enhanced resilience & uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Multi-region BCDR - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#active-active-scenarios + - name: Multi-region BCDR + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/azure-virtual-desktop-multi-region-bcdr" + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#active-active-scenarios" - description: Store Golden Image Redundantly for Disaster Recovery aprlGuid: 0bf1a2bb-7617-4ab2-a784-e7ea40c5f01b @@ -425,17 +425,17 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th recommendationMetadataState: Active longDescription: | If a full BCDR strategy is not in place, consider using zone-redundant storage to store golden images across availability zones. Having the image available will allow for faster recovery in case of zonal or regional outage. - potentialBenefits: Faster recovery from outages + potentialBenefits Faster recovery from outages pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Golden Image - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#golden-images - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/application-delivery#fault-tolerance + - name: Golden Image + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#golden-images" + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/application-delivery#fault-tolerance" - description: Capacity Planning for AVD Resources aprlGuid: ef4b3561-c85f-47cf-8cb0-51fae9ddf929 @@ -448,17 +448,17 @@ This recommendation is not relevant when you are utilizing Microsoft Entra as th Monitor and plan for subscription limits and API throttling limits. Closely monitor your Azure Virtual Desktop deployments, and keep track of resource usage within your subscription. By proactively monitoring capacity, you can identify potential challenges early on, and you can take suitable actions to avoid reaching limits. Consider scaling across multiple subscriptions if further scaling is required, or work with Azure support to adjust limits based on your business requirements. To handle a large number of users, consider scaling horizontally by creating multiple host pools. - potentialBenefits: Avoids limits, ensures smooth scaling + potentialBenefits Avoids limits, ensures smooth scaling pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Capacity Planning - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#capacity-planning - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop#azure-virtual-desktop-limitations + - name: Capacity Planning + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/business-continuity#capacity-planning" + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop#azure-virtual-desktop-limitations" - description: Ensure separate log analytics workspaces for Prod and DR aprlGuid: 89b4d8f6-6345-4d66-9012-c3fc2aef94e8 @@ -469,15 +469,15 @@ To handle a large number of users, consider scaling horizontally by creating mul recommendationMetadataState: Active longDescription: | Having separate Log Analytics ensures that your DR environment is fully operational for visibility of the metrics, performance, and other auditing tools your workload teams will rely on in the event of an incident. - potentialBenefits: Improved DR visibility & operation + potentialBenefits Improved DR visibility & operation pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/diagnostics-log-analytics" - description: Ensure that FSLogix Storage Account is Redundant aprlGuid: ed1f0327-0914-49e8-9518-16acb0d6b8d6 @@ -495,15 +495,15 @@ LRS for least expensive replication (not recommended for apps with high availabi - GZRS provides both high availability and redundancy across geo replication. It provides sixteen 9s durability over a given year. Generally, it is recommended to store your data as secure and redundant as possible. - potentialBenefits: Improves data durability & availability + potentialBenefits Improves data durability & availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/storage#user-profiles + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/well-architected/azure-virtual-desktop/storage#user-profiles" - description: Scaling plans should be created per region and not scaled across regions aprlGuid: e091419d-10ba-4a8e-bdb0-67380cc021a9 @@ -514,15 +514,15 @@ Generally, it is recommended to store your data as secure and redundant as possi recommendationMetadataState: Active longDescription: | Each region has its own scaling plans assigned to host pools within that region. However, these plans can become inaccessible if there's a regional failure. To mitigate this risk, it's advisable to create a secondary scaling plan in another region. - potentialBenefits: Enhances reliability across failures + potentialBenefits Enhances reliability across failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-scaling-plan?tabs=portal + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/autoscale-scaling-plan?tabs=portal" - description: Validate AVD Session Host Connectivity to the AVD Control Plane and UDP Ports open if in use aprlGuid: e718ac1a-ebab-4f75-9e4a-1a5ccef20d1f @@ -533,15 +533,15 @@ Generally, it is recommended to store your data as secure and redundant as possi recommendationMetadataState: Active longDescription: | Ensure that AVD session hosts can effectively communicate with the AVD control plane and that UDP ports are open if UDP is utilized. Validate the connectivity of VMs to the AVD Control Plane and confirm the accessibility of UDP TURN ports. Whitelist global URLs and ensure that UDP/TURN ports are open and accessible to facilitate smooth user connections. Proper connectivity validation guarantees optimal performance and user experience within the AVD environment. - potentialBenefits: Enhanced performance & user experience + potentialBenefits Enhanced performance & user experience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-rdp-shortpath + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/virtual-desktop/troubleshoot-rdp-shortpath" - description: Ensure Secondary Entra ID connect synchronization server aprlGuid: d984eaf9-0fa1-4f8d-a326-bda751993c6f @@ -553,15 +553,15 @@ Generally, it is recommended to store your data as secure and redundant as possi longDescription: | Hybrid - Entra ID Connect best to run in Azure but can be hosted on-prem. Secondary or more VMs should be setup in staging mode in event of failover. Set up secondary server in staging mode for Entra Connect for syncing to Entra in case of primary server outage. - potentialBenefits: Improved failover reliability + potentialBenefits Improved failover reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-multiple-domains + - name: Learn More + url: "https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-install-multiple-domains" - description: Deploy paired Domain Controllers in the same region as AVD session hosts aprlGuid: d61f6ee8-de1b-4fd9-9ce3-316cfe11ee05 @@ -573,15 +573,15 @@ Set up secondary server in staging mode for Entra Connect for syncing to Entra i longDescription: | Ensure each region with session hosts has multiple domain controllers in the same region to support high availability with regards to identity. For a hybrid scenario, each Azure region with AVD session hosts should have Active Directory Domain Controllers in Azure and use Availability Zones or Availability Sets for resilience within the region. This also mitigates dependency on ER/VPN/Inter-Azure dependencies. - potentialBenefits: Enhanced identity resilience + potentialBenefits Enhanced identity resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr" - description: Ensure DNS regions are replicated to avoid single point of failure aprlGuid: e1a34ac6-8761-4020-b537-d60c0be7514e @@ -592,15 +592,15 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | Active Directory Domain Services (AD DS) integrated DNS/other should target Secondary/Tertiary customer DNS across multi-region zones. If using custom DNS, ensure there are redundant DNS servers to avoid a single point of failure. - potentialBenefits: Improves uptime & resilience + potentialBenefits Improves uptime & resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/architecture/example-scenario/azure-virtual-desktop/azure-virtual-desktop-multi-region-bcdr" - description: Enable Azure Backup for FSLogix Storage Account aprlGuid: 0025ed2e-41f4-4ada-93c1-12484cef8b0c @@ -611,17 +611,17 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | It is recommended to enable backup on the FSLogix Storage Account. Ensuring the user profiles are resilient will allow user data and experience to be consistent through outages. - potentialBenefits: Ensures data resilience and consistency + potentialBenefits Ensures data resilience and consistency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: FSLogix - url: https://learn.microsoft.com/en-us/fslogix/overview-what-is-fslogix - - name: Backup Storage Account - url: https://learn.microsoft.com/en-us/azure/backup/blob-backup-configure-manage?tabs=operational-backup + - name: FSLogix + url: "https://learn.microsoft.com/en-us/fslogix/overview-what-is-fslogix" + - name: Backup Storage Account + url: "https://learn.microsoft.com/en-us/azure/backup/blob-backup-configure-manage?tabs=operational-backup" - description: Organize AVD resources using the AVD Scale unit model described by the AVD Landing Zone Methodology aprlGuid: 204b56b0-9710-4c16-b506-bafb5fb318ed @@ -632,13 +632,13 @@ For a hybrid scenario, each Azure region with AVD session hosts should have Acti recommendationMetadataState: Active longDescription: | Follow AVD Landing Zone best practices using multiple resource groups based on resource type and associated shared resources for AVD workloads. - potentialBenefits: Enhanced organization & scalability + potentialBenefits Enhanced organization & scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Learn More - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-virtual-desktop/enterprise-scale-landing-zone + - name: Learn More + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/azure-virtual-desktop/enterprise-scale-landing-zone" diff --git a/azure-resources/Devices/IotHubs/recommendations.yaml b/azure-resources/Devices/IotHubs/recommendations.yaml index b1d46e460..d11245756 100644 --- a/azure-resources/Devices/IotHubs/recommendations.yaml +++ b/azure-resources/Devices/IotHubs/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Device Identities should be copied to the failover region IoT-Hub for all IoT devices to ensure connectivity in case of a failover. Manual Failover to another region is quicker (RTO), suitable for mission critical workloads. - potentialBenefits: Faster failover; Ensures device connectivity + potentialBenefits Faster failover; Ensures device connectivity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Import and export IoT Hub device identities in bulk - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-bulk-identity-mgmt - - name: IoT Hub high availability and disaster recovery - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#manual-failover + - name: Import and export IoT Hub device identities in bulk + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-bulk-identity-mgmt" + - name: IoT Hub high availability and disaster recovery + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#manual-failover" - description: Do not use free tier aprlGuid: eeba3a49-fef0-481f-a471-7ff01139b474 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | In a production scenario, the IoT Hub tier should not be Free because the Free tier does not provide the necessary Service Level Agreement. - potentialBenefits: Ensures SLA for production + potentialBenefits Ensures SLA for production pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Choose the right IoT Hub tier and size for your solution - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-scaling + - name: Choose the right IoT Hub tier and size for your solution + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-scaling" - description: Use Availability Zones aprlGuid: 214cbc46-747e-4354-af6e-6bf0054196a5 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | In regions supporting Availability Zones for IoT Hub, using these zones boosts availability. They're automatically activated for new IoT Hubs in supported areas. - potentialBenefits: Boosts IoT Hub availability + potentialBenefits Boosts IoT Hub availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure IoT Hub high availability and disaster recovery - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#availability-zones + - name: Azure IoT Hub high availability and disaster recovery + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr#availability-zones" - description: Use Device Provisioning Service aprlGuid: b1e1378d-4572-4414-bebd-b8872a6d4d1c @@ -66,19 +66,19 @@ recommendationMetadataState: Active longDescription: | Device Provisioning Service (DPS) enables easy redistribution of IoT devices for scaling and availability, allowing devices to be reassigned and not bound to specific IoT Hub instances. Devices in IoT Hubs using DPS should be verified for DPS utilization. - potentialBenefits: Enhances scalability & availability + potentialBenefits Enhances scalability & availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: IoT Hub Device Provisioning Service (DPS) terminology - url: https://learn.microsoft.com/en-us/azure/iot-dps/concepts-service - - name: Best practices for large-scale IoT device deployments - url: https://learn.microsoft.com/en-us/azure/iot-dps/concepts-deploy-at-scale - - name: IoT Hub Device Provisioning Service high availability and disaster recovery - url: https://learn.microsoft.com/en-us/azure/iot-dps/iot-dps-ha-dr + - name: IoT Hub Device Provisioning Service (DPS) terminology + url: "https://learn.microsoft.com/en-us/azure/iot-dps/concepts-service" + - name: Best practices for large-scale IoT device deployments + url: "https://learn.microsoft.com/en-us/azure/iot-dps/concepts-deploy-at-scale" + - name: IoT Hub Device Provisioning Service high availability and disaster recovery + url: "https://learn.microsoft.com/en-us/azure/iot-dps/iot-dps-ha-dr" - description: Define Failover Guidelines aprlGuid: 02568a5d-335e-4e51-9f7c-fe2ada977300 @@ -89,15 +89,15 @@ recommendationMetadataState: Active longDescription: | In case of a regional failure, an IoT Hub can failover to a second region, automatically or manually, to ensure your application continues working. - potentialBenefits: Ensures business continuity + potentialBenefits Ensures business continuity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: IoT Hub high availability and disaster recovery - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr + - name: IoT Hub high availability and disaster recovery + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-ha-dr" - description: Disabled Fallback Route aprlGuid: e7dbd21f-b27a-4b8c-a901-cedb1e6d8e1e @@ -108,13 +108,13 @@ recommendationMetadataState: Active longDescription: | Using message routing for custom endpoints in IoT Hub, messages might not reach these destinations if specific conditions are unmet. A default route ensures all messages are received, but disabling this safety net risks leaving some messages undelivered. - potentialBenefits: Prevents undelivered messages + potentialBenefits Prevents undelivered messages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use message routing - Fallback route - url: https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c#fallback-route + - name: Use message routing - Fallback route + url: "https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-messages-d2c#fallback-route" diff --git a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml index 65f5c5f52..e62e54f14 100644 --- a/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml +++ b/azure-resources/DocumentDB/databaseAccounts/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Azure leverages a multi-tier isolation approach (rack, DC, zone, region) for Cosmos DB's default resilience with four replicas. - potentialBenefits: Enhances SLA & resilience + potentialBenefits Enhances SLA & resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally - - name: Tips for building highly available applications | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/high-availability#tips-for-building-highly-available-applications + - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally" + - name: Tips for building highly available applications | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/high-availability#tips-for-building-highly-available-applications" - description: Enable service-managed failover for multi-region accounts with single write region aprlGuid: 9cabded7-a1fc-6e4a-944b-d7dd98ea31a2 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Cosmos DB boasts high uptime and resiliency. Even so, issues may arise. With Service-Managed failover, if a region is down, Cosmos DB automatically switches to the next available region, requiring no user action. - potentialBenefits: Auto failover for high uptime + potentialBenefits Auto failover for high uptime pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Manage an Azure Cosmos DB account by using the Azure portal | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-database-account#automatic-failover + - name: Manage an Azure Cosmos DB account by using the Azure portal | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-manage-database-account#automatic-failover" - description: Evaluate multi-region write capability aprlGuid: 9ce78192-74a0-104c-b5bb-9a443f941649 @@ -47,17 +47,17 @@ recommendationMetadataState: Active longDescription: | Multi-region write capability allows for designing applications that are highly available across multiple regions, though it demands careful attention to consistency requirements and conflict resolution. Improper setup may decrease availability and cause data corruption due to unhandled conflicts. - potentialBenefits: Enhances high availability + potentialBenefits Enhances high availability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally - - name: Conflict resolution types and resolution policies in Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/conflict-resolution-policies + - name: Distribute data globally with Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally" + - name: Conflict resolution types and resolution policies in Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/conflict-resolution-policies" - description: Choose appropriate consistency mode reflecting data durability requirements aprlGuid: 23ebe97d-c546-204b-8b0d-00e61a5524f7 @@ -68,15 +68,15 @@ recommendationMetadataState: Active longDescription: | In a globally distributed database, consistency level impacts data durability in region-wide outages. For business continuity, gauge data loss tolerance post-disruption. - potentialBenefits: Enhances data durability & recovery + potentialBenefits Enhances data durability & recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Consistency level choices - Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels + - name: Consistency level choices - Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/consistency-levels" - description: Configure continuous backup mode aprlGuid: e544520b-8505-7841-9e77-1f1974ee86ec @@ -87,15 +87,15 @@ recommendationMetadataState: Active longDescription: | Cosmos DB's backup is always on, offering protection against data mishaps. Continuous mode allows for self-serve restoration to a pre-mishap point, unlike periodic mode which requires contacting Microsoft support, leading to longer restore times. - potentialBenefits: Faster self-serve data restore + potentialBenefits Faster self-serve data restore pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Continuous backup with point in time restore feature in Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/continuous-backup-restore-introduction + - name: Continuous backup with point in time restore feature in Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/continuous-backup-restore-introduction" - description: Ensure query results are fully drained aprlGuid: c006604a-0d29-684c-99f0-9729cb40dac5 @@ -106,15 +106,15 @@ recommendationMetadataState: Active longDescription: | Cosmos DB has a 4 MB response limit, leading to paginated results for large or partition-spanning queries. Each page shows availability and provides a continuation token for the next. A while loop in code is necessary to traverse all pages until completion. - potentialBenefits: Maximizes data retrieval efficiency + potentialBenefits Maximizes data retrieval efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Pagination in Azure Cosmos DB | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/query/pagination#handling-multiple-pages-of-results + - name: Pagination in Azure Cosmos DB | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/query/pagination#handling-multiple-pages-of-results" - description: Maintain singleton pattern in your client aprlGuid: 7eb32cf9-9a42-1540-acf8-597cbba8a418 @@ -125,15 +125,15 @@ recommendationMetadataState: Active longDescription: | Establishing and maintaining database connections is costly. Using a single instance of the SDK client for each account and application is crucial as connections are tied to the client. Compute environments have a limit on open connections, affecting connectivity when exceeded. - potentialBenefits: Reduces costs & prevents connectivity issues + potentialBenefits Reduces costs & prevents connectivity issues pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications + - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications" - description: Implement retry logic in your client aprlGuid: fa6ac22f-0584-bb4b-80e4-80f4755d1a97 @@ -144,15 +144,15 @@ recommendationMetadataState: Active longDescription: | Cosmos DB SDKs automatically manage many transient errors through retries. Despite this, it's crucial for applications to implement additional retry policies targeting specific cases that the SDKs can't generically address, ensuring more robust error handling. - potentialBenefits: Enhances error handling resilience + potentialBenefits Enhances error handling resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications + - name: Designing resilient applications with Azure Cosmos DB SDKs | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/nosql/conceptual-resilient-sdk-applications" - description: Monitor Cosmos DB health and set up alerts aprlGuid: deaea200-013c-414b-ac9f-bfa7a7fb13f0 @@ -163,13 +163,13 @@ recommendationMetadataState: Active longDescription: | Monitoring the availability and responsiveness of Azure Cosmos DB resources and having alerts set up for your workload is a good practice. This ensures you stay proactive in handling unforeseen events. - potentialBenefits: Proactive issue management + potentialBenefits Proactive issue management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Create alerts for Azure Cosmos DB using Azure Monitor | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/cosmos-db/create-alerts + - name: Create alerts for Azure Cosmos DB using Azure Monitor | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/cosmos-db/create-alerts" diff --git a/azure-resources/EventGrid/topics/recommendations.yaml b/azure-resources/EventGrid/topics/recommendations.yaml index 37e29812a..598dbbb1b 100644 --- a/azure-resources/EventGrid/topics/recommendations.yaml +++ b/azure-resources/EventGrid/topics/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Enabling diagnostic settings on Azure Event Grid resources like custom topics, system topics, and domains lets you capture and view diagnostic information to troubleshoot failures effectively. - potentialBenefits: Enhanced troubleshooting for Event Grid + potentialBenefits Enhanced troubleshooting for Event Grid pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Event Grid - Enable diagnostic logs for Event Grid resources - url: https://learn.microsoft.com/en-us/azure/event-grid/enable-diagnostic-logs-topic + - name: Azure Event Grid - Enable diagnostic logs for Event Grid resources + url: "https://learn.microsoft.com/en-us/azure/event-grid/enable-diagnostic-logs-topic" - description: Configure Dead-letter to save events that cannot be delivered aprlGuid: 92162eb5-4323-3145-8a6c-525ce2f0700e @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Event Grid may not deliver an event within a specific time or after several attempts, leading to dead-lettering where undelivered events are sent to a storage account. - potentialBenefits: Saves undelivered events + potentialBenefits Saves undelivered events pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Event Grid delivery and retry - url: https://learn.microsoft.com/en-us/azure/event-grid/delivery-and-retry#dead-letter-events + - name: Azure Event Grid delivery and retry + url: "https://learn.microsoft.com/en-us/azure/event-grid/delivery-and-retry#dead-letter-events" - description: Configure Private Endpoints aprlGuid: b2069f64-4741-3d4a-a71d-50c8b03f5ab7 @@ -45,13 +45,13 @@ recommendationMetadataState: Active longDescription: | Use private endpoints for secure event ingress to custom topics/domains via a private link, avoiding the public internet. It employs an IP from the VNet space for your topic/domain. - potentialBenefits: Secure, private VNet ingress + potentialBenefits Secure, private VNet ingress pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Configure private endpoints for Azure Event Grid topics or domains - url: https://learn.microsoft.com/en-us/azure/event-grid/configure-private-endpoints + - name: Configure private endpoints for Azure Event Grid topics or domains + url: "https://learn.microsoft.com/en-us/azure/event-grid/configure-private-endpoints" diff --git a/azure-resources/EventHub/namespaces/recommendations.yaml b/azure-resources/EventHub/namespaces/recommendations.yaml index d267897d6..f6893d1a4 100644 --- a/azure-resources/EventHub/namespaces/recommendations.yaml +++ b/azure-resources/EventHub/namespaces/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Event Hubs leverages Availability Zones to offer fault-isolated locations within an Azure region, ensuring support in regions with availability zones. It ensures both metadata and events are replicated across data centers within the availability zone. - potentialBenefits: Enhanced fault tolerance for Event Hub + potentialBenefits Enhanced fault tolerance for Event Hub pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Event Hubs - Geo-disaster recovery - url: https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal#availability-zones + - name: Azure Event Hubs - Geo-disaster recovery + url: "https://learn.microsoft.com/azure/event-hubs/event-hubs-geo-dr?tabs=portal#availability-zones" - description: Enable auto-inflate on Event Hub Standard tier aprlGuid: fbfef3df-04a5-41b2-a8fd-b8541eb04956 @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Enable auto-inflate on Event Hub Standard tier namespaces to automatically scale up TUs, meeting usage needs and preventing data ingress or egress throttle scenarios by adjusting to allowed rates. - potentialBenefits: Prevents throttling by autoscaling TUs + potentialBenefits Prevents throttling by autoscaling TUs pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Event Hubs - Automatically scale throughput units - url: https://learn.microsoft.com/azure/event-hubs/event-hubs-auto-inflate + - name: Azure Event Hubs - Automatically scale throughput units + url: "https://learn.microsoft.com/azure/event-hubs/event-hubs-auto-inflate" diff --git a/azure-resources/Insights/activityLogAlerts/recommendations.yaml b/azure-resources/Insights/activityLogAlerts/recommendations.yaml index 15af382e2..a4eec536a 100644 --- a/azure-resources/Insights/activityLogAlerts/recommendations.yaml +++ b/azure-resources/Insights/activityLogAlerts/recommendations.yaml @@ -7,19 +7,19 @@ recommendationMetadataState: Active longDescription: | Configure Resource Health Alerts for all applicable resources to stay informed about the current and historical health status of your Azure resources. They notify you when these resources have a change in their health status. - potentialBenefits: Stay informed on resource status + potentialBenefits Stay informed on resource status pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resource Health - url: https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview - - name: Configure Resource Health alerts in the Azure portal - url: https://learn.microsoft.com/en-us/azure/service-health/resource-health-alert-monitor-guide#create-a-resource-health-alert-rule-in-the-azure-portal - - name: Alerts Health - url: https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal + - name: Resource Health + url: "https://learn.microsoft.com/en-us/azure/service-health/resource-health-overview" + - name: Configure Resource Health alerts in the Azure portal + url: "https://learn.microsoft.com/en-us/azure/service-health/resource-health-alert-monitor-guide#create-a-resource-health-alert-rule-in-the-azure-portal" + - name: Alerts Health + url: "https://learn.microsoft.com/en-us/azure/service-health/alerts-activity-log-service-notifications-portal" - description: Configure Service Health Alerts aprlGuid: 9729c89d-8118-41b4-a39b-e12468fa872b @@ -30,15 +30,15 @@ recommendationMetadataState: Active longDescription: | Service health gives a personalized health view of Azure services and regions used, offering the best place for notifications on outages, planned maintenance, and health advisories by knowing the services used. - potentialBenefits: Proactive outage & maintenance alerts + potentialBenefits Proactive outage & maintenance alerts pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: What is Azure Service Health? - url: https://learn.microsoft.com/azure/service-health/overview - - name: Configure alerts for service health events - url: https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal + - name: What is Azure Service Health? + url: "https://learn.microsoft.com/azure/service-health/overview" + - name: Configure alerts for service health events + url: "https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal" diff --git a/azure-resources/Insights/components/recommendations.yaml b/azure-resources/Insights/components/recommendations.yaml index 9a265a410..c445cdee6 100644 --- a/azure-resources/Insights/components/recommendations.yaml +++ b/azure-resources/Insights/components/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | Classic Application Insights retires in February 2024. To minimize disruption to existing application monitoring scenarios, transition to workspace-based Application Insights before 29 February 2024. - potentialBenefits: Avoid service disruption post-Feb 2024 + potentialBenefits Avoid service disruption post-Feb 2024 pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Migrate an Application Insights classic resource to a workspace-based resource - url: https://learn.microsoft.com/en-us/azure/azure-monitor/app/convert-classic-resource + - name: Migrate an Application Insights classic resource to a workspace-based resource + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/app/convert-classic-resource" diff --git a/azure-resources/KeyVault/vaults/recommendations.yaml b/azure-resources/KeyVault/vaults/recommendations.yaml index a07e96751..e5faec51f 100644 --- a/azure-resources/KeyVault/vaults/recommendations.yaml +++ b/azure-resources/KeyVault/vaults/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Key Vault's soft-delete feature enables recovery of deleted vaults and objects like keys, secrets, and certificates. When enabled, marked resources are retained for 90 days, allowing for their recovery, essentially undoing deletion. - potentialBenefits: Enables recovery of deleted items + potentialBenefits Enables recovery of deleted items pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Key Vault soft-delete overview - url: https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview + - name: Azure Key Vault soft-delete overview + url: "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview" - description: Key vaults should have purge protection enabled aprlGuid: 70fcfe6d-00e9-5544-a63a-fff42b9f2edb @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Purge protection secures against malicious deletions by enforcing a retention period for soft deleted key vaults, ensuring no one, not even insiders or Microsoft, can purge your key vaults during this period, preventing permanent data loss. - potentialBenefits: Protects from insider attacks, avoids data loss + potentialBenefits Protects from insider attacks, avoids data loss pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Key Vault purge-protection overview - url: https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection + - name: Azure Key Vault purge-protection overview + url: "https://learn.microsoft.com/azure/key-vault/general/soft-delete-overview#purge-protection" - description: Enable Azure Private Link Service for Key vault aprlGuid: 00c3d2b0-ea6e-4c4b-89be-b78a35caeb51 @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Azure Private Link Service lets you securely and privately connect to Azure Key Vault via a Private Endpoint in your VNet, using a private IP and eliminating public Internet exposure. - potentialBenefits: Secure Key Vault with Private Link + potentialBenefits Secure Key Vault with Private Link pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Key Vault Private Link Service overview - url: https://learn.microsoft.com/azure/key-vault/general/security-features#network-security + - name: Azure Key Vault Private Link Service overview + url: "https://learn.microsoft.com/azure/key-vault/general/security-features#network-security" - description: Use separate key vaults per application per environment aprlGuid: e7091145-3642-bd41-bb58-66502e64d2cd @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Key vaults are security boundaries for secret storage. Grouping secrets together increases risk during a security event, as attacks could access multiple secrets. - potentialBenefits: Enhanced security, Reduced risk + potentialBenefits Enhanced security, Reduced risk pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Key Vault best practices overview - url: https://learn.microsoft.com/azure/key-vault/general/best-practices#why-we-recommend-separate-key-vaults + - name: Azure Key Vault best practices overview + url: "https://learn.microsoft.com/azure/key-vault/general/best-practices#why-we-recommend-separate-key-vaults" - description: Diagnostic logs in Key Vault should be enabled aprlGuid: 1dc0821d-4f14-7644-bab4-ba208ff5f7fa @@ -83,13 +83,13 @@ recommendationMetadataState: Active longDescription: | Enable logs, set up alerts, and adhere to retention requirements for improved monitoring and security of Key Vault access, detailing the frequency and identity of users. - potentialBenefits: Enhanced monitoring & security compliance + potentialBenefits Enhanced monitoring & security compliance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Key Vault logging overview - url: https://learn.microsoft.com/azure/key-vault/general/logging?tabs=Vault + - name: Azure Key Vault logging overview + url: "https://learn.microsoft.com/azure/key-vault/general/logging?tabs=Vault" diff --git a/azure-resources/NetApp/netAppAccounts/recommendations.yaml b/azure-resources/NetApp/netAppAccounts/recommendations.yaml index 6e9310d92..05c8b2659 100644 --- a/azure-resources/NetApp/netAppAccounts/recommendations.yaml +++ b/azure-resources/NetApp/netAppAccounts/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Service levels, part of capacity pool attributes, determine the maximum throughput per volume quota in Azure NetApp Files. It combines read and write speed, offering three levels: Standard (16 MiB/s per 1TiB), Premium (64 MiB/s per 1TiB), and Ultra (128 MiB/s per 1TiB) throughput. - potentialBenefits: Optimized performance & cost efficiency + potentialBenefits Optimized performance & cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Service levels for Azure NetApp Files | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels + - name: Service levels for Azure NetApp Files | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-service-levels" - description: Use standard network features for production in Azure NetApp Files aprlGuid: ab984130-c57b-6c4a-8d04-6723b4e1bdb6 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Standard network feature in Azure NetApp Files enhances IP limits and VNet capabilities, including network security groups, user-defined routes on subnets, and diverse connectivity options. - potentialBenefits: Enhanced connectivity & security + potentialBenefits Enhanced connectivity & security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Guidelines for Azure NetApp Files network planning | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-network-topologies + - name: Guidelines for Azure NetApp Files network planning | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-network-topologies" - description: Use availability zones for high availability in Azure NetApp Files aprlGuid: 47d100a5-7f85-5742-967a-67eb5081240a @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Azure availability zones are distinct locations within each Azure region designed to withstand local failures through redundancy and logical isolation, improving service resiliency with at least three zones in enabled regions. - potentialBenefits: Enhances disaster recovery + potentialBenefits Enhances disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use availability zones for high availability in Azure NetApp Files | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/use-availability-zones + - name: Use availability zones for high availability in Azure NetApp Files | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/use-availability-zones" - description: Use snapshots for data protection in Azure NetApp Files aprlGuid: 72827434-c773-4345-9493-34848ddf5803 @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files snapshot technology ensures stability, scalability, and swift data recoverability without affecting performance. It supports automatic snapshot creation via policies for Azure NetApp Files data. - potentialBenefits: Stable, scalable, swift recovery, no perf impact + potentialBenefits Stable, scalable, swift recovery, no perf impact pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: How Azure NetApp Files snapshots work | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/snapshots-introduction + - name: How Azure NetApp Files snapshots work | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/snapshots-introduction" - description: Enable backup for data protection in Azure NetApp Files aprlGuid: b2fb3e60-97ec-e34d-af29-b16a0d61c2ac @@ -83,15 +83,15 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files offers a fully managed backup solution enhancing long-term recovery, archiving, and compliance. - potentialBenefits: Enhances data recovery & compliance + potentialBenefits Enhances data recovery & compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Understand Azure NetApp Files backup | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/backup-introduction + - name: Understand Azure NetApp Files backup | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/backup-introduction" - description: Enable Cross-region replication of Azure NetApp Files volumes aprlGuid: e30317d2-c502-4dfe-a2d3-0a737cc79545 @@ -102,15 +102,15 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files replication offers data protection by allowing asynchronous cross-region volume replication for application failover in case of regional outages. Volumes can be replicated across regions, not concurrently with cross-zone replication. - potentialBenefits: Enhanced data protection & disaster recovery + potentialBenefits Enhanced data protection & disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Cross-region replication of Azure NetApp Files volumes - url: https://learn.microsoft.com/en-us/azure/azure-netapp-files/cross-region-replication-introduction + - name: Cross-region replication of Azure NetApp Files volumes + url: "https://learn.microsoft.com/en-us/azure/azure-netapp-files/cross-region-replication-introduction" - description: Enable Cross-zone replication of Azure NetApp Files volumes aprlGuid: e3d742e1-dacd-9b48-b6b1-510ec9f87c96 @@ -121,15 +121,15 @@ recommendationMetadataState: Active longDescription: | The cross-zone replication (CZR) feature enables asynchronous data replication between Azure NetApp Files volumes across different availability zones, ensuring data protection and critical application failover in case of zone-wide disasters. - potentialBenefits: Enhances disaster recovery + potentialBenefits Enhances disaster recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Cross-zone replication of Azure NetApp Files volumes | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/cross-zone-replication-introduction + - name: Cross-zone replication of Azure NetApp Files volumes | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/cross-zone-replication-introduction" - description: Monitor Azure NetApp Files metrics to better understand usage pattern and performance aprlGuid: 2f579fc9-e599-0d44-8b97-254f50ae04d8 @@ -140,15 +140,15 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files offers metrics like allocated storage, actual usage, volume IOPS, and latency, enabling a better understanding of usage patterns and volume performance for NetApp accounts. - potentialBenefits: Optimize usage & performance + potentialBenefits Optimize usage & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Ways to monitor Azure NetApp Files | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/monitor-azure-netapp-files + - name: Ways to monitor Azure NetApp Files | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/monitor-azure-netapp-files" - description: Enforce standards and assess compliance in Azure NetApp Files with Azure policy aprlGuid: 687ae58f-517f-ca43-90fe-922497e61283 @@ -159,17 +159,17 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files supports Azure policy integration using either built-in policy definitions or by creating custom ones to maintain organizational standards and compliance. - potentialBenefits: Enforce standards & assess compliance + potentialBenefits Enforce standards & assess compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Policy definitions for Azure NetApp Files | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/azure-policy-definitions - - name: Creating custom policy definitions | Microsoft Learn - url: https://learn.microsoft.com/azure/governance/policy/tutorials/create-custom-policy-definition + - name: Azure Policy definitions for Azure NetApp Files | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-policy-definitions" + - name: Creating custom policy definitions | Microsoft Learn + url: "https://learn.microsoft.com/azure/governance/policy/tutorials/create-custom-policy-definition" - description: Restrict default access to Azure NetApp Files volumes aprlGuid: cfa2244b-5436-47de-8287-b217875d3b0a @@ -180,23 +180,23 @@ recommendationMetadataState: Active longDescription: | Access to the delegated subnet should be limited to specific Azure Virtual Networks. SMB-enabled volumes' share permissions should move away from 'Everyone/Full control'. NFS-enabled volumes' access needs to be controlled via export policies and/or NFSv4.1 ACLs. - potentialBenefits: Enhanced security, Reduced data breach risk + potentialBenefits Enhanced security, Reduced data breach risk pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure network features for an Azure NetApp Files volume - url: https://learn.microsoft.com/azure/azure-netapp-files/configure-network-features - - name: Manage SMB share ACLs in Azure NetApp Files - url: https://learn.microsoft.com/azure/azure-netapp-files/manage-smb-share-access-control-lists - - name: Configure export policy for NFS or dual-protocol volumes - url: https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-configure-export-policy - - name: Configure access control lists on NFSv4.1 volumes for Azure NetApp Files - url: https://learn.microsoft.com/azure/azure-netapp-files/configure-access-control-lists - - name: Configure Unix permissions and change ownership mode for NFS and dual-protocol volumes - url: https://learn.microsoft.com/azure/azure-netapp-files/configure-unix-permissions-change-ownership-mode + - name: Configure network features for an Azure NetApp Files volume + url: "https://learn.microsoft.com/azure/azure-netapp-files/configure-network-features" + - name: Manage SMB share ACLs in Azure NetApp Files + url: "https://learn.microsoft.com/azure/azure-netapp-files/manage-smb-share-access-control-lists" + - name: Configure export policy for NFS or dual-protocol volumes + url: "https://learn.microsoft.com/azure/azure-netapp-files/azure-netapp-files-configure-export-policy" + - name: Configure access control lists on NFSv4.1 volumes for Azure NetApp Files + url: "https://learn.microsoft.com/azure/azure-netapp-files/configure-access-control-lists" + - name: Configure Unix permissions and change ownership mode for NFS and dual-protocol volumes + url: "https://learn.microsoft.com/azure/azure-netapp-files/configure-unix-permissions-change-ownership-mode" - description: Make use of SMB continuous availability for supported applications aprlGuid: d1e7ccc3-e6c1-40e9-a36e-fd134711c808 @@ -207,15 +207,15 @@ recommendationMetadataState: Active longDescription: | Certain SMB applications need SMB Transparent Failover for maintenance without interrupting server connectivity. Azure NetApp Files provides this through SMB Continuous Availability for applications like Citrix App Layering, FSLogix user/profile containers, Microsoft SQL Server, MSIX app attach. - potentialBenefits: Zero downtime for SMB apps + potentialBenefits Zero downtime for SMB apps pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Do I need to take special precautions for SMB-based applications? | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#do-i-need-to-take-special-precautions-for-smb-based-applications + - name: Do I need to take special precautions for SMB-based applications? | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#do-i-need-to-take-special-precautions-for-smb-based-applications" - description: Ensure application resilience for service maintenance events aprlGuid: 60f36f9b-fac9-4160-bbf5-57af04da4f53 @@ -226,13 +226,13 @@ recommendationMetadataState: Active longDescription: | Azure NetApp Files might undergo occasional planned maintenance such as platform updates or service and software upgrades. It's important to be aware of the application's resiliency settings to cope with these storage service maintenance events. - potentialBenefits: Minimizes downtime during maintenance + potentialBenefits Minimizes downtime during maintenance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: What do you recommend for handling potential application disruptions due to storage service maintenance events? | Microsoft Learn - url: https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#what-do-you-recommend-for-handling-potential-application-disruptions-due-to-storage-service-maintenance-events + - name: What do you recommend for handling potential application disruptions due to storage service maintenance events? | Microsoft Learn + url: "https://learn.microsoft.com/azure/azure-netapp-files/faq-application-resilience#what-do-you-recommend-for-handling-potential-application-disruptions-due-to-storage-service-maintenance-events" diff --git a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml index fe72ac382..21dbab81e 100644 --- a/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml +++ b/azure-resources/Network/FrontDoorWebApplicationFirewallPolicies/recommendations.yaml @@ -7,21 +7,21 @@ recommendationMetadataState: Active longDescription: | WAF may mistakenly block legitimate requests (false positives). These can be identified by examining the last 24 hours of blocked requests in Log Analytics. - potentialBenefits: Reduces false positives, improves access + potentialBenefits Reduces false positives, improves access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Web Application Firewall monitoring and logging - Access Log - url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#access-logs - - name: Understanding WAF logs - url: https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-tuning?pivots=front-door-standard-premium#understanding-waf-logs - - name: Web Application Firewall exclusion lists - url: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal - - name: Fixing a false positive - url: https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-troubleshoot#fixing-false-positives + - name: Azure Web Application Firewall monitoring and logging - Access Log + url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-monitor?pivots=front-door-standard-premium#access-logs" + - name: Understanding WAF logs + url: "https://learn.microsoft.com/azure/web-application-firewall/afds/waf-front-door-tuning?pivots=front-door-standard-premium#understanding-waf-logs" + - name: Web Application Firewall exclusion lists + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-configuration?tabs=portal" + - name: Fixing a false positive + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-troubleshoot#fixing-false-positives" - description: Check Azure Application Gateway WAF logs for mistakenly blocked valid requests aprlGuid: 537b4d94-edd1-4041-b13d-8217dfa485f0 @@ -32,17 +32,17 @@ recommendationMetadataState: Active longDescription: | WAF may block legitimate requests as false positives. Identifying blocked requests within the last 24 hours through Log Analytics can help manage and mitigate these incorrect blockages efficiently. - potentialBenefits: Improve false positive identification + potentialBenefits Improve false positive identification pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Web Application Firewall Monitoring and Logging - url: https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-metrics#logs-and-diagnostics - - name: Diagnostic logs - url: https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-logs#diagnostic-logs + - name: Azure Web Application Firewall Monitoring and Logging + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/application-gateway-waf-metrics#logs-and-diagnostics" + - name: Diagnostic logs + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/web-application-firewall-logs#diagnostic-logs" - description: Monitor Web Application Firewall aprlGuid: 5357ae22-0f52-1a49-9fd4-1f00ace6add0 @@ -53,15 +53,15 @@ recommendationMetadataState: Active longDescription: | Monitoring the health of your Web Application Firewall and the applications it protects is crucial. This can be achieved through integration with Microsoft Defender for Cloud, Azure Monitor, and Azure Monitor logs, ensuring optimal performance and security. - potentialBenefits: Enhanced security & health insight + potentialBenefits Enhanced security & health insight pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: WAF monitoring - url: https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview#waf-monitoring - - name: Azure Monitor Workbook for WAF - url: https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20WAF/Workbook%20-%20WAF%20Monitor%20Workbook + - name: WAF monitoring + url: "https://learn.microsoft.com/azure/web-application-firewall/ag/ag-overview#waf-monitoring" + - name: Azure Monitor Workbook for WAF + url: "https://github.com/Azure/Azure-Network-Security/tree/master/Azure%20WAF/Workbook%20-%20WAF%20Monitor%20Workbook" diff --git a/azure-resources/Network/applicationGateways/recommendations.yaml b/azure-resources/Network/applicationGateways/recommendations.yaml index 3fc444436..7a471976d 100644 --- a/azure-resources/Network/applicationGateways/recommendations.yaml +++ b/azure-resources/Network/applicationGateways/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Azure Application Gateways v2 are deployed highly available with multiple instances by default. - potentialBenefits: Enhances uptime & enables autoscaling + potentialBenefits Enhances uptime & enables autoscaling pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Autoscaling Zone-Redundant - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant#autoscaling-and-high-availability + - name: Application Gateway Autoscaling Zone-Redundant + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-autoscaling-zone-redundant#autoscaling-and-high-availability" - description: Secure all incoming connections with SSL aprlGuid: 233a7008-71e9-e745-923e-1a1c7a0b92f3 @@ -26,23 +26,23 @@ recommendationMetadataState: Active longDescription: | Secure all incoming connections using HTTPS for production services with end-to-end SSL/TLS or SSL/TLS termination at the Application Gateway to protect against attacks and ensure data remains private and encrypted between the web server and browsers. - potentialBenefits: Enhanced security & privacy + potentialBenefits Enhanced security & privacy pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Security - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#security - - name: Application Gateway SSL Overview - url: https://learn.microsoft.com/azure/application-gateway/ssl-overview - - name: Application Gateway SSL Policy Overview - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview - - name: Application Gateway KeyVault Certs - url: https://learn.microsoft.com/azure/application-gateway/key-vault-certs - - name: Application Gateway SSL Cert Management - url: https://learn.microsoft.com/azure/application-gateway/ssl-certificate-management + - name: Application Gateway Security + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#security" + - name: Application Gateway SSL Overview + url: "https://learn.microsoft.com/azure/application-gateway/ssl-overview" + - name: Application Gateway SSL Policy Overview + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-ssl-policy-overview" + - name: Application Gateway KeyVault Certs + url: "https://learn.microsoft.com/azure/application-gateway/key-vault-certs" + - name: Application Gateway SSL Cert Management + url: "https://learn.microsoft.com/azure/application-gateway/ssl-certificate-management" - description: Enable Web Application Firewall policies aprlGuid: 8d9223c4-730d-ca47-af88-a9a024c37270 @@ -53,17 +53,17 @@ recommendationMetadataState: Active longDescription: | Use Application Gateway with Web Application Firewall (WAF) in an application virtual network to safeguard inbound HTTP/S internet traffic. WAF offers centralized defense against potential exploits through OWASP core rule sets-based rules. - potentialBenefits: Enhanced security for HTTP/S traffic + potentialBenefits Enhanced security for HTTP/S traffic pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Well-Architected Framework Application Gateway Overview - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway - - name: Application Gateway - Web Application Firewall - url: https://learn.microsoft.com/azure/application-gateway/features#web-application-firewall + - name: Well-Architected Framework Application Gateway Overview + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway" + - name: Application Gateway - Web Application Firewall + url: "https://learn.microsoft.com/azure/application-gateway/features#web-application-firewall" - description: Use Application GW V2 instead of V1 aprlGuid: 7893f0b3-8622-1d47-beed-4b50a19f7895 @@ -74,19 +74,19 @@ recommendationMetadataState: Active longDescription: | Use Application Gateway v2 for built-in features like autoscaling, static VIPs, Azure KeyVault integration for better traffic management and performance, unless v1 is necessary. - potentialBenefits: Better performance, autoscaling, more features + potentialBenefits Better performance, autoscaling, more features pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Overview V2 - url: https://learn.microsoft.com/azure/application-gateway/overview-v2 - - name: Application Gateway Feature Comparison Between V1 and V2 - url: https://learn.microsoft.com/azure/application-gateway/overview-v2#feature-comparison-between-v1-sku-and-v2-sku - - name: Application Gateway V1 Retirement - url: https://azure.microsoft.com/updates/application-gateway-v1-will-be-retired-on-28-april-2026-transition-to-application-gateway-v2/ + - name: Application Gateway Overview V2 + url: "https://learn.microsoft.com/azure/application-gateway/overview-v2" + - name: Application Gateway Feature Comparison Between V1 and V2 + url: "https://learn.microsoft.com/azure/application-gateway/overview-v2#feature-comparison-between-v1-sku-and-v2-sku" + - name: Application Gateway V1 Retirement + url: "https://azure.microsoft.com/updates/application-gateway-v1-will-be-retired-on-28-april-2026-transition-to-application-gateway-v2/" - description: Monitor and Log the configurations and traffic aprlGuid: 5d035919-898d-a047-8d5d-454e199692e5 @@ -97,17 +97,17 @@ recommendationMetadataState: Active longDescription: | Enable logging in storage accounts, Log Analytics, and monitoring services for auditing and insights. If using NSGs, enable NSG flow logs to be stored, providing in-depth traffic analysis into Azure Cloud. - potentialBenefits: Enhanced traffic insight & audit + potentialBenefits Enhanced traffic insight & audit pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Application Gateway Metrics - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-metrics - - name: Application Gateway Diagnostics - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-diagnostics + - name: Application Gateway Metrics + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-metrics" + - name: Application Gateway Diagnostics + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-diagnostics" - description: Use Health Probes to detect backend availability aprlGuid: 847a8d88-21c4-bc48-a94e-562206edd767 @@ -118,17 +118,17 @@ recommendationMetadataState: Active longDescription: | Using custom health probes enhances understanding of backend availability and facilitates monitoring of backend services for any impact. - potentialBenefits: Ensures backend uptime monitoring. + potentialBenefits Ensures backend uptime monitoring. pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Probe Overview - url: https://learn.microsoft.com/azure/application-gateway/application-gateway-probe-overview - - name: Well-Architected Framework Application Gateway Overview - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway + - name: Application Gateway Probe Overview + url: "https://learn.microsoft.com/azure/application-gateway/application-gateway-probe-overview" + - name: Well-Architected Framework Application Gateway Overview + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway" - description: Deploy Application Gateway in a zone-redundant configuration aprlGuid: c9c00f2a-3888-714b-a72b-b4c9e8fcffb2 @@ -139,17 +139,17 @@ recommendationMetadataState: Active longDescription: | Deploying Application Gateway in a zone-aware configuration ensures continued customer access to services even if a specific zone goes down, as services in other zones remain available. - potentialBenefits: Enhanced uptime & customer access + potentialBenefits Enhanced uptime & customer access pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Well-Architected Framework Application Gateway Reliability - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#reliability - - name: Application Gateway V2 Overview - url: https://learn.microsoft.com/azure/application-gateway/overview-v2 + - name: Well-Architected Framework Application Gateway Reliability + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-application-gateway#reliability" + - name: Application Gateway V2 Overview + url: "https://learn.microsoft.com/azure/application-gateway/overview-v2" - description: Plan for backend maintenance by using connection draining aprlGuid: 10f02bc6-e2e7-004d-a2c2-f9bf9f16b915 @@ -160,17 +160,17 @@ recommendationMetadataState: Active longDescription: | Using connection draining for backend maintenance ensures graceful removal of backend pool members during updates or health issues. It's enabled via Backend Setting and applies to all members during rule creation. - potentialBenefits: Smooth updates, no dropped users + potentialBenefits Smooth updates, no dropped users pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Application Gateway Connection Draining - url: https://learn.microsoft.com/azure/application-gateway/features#connection-draining - - name: Application Gateway Connection Draining HTTP Settings - url: https://learn.microsoft.com/azure/application-gateway/configuration-http-settings#connection-draining + - name: Application Gateway Connection Draining + url: "https://learn.microsoft.com/azure/application-gateway/features#connection-draining" + - name: Application Gateway Connection Draining HTTP Settings + url: "https://learn.microsoft.com/azure/application-gateway/configuration-http-settings#connection-draining" - description: Ensure Application Gateway Subnet is using a /24 subnet mask aprlGuid: 8364fd0a-7c0e-e240-9d95-4bf965aec243 @@ -181,13 +181,13 @@ recommendationMetadataState: Active longDescription: | Application Gateway v2 (Standard_v2 or WAF_v2 SKU) can support up to 125 instances. A /24 subnet isn't mandatory for deployment but is advised to provide enough space for autoscaling and maintenance upgrades. - potentialBenefits: Allows autoscaling and maintenance + potentialBenefits Allows autoscaling and maintenance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Application Gateway infrastructure configuration | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#size-of-the-subnet + - name: Azure Application Gateway infrastructure configuration | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/application-gateway/configuration-infrastructure#size-of-the-subnet" diff --git a/azure-resources/Network/azureFirewalls/recommendations.yaml b/azure-resources/Network/azureFirewalls/recommendations.yaml index 57f900eab..d4f452818 100644 --- a/azure-resources/Network/azureFirewalls/recommendations.yaml +++ b/azure-resources/Network/azureFirewalls/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Azure Firewall offers different SLAs depending on its deployment; in a single availability zone or across multiple, potentially improving reliability and performance. - potentialBenefits: Enhanced SLA and reliability + potentialBenefits Enhanced SLA and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Well Architected Framework - Azure Firewall - url: https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-firewall - - name: Deploy Azure Firewall across multiple availability zones - url: https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell + - name: Azure Well Architected Framework - Azure Firewall + url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-firewall" + - name: Deploy Azure Firewall across multiple availability zones + url: "https://learn.microsoft.com/azure/firewall/deploy-availability-zone-powershell" - description: Monitor Azure Firewall metrics aprlGuid: 3c8fa7c6-6b78-a24a-a63f-348a7c71acb9 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | Monitor Azure Firewall for overall health, processed throughput, and outbound SNAT port usage. Get alerted before limits impact services. Consider NAT gateway integration with zonal deployments; note limitations with zone redundant firewalls and secure virtual hub networks. - potentialBenefits: Improve health & performance monitoring + potentialBenefits Improve health & performance monitoring pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Firewall metrics supported in Azure Monitor - url: https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkazurefirewalls - - name: Azure Firewall performance - url: https://learn.microsoft.com/azure/firewall/firewall-performance + - name: Azure Firewall metrics supported in Azure Monitor + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-supported#microsoftnetworkazurefirewalls" + - name: Azure Firewall performance + url: "https://learn.microsoft.com/azure/firewall/firewall-performance" - description: Configure DDoS Protection on the Azure Firewall VNet aprlGuid: 1b2dbf4a-8a0b-5e4b-8f4e-3f758188910d @@ -49,15 +49,15 @@ recommendationMetadataState: Active longDescription: | Associate a DDoS protection plan with the virtual network hosting Azure Firewall to provide enhanced mitigation against DDoS attacks. Azure Firewall Manager integrates the creation of firewall infrastructure and DDoS protection plans. - potentialBenefits: Enhanced DDoS attack defense + potentialBenefits Enhanced DDoS attack defense pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure DDoS Protection overview - url: https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview + - name: Azure DDoS Protection overview + url: "https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview" - description: Leverage Azure Policy inheritance model aprlGuid: 3a63560a-1ed3-6140-acd1-d1d23f9a2e12 @@ -68,15 +68,15 @@ recommendationMetadataState: Active longDescription: | Azure Firewall policy supports rule hierarchies for compliance enforcement, using a central base policy with higher priority over child policies, and employs Azure custom roles to safeguard base policy and manage access within subscriptions or groups. - potentialBenefits: Enhanced compliance and rule hierarchy + potentialBenefits Enhanced compliance and rule hierarchy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Firewall Policy hierarchy - url: https://learn.microsoft.com/azure/firewall-manager/rule-hierarchy + - name: Azure Firewall Policy hierarchy + url: "https://learn.microsoft.com/azure/firewall-manager/rule-hierarchy" - description: Configure 2-4 PIPs for SNAT Port utilization aprlGuid: d2e4a38e-2307-4299-a217-4c0cebc9a7f6 @@ -87,15 +87,15 @@ recommendationMetadataState: Active longDescription: | Configure a minimum of two to four public IP addresses per Azure Firewall to avoid SNAT exhaustion. Azure Firewall offers SNAT for all outbound traffic to public IPs, providing 2,496 SNAT ports for each additional PIP. - potentialBenefits: Avoids SNAT exhaustion. + potentialBenefits Avoids SNAT exhaustion. pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Well-Architected Framework review - Azure Firewall - url: https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-firewall#recommendations + - name: Azure Well-Architected Framework review - Azure Firewall + url: "https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-firewall#recommendations" - description: Monitor AZFW Latency Probes metric aprlGuid: 8faace2d-a36e-425c-aa58-2ad99e3e0b7a @@ -106,15 +106,15 @@ recommendationMetadataState: Active longDescription: | Creating a metric to monitor latency probes over 20ms for periods longer than 30mins helps identify when firewall instance CPUs are stressed, potentially indicating issues. - potentialBenefits: Improved CPU stress detection + potentialBenefits Improved CPU stress detection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Well-Architected Framework review - Azure Firewall - url: https://learn.microsoft.com/azure/well-architected/service-guides/azure-firewall#recommendations - - name: Azure Firewall metrics overview - url: https://learn.microsoft.com/azure/firewall/metrics + - name: Azure Well-Architected Framework review - Azure Firewall + url: "https://learn.microsoft.com/azure/well-architected/service-guides/azure-firewall#recommendations" + - name: Azure Firewall metrics overview + url: "https://learn.microsoft.com/azure/firewall/metrics" diff --git a/azure-resources/Network/connections/recommendations.yaml b/azure-resources/Network/connections/recommendations.yaml index 94b4522b5..bd3c2d8d0 100644 --- a/azure-resources/Network/connections/recommendations.yaml +++ b/azure-resources/Network/connections/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | ExpressRoute gateways facilitate network traffic and route exchanges. FastPath enhances on-premises to virtual network data path performance by directing traffic straight to virtual machines, bypassing the gateway for improved resiliency through reduced gateway utilization. - potentialBenefits: Enhances speed & resiliency + potentialBenefits Enhances speed & resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: About ExpressRoute FastPath - url: https://learn.microsoft.com/en-us/azure/expressroute/about-fastpath + - name: About ExpressRoute FastPath + url: "https://learn.microsoft.com/en-us/azure/expressroute/about-fastpath" - description: Configure an Azure Resource Lock on connections to prevent accidental deletion aprlGuid: a5f3a4bd-4cf1-4196-a3cb-f5a0876198b2 @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Configure an Azure Resource lock for Gateway Connection resources to prevent accidental deletion and maintain connectivity between on-premises networks and Azure workloads. - potentialBenefits: Prevents accidental deletion of connections + potentialBenefits Prevents accidental deletion of connections pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json + - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json" diff --git a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml index fb130d735..e16b82766 100644 --- a/azure-resources/Network/ddosProtectionPlans/recommendations.yaml +++ b/azure-resources/Network/ddosProtectionPlans/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | Azure DDoS Plan metrics differentiate packets and bytes by tags: null Dropped (packets scrubbed by DDoS), Forwarded (packets to VIP not filtered), and No tag (total packets, sum of dropped and forwarded). - potentialBenefits: Enhanced security & traffic insight + potentialBenefits Enhanced security & traffic insight pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitoring Azure DDoS Protection - url: https://learn.microsoft.com/en-us/azure/ddos-protection/monitor-ddos-protection-reference + - name: Monitoring Azure DDoS Protection + url: "https://learn.microsoft.com/en-us/azure/ddos-protection/monitor-ddos-protection-reference" diff --git a/azure-resources/Network/expressRouteCircuits/recommendations.yaml b/azure-resources/Network/expressRouteCircuits/recommendations.yaml index 1ba4fb6fb..3fc3f662f 100644 --- a/azure-resources/Network/expressRouteCircuits/recommendations.yaml +++ b/azure-resources/Network/expressRouteCircuits/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Connecting each ExpressRoute Gateway to a minimum of two circuits in different peering locations enhances redundancy and reliability by ensuring alternate pathways for data in case one circuit fails. - potentialBenefits: Enhanced reliability & redundancy + potentialBenefits Enhanced reliability & redundancy pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Designing for disaster recovery with ExpressRoute private peering - url: https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering + - name: Designing for disaster recovery with ExpressRoute private peering + url: "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering" - description: Ensure ExpressRoute's physical links connect to distinct network edge devices aprlGuid: 0e19cc41-8274-1342-b0db-0e4146eacef8 @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | Microsoft or the ExpressRoute provider always ensures physical redundancy in their services. It's essential to maintain this level of physical redundancy (two devices, two links) from the ExpressRoute peering location to your network for optimal performance and reliability. - potentialBenefits: Enhanced reliability & fault tolerance + potentialBenefits Enhanced reliability & fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Designing for high availability with ExpressRoute - url: https://learn.microsoft.com/en-us/azure/expressroute/designing-for-high-availability-with-expressroute - - name: Azure Well-Architected Framework review - Azure ExpressRoute - Design Checklist - url: https://learn.microsoft.com/azure/well-architected/services/networking/azure-expressroute#recommendations + - name: Designing for high availability with ExpressRoute + url: "https://learn.microsoft.com/en-us/azure/expressroute/designing-for-high-availability-with-expressroute" + - name: Azure Well-Architected Framework review - Azure ExpressRoute - Design Checklist + url: "https://learn.microsoft.com/azure/well-architected/services/networking/azure-expressroute#recommendations" - description: Ensure both connections of an ExpressRoute circuit are configured in active-active mode aprlGuid: f06a2bbe-5839-d447-9f39-fc3d20562d88 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Operating both connections of an ExpressRoute circuit in active-active mode enhances high availability as the Microsoft network will load balance the traffic across the connections on a per-flow basis. - potentialBenefits: Improved high availability and load balancing + potentialBenefits Improved high availability and load balancing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Designing for high availability with ExpressRoute - Active-active connections - url: https://learn.microsoft.com/azure/expressroute/designing-for-high-availability-with-expressroute#active-active-connections + - name: Designing for high availability with ExpressRoute - Active-active connections + url: "https://learn.microsoft.com/azure/expressroute/designing-for-high-availability-with-expressroute#active-active-connections" - description: Activate Bidirectional Forwarding Detection on edge devices for faster failover aprlGuid: 2a5bf650-586d-db4c-a292-d922be7d3e0e @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | Enabling BFD over ExpressRoute speeds up link failure detection between MSEE devices and routers configured for ExpressRoute (CE/PE), applicable over both customer and Partner Edge routing devices with managed Layer 3 service. - potentialBenefits: Faster link failure detection + potentialBenefits Faster link failure detection pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Configure BFD over ExpressRoute - url: https://learn.microsoft.com/azure/expressroute/expressroute-bfd + - name: Configure BFD over ExpressRoute + url: "https://learn.microsoft.com/azure/expressroute/expressroute-bfd" - description: Configure monitoring and alerting for ExpressRoute circuits aprlGuid: 9771a435-d031-814e-9827-9b5fdafc0f87 @@ -85,19 +85,19 @@ recommendationMetadataState: Active longDescription: | Use Network Insights for monitoring ExpressRoute circuit availability, QoS, and throughput. Set alerts based on Azure Monitor Baseline Alerts for availability, QoS metrics, and throughput metrics exceeding specific thresholds. - potentialBenefits: Enhanced network performance & health + potentialBenefits Enhanced network performance & health pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure ExpressRoute Insights using Network Insights | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights - - name: Monitoring Azure ExpressRoute - url: https://learn.microsoft.com/azure/expressroute/monitor-expressroute - - name: Configure Traffic Collector for ExpressRoute Direct - Azure ExpressRoute | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/expressroute/how-to-configure-traffic-collector#deploy-expressroute-traffic-collector + - name: Azure ExpressRoute Insights using Network Insights | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights" + - name: Monitoring Azure ExpressRoute + url: "https://learn.microsoft.com/azure/expressroute/monitor-expressroute" + - name: Configure Traffic Collector for ExpressRoute Direct - Azure ExpressRoute | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/expressroute/how-to-configure-traffic-collector#deploy-expressroute-traffic-collector" - description: Configure service health to receive ExpressRoute circuit maintenance notification aprlGuid: 26cb547f-aabc-dc40-be02-d0a9b6b04b1a @@ -108,15 +108,15 @@ recommendationMetadataState: Active longDescription: | ExpressRoute leverages service health for notifications on both planned and unplanned maintenance, ensuring users are informed about any changes to their ExpressRoute circuits. - potentialBenefits: Stay informed on circuit updates + potentialBenefits Stay informed on circuit updates pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: How to view and configure alerts for Azure ExpressRoute circuit maintenance - url: https://learn.microsoft.com/azure/expressroute/maintenance-alerts + - name: How to view and configure alerts for Azure ExpressRoute circuit maintenance + url: "https://learn.microsoft.com/azure/expressroute/maintenance-alerts" - description: Use a site-to-site VPN as an interim backup solution for a single ExpressRoute circuit aprlGuid: f902cf86-2b53-2942-abc2-781f4fb62be6 @@ -127,13 +127,13 @@ recommendationMetadataState: Active longDescription: | If you haven't added a second ExpressRoute circuit, use a site-to-site VPN as a temporary solution until the second circuit is available. This ensures network reliability and continuity of service. - potentialBenefits: Ensures continuity & reliability + potentialBenefits Ensures continuity & reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Using S2S VPN as a backup for ExpressRoute private peering - url: https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering + - name: Using S2S VPN as a backup for ExpressRoute private peering + url: "https://learn.microsoft.com/azure/expressroute/use-s2s-vpn-as-backup-for-expressroute-privatepeering" diff --git a/azure-resources/Network/expressRoutePorts/recommendations.yaml b/azure-resources/Network/expressRoutePorts/recommendations.yaml index 7cb7cc0cf..177ffae12 100644 --- a/azure-resources/Network/expressRoutePorts/recommendations.yaml +++ b/azure-resources/Network/expressRoutePorts/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | In Azure ExpressRoute Direct, the "Admin State" indicates the administrative status of layer 1 links, showing if a link is enabled or disabled, effectively turning the physical port on or off. - potentialBenefits: Ensures optimal connectivity. + potentialBenefits Ensures optimal connectivity. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: How to configure ExpressRoute Direct: Change Admin State of links - url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-erdirect#state + - name: How to configure ExpressRoute Direct: Change Admin State of links + url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-howto-erdirect#state" - description: Ensure you do not over-subscribe an ExpressRoute Direct aprlGuid: 0bee356b-7348-4799-8cab-0c71ffe13018 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Provisioning ExpressRoute circuits on a 10-Gbps or 100-Gbps ExpressRoute Direct resource up to 20-Gbps or 200-Gbps is possible but not recommended for resiliency. If an ExpressRoute Direct port fails, and circuits are using full capacity, the remaining port won't handle the extra load. - potentialBenefits: Improves resilience during port failures + potentialBenefits Improves resilience during port failures pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: About ExpressRoute Direct: Circuit Sizes - url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about?source=recommendations#circuit-sizes + - name: About ExpressRoute Direct: Circuit Sizes + url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-erdirect-about?source=recommendations#circuit-sizes" - description: Implement rate-limiting across ExpressRoute Direct Circuits to optimize network flow aprlGuid: d40c769d-2f08-4980-8d8f-a386946276e6 @@ -45,13 +45,13 @@ recommendationMetadataState: Active longDescription: | Rate limiting controls traffic volume between on-premises networks and Azure via ExpressRoute Direct, applying to private or Microsoft peering. It distributes port bandwidth, ensures stability, and prevents congestion, with steps outlined for enabling on circuits. - potentialBenefits: Optimizes network, prevents congestion + potentialBenefits Optimizes network, prevents congestion pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Rate limiting for ExpressRoute Direct circuits (Preview) - url: https://learn.microsoft.com/en-us/azure/expressroute/rate-limit + - name: Rate limiting for ExpressRoute Direct circuits (Preview) + url: "https://learn.microsoft.com/en-us/azure/expressroute/rate-limit" diff --git a/azure-resources/Network/loadBalancers/recommendations.yaml b/azure-resources/Network/loadBalancers/recommendations.yaml index 74758fbd8..2b6d6cad9 100644 --- a/azure-resources/Network/loadBalancers/recommendations.yaml +++ b/azure-resources/Network/loadBalancers/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Selecting Standard SKU Load Balancer enhances reliability through availability zones and zone resiliency, ensuring deployments withstand zone and region failures. Unlike Basic, it supports global load balancing and offers an SLA. - potentialBenefits: Enhanced reliability & SLA support + potentialBenefits Enhanced reliability & SLA support pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Reliability and Azure Load Balancer - url: https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-load-balancer/reliability - - name: Resiliency checklist for specific Azure services- Azure Load Balancer - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer + - name: Reliability and Azure Load Balancer + url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-load-balancer/reliability" + - name: Resiliency checklist for specific Azure services- Azure Load Balancer + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer" - description: Ensure the Backend Pool contains at least two instances aprlGuid: 6d82d042-6d61-ad49-86f0-6a5455398081 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Deploying Azure Load Balancers with at least two instances in the backend prevents a single point of failure and supports scalability. Pairing with Virtual Machine Scale Sets is advised for optimal scale building. - potentialBenefits: Enhances reliability & scalability + potentialBenefits Enhances reliability & scalability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services- Azure Load Balancer - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer + - name: Resiliency checklist for specific Azure services- Azure Load Balancer + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer" - description: Use NAT Gateway instead of Outbound Rules for Production Workloads aprlGuid: 8d319a05-677b-944f-b9b4-ca0fb42e883c @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Outbound rules for Standard Public Load Balancer involve manual port allocation for backend pools, limiting scalability and risk of SNAT port exhaustion. NAT Gateway is recommended for its dynamic scaling and secure internet connectivity. - potentialBenefits: Enhanced scalability and reliability + potentialBenefits Enhanced scalability and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services- Azure Load Balancer - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer + - name: Resiliency checklist for specific Azure services- Azure Load Balancer + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#azure-load-balancer" - description: Ensure Standard Load Balancer is zone-redundant aprlGuid: 621dbc78-3745-4d32-8eac-9e65b27b7512 @@ -66,13 +66,13 @@ recommendationMetadataState: Active longDescription: | In regions with Availability Zones, assigning a zone-redundant frontend IP to a Standard Load Balancer ensures continuous traffic distribution even if one availability zone fails, provided other healthy zones and backend instances are available to receive the traffic. - potentialBenefits: Enhances uptime & resilience + potentialBenefits Enhances uptime & resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Load Balancer and Availability Zones - url: https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zone-redundant + - name: Load Balancer and Availability Zones + url: "https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zone-redundant" diff --git a/azure-resources/Network/networkSecurityGroups/recommendations.yaml b/azure-resources/Network/networkSecurityGroups/recommendations.yaml index 8b9a83259..0a5502dee 100644 --- a/azure-resources/Network/networkSecurityGroups/recommendations.yaml +++ b/azure-resources/Network/networkSecurityGroups/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Resource Logs are not collected and stored until you create a diagnostic setting and route them to one or more locations. - potentialBenefits: Enhanced monitoring & security insights + potentialBenefits Enhanced monitoring & security insights pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Diagnostic settings in Azure Monitor - url: https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings + - name: Diagnostic settings in Azure Monitor + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/diagnostic-settings" - description: Monitor changes in Network Security Groups with Azure Monitor aprlGuid: 8bb4a57b-55e4-d24e-9c19-2679d8bc779f @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Create Alerts with Azure Monitor for operations like creating or updating Network Security Group rules to catch unauthorized/undesired changes to resources and spot attempts to bypass firewalls or access resources from the outside. - potentialBenefits: Enhanced security and change monitoring + potentialBenefits Enhanced security and change monitoring pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Monitor activity log - url: https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log?tabs=powershell + - name: Azure Monitor activity log + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/activity-log?tabs=powershell" - description: Configure locks for Network Security Groups to avoid accidental changes and/or deletion aprlGuid: 52ac35e8-9c3e-f84d-8ce8-2fab955333d3 @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | As an administrator, you can lock an Azure subscription, resource group, or resource to protect them from accidental deletions and modifications. The lock overrides user permissions. Locks can prevent either deletions or modifications and are known as Delete and Read-only in the portal. - potentialBenefits: Prevents accidental edits/deletions + potentialBenefits Prevents accidental edits/deletions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Lock your resources to protect your infrastructure - url: https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json + - name: Lock your resources to protect your infrastructure + url: "https://learn.microsoft.com/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json" - description: Configure NSG Flow Logs aprlGuid: da1a3c06-d1d5-a940-9a99-fcc05966fe7c @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Monitoring, managing, and understanding your network is crucial for protection and optimization. Knowing the current state, who and from where connections are made, open internet ports, expected and irregular behavior, and traffic spikes is essential. - potentialBenefits: Enhances security & optimizes network + potentialBenefits Enhances security & optimizes network pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Flow logging for network security groups - url: https://learn.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-overview + - name: Flow logging for network security groups + url: "https://learn.microsoft.com/azure/network-watcher/network-watcher-nsg-flow-logging-overview" - description: The NSG only has Default Security Rules, make sure to configure the necessary rules aprlGuid: 8291c1fa-650c-b44b-b008-4deb7465919d @@ -83,13 +83,13 @@ recommendationMetadataState: Active longDescription: | Azure network security groups filter network traffic between resources in a virtual network, using security rules to allow or deny inbound or outbound traffic based on source, destination, port, and protocol. - potentialBenefits: Enhanced traffic control & security + potentialBenefits Enhanced traffic control & security pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Security rules - url: https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview#security-rules + - name: Security rules + url: "https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview#security-rules" diff --git a/azure-resources/Network/networkWatchers/recommendations.yaml b/azure-resources/Network/networkWatchers/recommendations.yaml index cf1b542e1..0f33310f2 100644 --- a/azure-resources/Network/networkWatchers/recommendations.yaml +++ b/azure-resources/Network/networkWatchers/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Azure Network Watcher offers tools for monitoring, diagnosing, viewing metrics, and managing logs for IaaS resources. It helps maintain the health of VMs, VNets, application gateways, load balancers, but not for PaaS or Web analytics. - potentialBenefits: Enhanced monitoring & diagnostics for Azure IaaS + potentialBenefits Enhanced monitoring & diagnostics for Azure IaaS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: What is Azure Network Watcher? - url: https://learn.microsoft.com/azure/network-watcher/network-watcher-overview + - name: What is Azure Network Watcher? + url: "https://learn.microsoft.com/azure/network-watcher/network-watcher-overview" - description: Fix Flow Log configurations in Failed state or Disabled Status aprlGuid: 22a769ed-0ecb-8b49-bafe-8f52e6373d9c @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Network security group flow logging is a feature of Azure Network Watcher that logs IP traffic info through a network security group. If in Failed state, monitoring data from the associated resource is not collected. - potentialBenefits: Ensures IP traffic logging + potentialBenefits Ensures IP traffic logging pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Manage NSG flow logs using the Azure portal - url: https://learn.microsoft.com/azure/network-watcher/nsg-flow-logging + - name: Manage NSG flow logs using the Azure portal + url: "https://learn.microsoft.com/azure/network-watcher/nsg-flow-logging" diff --git a/azure-resources/Network/privateDnsZones/recommendations.yaml b/azure-resources/Network/privateDnsZones/recommendations.yaml index 7cf47e51d..9fd484531 100644 --- a/azure-resources/Network/privateDnsZones/recommendations.yaml +++ b/azure-resources/Network/privateDnsZones/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Private DNS zones and records are critical and their deletion can cause service outages. To protect against unauthorized or accidental changes, the Private DNS Zone Contributor role, a built-in role for managing these resources, should be assigned to specific users or groups. - potentialBenefits: Prevents DNS outages + potentialBenefits Prevents DNS outages pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Protecting private DNS Zones and Records - Azure DNS - url: https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets + - name: Protecting private DNS Zones and Records - Azure DNS + url: "https://learn.microsoft.com/en-us/azure/dns/dns-protect-private-zones-recordsets" - description: Monitor Private DNS Zones health and set up alerts aprlGuid: ab896e8c-49b9-2c44-adec-98339aff7821 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | The records in a private DNS zone are only resolvable from linked virtual networks. You can link a private DNS zone to multiple networks and enable autoregistration to manage DNS records for virtual machines automatically. - potentialBenefits: Enhanced DNS reliability & alerting + potentialBenefits Enhanced DNS reliability & alerting pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Scenarios for Azure Private DNS zones - url: https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios + - name: Scenarios for Azure Private DNS zones + url: "https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios" - description: Align Production and DR zones with identical workload and resource failover entries aprlGuid: 1e02335c-1f90-fd4e-a5a5-d359c7b22d70 @@ -45,13 +45,13 @@ recommendationMetadataState: Active longDescription: | Azure Private DNS offers a reliable, secure way to handle domain names within virtual networks, using custom domains instead of default Azure names. Records in these zones aren't internet-accessible, only resolvable within linked virtual networks. - potentialBenefits: Ensures seamless failover for DNS + potentialBenefits Ensures seamless failover for DNS pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Scenarios for Azure Private DNS zones - url: https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios + - name: Scenarios for Azure Private DNS zones + url: "https://learn.microsoft.com/en-us/azure/dns/private-dns-scenarios" diff --git a/azure-resources/Network/privateEndpoints/recommendations.yaml b/azure-resources/Network/privateEndpoints/recommendations.yaml index 656d5a598..e5c423991 100644 --- a/azure-resources/Network/privateEndpoints/recommendations.yaml +++ b/azure-resources/Network/privateEndpoints/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | A private endpoint has two custom properties, static IP address and the network interface name, which must be set at creation. If not in Succeeded state, there may be issues with the endpoint or associated resource. - potentialBenefits: Enhanced connection reliability + potentialBenefits Enhanced connection reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Private endpoint connections - url: https://learn.microsoft.com/azure/private-link/manage-private-endpoint?tabs=manage-private-link-powershell#private-endpoint-connections + - name: Private endpoint connections + url: "https://learn.microsoft.com/azure/private-link/manage-private-endpoint?tabs=manage-private-link-powershell#private-endpoint-connections" diff --git a/azure-resources/Network/publicIPAddresses/recommendations.yaml b/azure-resources/Network/publicIPAddresses/recommendations.yaml index 1bd87ae7b..e46313311 100644 --- a/azure-resources/Network/publicIPAddresses/recommendations.yaml +++ b/azure-resources/Network/publicIPAddresses/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Public IP addresses in Azure can be of standard SKU, available as non-zonal, zonal, or zone-redundant. Zone-redundant IPs are accessible across all zones, resisting any single zone failure, thereby providing higher resilience. - potentialBenefits: Enhanced resilience with zone redundancy + potentialBenefits Enhanced resilience with zone redundancy pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Public IP addresses - Availability Zones - url: https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone - - name: Upgrading a basic public IP address to Standard SKU - url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance#steps-to-complete-the-upgrade + - name: Public IP addresses - Availability Zones + url: "https://learn.microsoft.com/azure/virtual-network/ip-services/public-ip-addresses#availability-zone" + - name: Upgrading a basic public IP address to Standard SKU + url: "https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance#steps-to-complete-the-upgrade" - description: Use NAT gateway for outbound connectivity to avoid SNAT Exhaustion aprlGuid: 1adba190-5c4c-e646-8527-dd1b2a6d8b15 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | Prevent connectivity failures due to SNAT port exhaustion by employing NAT gateway for outbound traffic from virtual networks, ensuring dynamic scaling and secure internet connections. - potentialBenefits: Avoids SNAT port exhaustion risks + potentialBenefits Avoids SNAT port exhaustion risks pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Use NAT GW for outbound connectivity - url: https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#use-nat-gateway-for-outbound-connectivity - - name: TCP and SNAT Ports - url: https://learn.microsoft.com/azure/architecture/framework/services/compute/azure-app-service/reliability#tcp-and-snat-ports + - name: Use NAT GW for outbound connectivity + url: "https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#use-nat-gateway-for-outbound-connectivity" + - name: TCP and SNAT Ports + url: "https://learn.microsoft.com/azure/architecture/framework/services/compute/azure-app-service/reliability#tcp-and-snat-ports" - description: Upgrade Basic SKU public IP addresses to Standard SKU aprlGuid: 5cea1501-6fe4-4ec4-ac8f-f72320eb18d3 @@ -49,15 +49,15 @@ recommendationMetadataState: Active longDescription: | Basic SKU public IP addresses will be retired on September 30, 2025. Users are advised to upgrade to Standard SKU public IP addresses before this date to avoid service disruptions. - potentialBenefits: Avoids service disruption + potentialBenefits Avoids service disruption pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Upgrading a basic public IP address to Standard SKU - Guidance - url: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance - - name: Upgrade to Standard SKU public IP addresses in Azure by 30 September 2025�Basic SKU will be retired - url: https://azure.microsoft.com/en-us/updates/upgrade-to-standard-sku-public-ip-addresses-in-azure-by-30-september-2025-basic-sku-will-be-retired/ + - name: Upgrading a basic public IP address to Standard SKU - Guidance + url: "https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance" + - name: Upgrade to Standard SKU public IP addresses in Azure by 30 September 2025�Basic SKU will be retired + url: "https://azure.microsoft.com/en-us/updates/upgrade-to-standard-sku-public-ip-addresses-in-azure-by-30-september-2025-basic-sku-will-be-retired/" diff --git a/azure-resources/Network/routeTables/recommendations.yaml b/azure-resources/Network/routeTables/recommendations.yaml index 3cc7cb88d..521c634bb 100644 --- a/azure-resources/Network/routeTables/recommendations.yaml +++ b/azure-resources/Network/routeTables/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Create Alerts with Azure Monitor for operations like Create or Update Route Table to spot unauthorized/undesired changes in production resources. This setup aids in identifying improper routing changes, including efforts to evade firewalls or access resources from outside. - potentialBenefits: Enhanced security & change detection + potentialBenefits Enhanced security & change detection pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure activity log - Azure Monitor | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell + - name: Azure activity log - Azure Monitor | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/activity-log?tabs=powershell" - description: Configure locks for Route Tables to avoid accidental changes or deletion aprlGuid: 89d1166a-1a20-0f46-acc8-3194387bf127 @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | As an administrator, you can protect Azure subscriptions, resource groups, or resources from accidental deletions and modifications by setting locks. - potentialBenefits: Prevents accidental edits/deletions + potentialBenefits Prevents accidental edits/deletions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json + - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?toc=%2Fazure%2Fvirtual-network%2Ftoc.json&tabs=json" diff --git a/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml b/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml index 548d5c414..edc5853d8 100644 --- a/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml +++ b/azure-resources/Network/trafficmanagerprofiles/recommendations.yaml @@ -7,19 +7,19 @@ recommendationMetadataState: Active longDescription: | Monitor status should be online to ensure failover for application workload. If Traffic Manager's health shows Degraded, one or more endpoints may also be Degraded. - potentialBenefits: Ensures failover functionality + potentialBenefits Ensures failover functionality pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Traffic Manager endpoint monitoring - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring - - name: Enable or disable health checks - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring#enable-or-disable-health-checks-preview - - name: Troubleshooting degraded state on Azure Traffic Manager - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-troubleshooting-degraded + - name: Azure Traffic Manager endpoint monitoring + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring" + - name: Enable or disable health checks + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-monitoring#enable-or-disable-health-checks-preview" + - name: Troubleshooting degraded state on Azure Traffic Manager + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-troubleshooting-degraded" - description: Traffic manager profiles should have more than one endpoint aprlGuid: 5b422a7f-8caa-3d48-becb-511599e5bba9 @@ -30,15 +30,15 @@ recommendationMetadataState: Active longDescription: | When configuring the Azure traffic manager, provision at least two endpoints to ensure workloads can fail-over to another instance, enhancing reliability and availability. - potentialBenefits: Enhances failover capabilities + potentialBenefits Enhances failover capabilities pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Traffic Manager Endpoint Types - url: https://learn.microsoft.com/azure/traffic-manager/traffic-manager-endpoint-types + - name: Traffic Manager Endpoint Types + url: "https://learn.microsoft.com/azure/traffic-manager/traffic-manager-endpoint-types" - description: Configure at least one endpoint within a another region aprlGuid: 1ad9d7b7-9692-1441-a8f4-93792efbe97a @@ -49,16 +49,16 @@ recommendationMetadataState: Active longDescription: | Profiles should have multiple endpoints to ensure availability in case an endpoint fails. It's also advised to distribute these endpoints across different regions for enhanced reliability. - potentialBenefits: Enhances availability across regions + potentialBenefits Enhances availability across regions pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Reliability recommendations + - name: Reliability recommendations - url: https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-at-least-one-more-endpoint-to-the-profile-preferably-in-another-azure-region + url: "https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-at-least-one-more-endpoint-to-the-profile-preferably-in-another-azure-region" - description: Ensure endpoint configured to (All World) for geographic profiles aprlGuid: c31f76a0-48cd-9f44-aa43-99ee904db9bc @@ -69,15 +69,15 @@ recommendationMetadataState: Active longDescription: | For geographic routing, traffic is directed to endpoints based on specific regions. If a region fails, without a predefined failover, configuring an endpoint to "All (World)" for geographic profiles can prevent traffic black holes, ensuring service remains available. - potentialBenefits: Avoids traffic black holing, ensures availability + potentialBenefits Avoids traffic black holing, ensures availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Add an endpoint configured to "All (World)" - url: https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-an-endpoint-configured-to-all-world - - name: Traffic Manager profile - GeographicProfile (Add an endpoint configured to ""All (World)""). - url: https://aka.ms/Rf7vc5 + - name: Add an endpoint configured to "All (World)" + url: "https://learn.microsoft.com/azure/advisor/advisor-reference-reliability-recommendations#add-an-endpoint-configured-to-all-world" + - name: Traffic Manager profile - GeographicProfile (Add an endpoint configured to ""All (World)""). + url: "https://aka.ms/Rf7vc5" diff --git a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml index 6834580f3..aaf52a031 100644 --- a/azure-resources/Network/virtualNetworkGateways/recommendations.yaml +++ b/azure-resources/Network/virtualNetworkGateways/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | To increase reliability, it's advised that each ExpressRoute Gateway connects to at least two circuits, with each circuit originating from a different peering location than the other, ensuring diverse connectivity paths for enhanced resilience. - potentialBenefits: Enhanced resiliency for Azure service + potentialBenefits Enhanced resiliency for Azure service pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Designing for disaster recovery with ExpressRoute private peering - url: https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering + - name: Designing for disaster recovery with ExpressRoute private peering + url: "https://learn.microsoft.com/azure/expressroute/designing-for-disaster-recovery-with-expressroute-privatepeering" - description: Use Zone-redundant gateway SKUs aprlGuid: bbe668b7-eb5c-c746-8b82-70afdedf0cae @@ -26,19 +26,19 @@ recommendationMetadataState: Active longDescription: | Azure ExpressRoute gateway offers variable SLAs based on deployment in single or multiple availability zones. To deploy virtual network gateways across zones automatically, use zone-redundant gateways for accessing critical, scalable services with increased resilience. - potentialBenefits: Enhanced SLA and resilience + potentialBenefits Enhanced SLA and resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: About ExpressRoute virtual network gateways - Zone-redundant gateway SKUs - url: https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#zrgw - - name: About zone-redundant virtual network gateway in Azure availability zones - url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways - - name: Create a zone-redundant virtual network gateway in Azure Availability Zones - url: https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway + - name: About ExpressRoute virtual network gateways - Zone-redundant gateway SKUs + url: "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#zrgw" + - name: About zone-redundant virtual network gateway in Azure availability zones + url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways" + - name: Create a zone-redundant virtual network gateway in Azure Availability Zones + url: "https://learn.microsoft.com/azure/vpn-gateway/create-zone-redundant-vnet-gateway" - description: Configure an Azure Resource lock for ExpressRoute Gateway to prevent accidental deletion aprlGuid: c0f23a92-d322-4d4d-97e9-a238b5e3bbb8 @@ -49,15 +49,15 @@ recommendationMetadataState: Active longDescription: | Configuring an Azure Resource lock for ExpressRoute Gateway prevents accidental deletion by enabling administrators to lock an Azure subscription, resource group, or resource, thereby protecting them from unintended user deletions and modifications, with the lock overriding all user permissions. - potentialBenefits: Prevents accidental deletions + potentialBenefits Prevents accidental deletions pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json + - name: Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources?tabs=json" - description: Monitor gateway health aprlGuid: 1c34faa8-8b99-974c-adbf-71922eae943c @@ -68,17 +68,17 @@ recommendationMetadataState: Active longDescription: | Use Network Insights for monitoring ExpressRoute Gateway's health, including availability, performance, and scalability. - potentialBenefits: Enhanced monitoring & alerting + potentialBenefits Enhanced monitoring & alerting pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: ExpressRoute monitoring, metrics, and alerts | ExpressRoute gateways - url: https://learn.microsoft.com/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways - - name: Azure ExpressRoute Insights using Network Insights - url: https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights + - name: ExpressRoute monitoring, metrics, and alerts | ExpressRoute gateways + url: "https://learn.microsoft.com/azure/expressroute/expressroute-monitoring-metrics-alerts#expressroute-gateways" + - name: Azure ExpressRoute Insights using Network Insights + url: "https://learn.microsoft.com/en-us/azure/expressroute/expressroute-network-insights" - description: Avoid using ExpressRoute circuits for VNet to VNet communication aprlGuid: 194c14ac-0d7a-5a48-ae32-75fa450ee564 @@ -89,15 +89,15 @@ recommendationMetadataState: Active longDescription: | While multiple VNets can connect via the same ExpressRoute Gateway, Microsoft recommends using alternatives like VNet peering, Azure Firewall, NVA, Azure Route Server, site-to-site VPN, virtual WAN, or SD-WAN for VNet-to-VNet communication to optimize network performance and management. - potentialBenefits: Enhanced VNet integration efficiency + potentialBenefits Enhanced VNet integration efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: About ExpressRoute virtual network gateways - VNet-to-VNet connectivity - url: https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#vnet-to-vnet-connectivity + - name: About ExpressRoute virtual network gateways - VNet-to-VNet connectivity + url: "https://learn.microsoft.com/azure/expressroute/expressroute-about-virtual-network-gateways#vnet-to-vnet-connectivity" - description: Configure customer-controlled gateway maintenance aprlGuid: 3e115044-a3aa-433e-be01-ce17d67e50da @@ -108,15 +108,15 @@ recommendationMetadataState: Active longDescription: | ExpressRoute gateways are updated for improved functionality, reliability, performance, and security. Customer-controlled maintenance configuration and scheduling minimize update impact and align with your maintenance windows. - potentialBenefits: Minimizes update impact + potentialBenefits Minimizes update impact pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Configure customer-controlled maintenance for your virtual network gateway - ExpressRoute | Microsoft Learn - url: https://learn.microsoft.com/en-us/azure/expressroute/customer-controlled-gateway-maintenance#azure-portal-steps + - name: Configure customer-controlled maintenance for your virtual network gateway - ExpressRoute | Microsoft Learn + url: "https://learn.microsoft.com/en-us/azure/expressroute/customer-controlled-gateway-maintenance#azure-portal-steps" - description: Choose a Zone-redundant gateway aprlGuid: 5b1933a6-90e4-f642-a01f-e58594e5aab2 @@ -127,19 +127,19 @@ recommendationMetadataState: Active longDescription: | Azure VPN gateway offers variable SLAs based on deployment in one or two availability zones. Deploying zone-redundant virtual network gateways across availability zones ensures zone-resiliency, improving access to mission-critical, scalable services on Azure. - potentialBenefits: Enhanced reliability and scalability + potentialBenefits Enhanced reliability and scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Zone redundant Virtual network gateway in availability zone - url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways - - name: Gateway SKU - url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways#gwskus - - name: SLA summary for Azure services - url: https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1 + - name: Zone redundant Virtual network gateway in availability zone + url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways" + - name: Gateway SKU + url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways#gwskus" + - name: SLA summary for Azure services + url: "https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1" - description: Plan for Active-Active mode aprlGuid: 281a2713-c0e0-3c48-b596-19f590c46671 @@ -150,17 +150,17 @@ recommendationMetadataState: Active longDescription: | The active-active mode is available for all SKUs except Basic, allowing for two Gateway IP configurations and two public IP addresses, enhancing redundancy and traffic handling. - potentialBenefits: Enhanced reliability & network capacity + potentialBenefits Enhanced reliability & network capacity pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Active-active VPN gateway - url: https://learn.microsoft.com/azure/vpn-gateway/active-active-portal#gateway - - name: Gateway SKU - url: https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku + - name: Active-active VPN gateway + url: "https://learn.microsoft.com/azure/vpn-gateway/active-active-portal#gateway" + - name: Gateway SKU + url: "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsku" - description: Deploy active-active VPN concentrators on your premises for maximum resiliency aprlGuid: af11fc4c-c06c-4f4c-b98d-6eee6d5c4c70 @@ -171,15 +171,15 @@ recommendationMetadataState: Active longDescription: | Deploying active-active VPN concentrators and Azure VPN Gateways maximizes resilience and availability using a fully-meshed topology with four IPSec tunnels. - potentialBenefits: Maximizes resilience & availability + potentialBenefits Maximizes resilience & availability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks - url: https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks + - name: Dual-redundancy: active-active VPN gateways for both Azure and on-premises networks + url: "https://learn.microsoft.com/azure/vpn-gateway/vpn-gateway-highlyavailable#dual-redundancy-active-active-vpn-gateways-for-both-azure-and-on-premises-networks" - description: Monitor connections and gateway health aprlGuid: 9eab120e-f6d3-ee49-ba0d-766562ce7df1 @@ -190,15 +190,15 @@ recommendationMetadataState: Active longDescription: | Set up monitoring and alerts for Virtual Network Gateway health to utilize a variety of metrics for ensuring operational efficiency and prompt response to any disruptions. - potentialBenefits: Improved uptime and issue awareness + potentialBenefits Improved uptime and issue awareness pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: VPN gateway data reference - url: https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference + - name: VPN gateway data reference + url: "https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference" - description: Enable service health aprlGuid: 9186dae0-7ddc-8f4b-bea5-55538cea4893 @@ -209,17 +209,17 @@ recommendationMetadataState: Active longDescription: | VPN Gateway leverages service health to inform users about both planned and unplanned maintenance, ensuring they are notified about modifications to their VPN connectivity. - potentialBenefits: Improves VPN maintenance alerts + potentialBenefits Improves VPN maintenance alerts pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Getting started with Azure Metrics Explorer - url: https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-getting-started - - name: Monitor VPN gateway - url: https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference#metrics + - name: Getting started with Azure Metrics Explorer + url: "https://learn.microsoft.com/azure/azure-monitor/essentials/metrics-getting-started" + - name: Monitor VPN gateway + url: "https://learn.microsoft.com/azure/vpn-gateway/monitor-vpn-gateway-reference#metrics" - description: Deploy zone-redundant VPN Gateways with zone-redundant Public IP(s) aprlGuid: 4bae5a28-5cf4-40d9-bcf1-623d28f6d917 @@ -230,13 +230,13 @@ recommendationMetadataState: Active longDescription: | For zone-redundant VPN Gateways, always use zone-redundant Standard SKU public IPs to avoid deploying all instances in one zone. This ensures the gateway's reliability, applying to both active-passive (single IP) and active-active (dual IP) setups. - potentialBenefits: Enhanced reliability & disaster recovery + potentialBenefits Enhanced reliability & disaster recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: About zone-redundant virtual network gateway in Azure availability zones - url: https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways + - name: About zone-redundant virtual network gateway in Azure availability zones + url: "https://learn.microsoft.com/azure/vpn-gateway/about-zone-redundant-vnet-gateways" diff --git a/azure-resources/Network/virtualNetworks/recommendations.yaml b/azure-resources/Network/virtualNetworks/recommendations.yaml index 4dc311dab..aa9bd4c5c 100644 --- a/azure-resources/Network/virtualNetworks/recommendations.yaml +++ b/azure-resources/Network/virtualNetworks/recommendations.yaml @@ -7,21 +7,21 @@ recommendationMetadataState: Active longDescription: | Network security groups and application security groups allow filtering of inbound and outbound traffic by IP, port, and protocol, adding a security layer at the Subnet level. - potentialBenefits: Enhanced subnet security & traffic control + potentialBenefits Enhanced subnet security & traffic control pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Virtual Network - Concepts and best practices | Microsoft Learn - url: https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices - - name: GatewaySUbnet - url: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub - - name: Can I associate a network security group (NSG) to the RouteServerSubnet? - url: https://learn.microsoft.com/en-us/azure/route-server/route-server-faq#can-i-associate-a-network-security-group-nsg-to-the-routeserversubnet - - name: Are Network Security Groups (NSGs) supported on the AzureFirewallSubnet? - url: https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#are-network-security-groups--nsgs--supported-on-the-azurefirewallsubnet + - name: Azure Virtual Network - Concepts and best practices | Microsoft Learn + url: "https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices" + - name: GatewaySUbnet + url: "https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub" + - name: Can I associate a network security group (NSG) to the RouteServerSubnet? + url: "https://learn.microsoft.com/en-us/azure/route-server/route-server-faq#can-i-associate-a-network-security-group-nsg-to-the-routeserversubnet" + - name: Are Network Security Groups (NSGs) supported on the AzureFirewallSubnet? + url: "https://learn.microsoft.com/en-us/azure/firewall/firewall-faq#are-network-security-groups--nsgs--supported-on-the-azurefirewallsubnet" - description: Shield public endpoints in Azure VNets with Azure DDoS Standard Protection Plans aprlGuid: 69ea1185-19b7-de40-9da1-9e8493547a5c @@ -32,15 +32,15 @@ recommendationMetadataState: Active longDescription: | Azure DDoS Protection offers enhanced mitigation features against DDoS attacks and is auto-tuned to protect specific resources in a virtual network, combined with application design best practices. - potentialBenefits: Enhanced DDoS attack mitigation + potentialBenefits Enhanced DDoS attack mitigation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Reliability and Azure Virtual Network - Microsoft Azure Well-Architected Framework | Microsoft Learn - url: https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-virtual-network/reliability + - name: Reliability and Azure Virtual Network - Microsoft Azure Well-Architected Framework | Microsoft Learn + url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/azure-virtual-network/reliability" - description: When available, use Private Endpoints instead of Service Endpoints for PaaS Services aprlGuid: 24ae3773-cc2c-3649-88de-c9788e25b463 @@ -51,17 +51,17 @@ recommendationMetadataState: Active longDescription: | Use VNet service endpoints only if Private Link isn't available and no data movement concerns. This feature restricts Azure service access to specified VNet and subnet, enhancing network security and isolating service traffic. - potentialBenefits: Enhanced security & data isolation + potentialBenefits Enhanced security & data isolation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Virtual Network FAQ | Microsoft Learn - url: https://learn.microsoft.com/azure/virtual-network/virtual-networks-faq - - name: Reliability and Network connectivity - Microsoft Azure Well-Architected Framework | Microsoft LearnNetworking Reliability - url: https://learn.microsoft.com/azure/architecture/framework/services/networking/network-connectivity/reliability - - name: Azure Private Link availability - url: https://learn.microsoft.com/en-us/azure/private-link/availability + - name: Azure Virtual Network FAQ | Microsoft Learn + url: "https://learn.microsoft.com/azure/virtual-network/virtual-networks-faq" + - name: Reliability and Network connectivity - Microsoft Azure Well-Architected Framework | Microsoft LearnNetworking Reliability + url: "https://learn.microsoft.com/azure/architecture/framework/services/networking/network-connectivity/reliability" + - name: Azure Private Link availability + url: "https://learn.microsoft.com/en-us/azure/private-link/availability" diff --git a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml index d75ef716d..821b3782e 100644 --- a/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml +++ b/azure-resources/NetworkFunction/azureTrafficCollectors/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | ExpressRoute Traffic Collector samples network flows over ExpressRoute Direct circuits, sending flow logs to a Log Analytics workspace for analysis or export to visualization tools/SIEM. - potentialBenefits: Enhanced network flow analysis & DR readiness + potentialBenefits Enhanced network flow analysis & DR readiness pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure ExpressRoute Traffic Collector - url: https://learn.microsoft.com/en-us/azure/expressroute/traffic-collector + - name: Azure ExpressRoute Traffic Collector + url: "https://learn.microsoft.com/en-us/azure/expressroute/traffic-collector" diff --git a/azure-resources/OperationalInsights/workspaces/recommendations.yaml b/azure-resources/OperationalInsights/workspaces/recommendations.yaml index 0b344bd0e..d79e6a49e 100644 --- a/azure-resources/OperationalInsights/workspaces/recommendations.yaml +++ b/azure-resources/OperationalInsights/workspaces/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Data export in a Log Analytics workspace to an Azure Storage account enhances data protection against regional failures by using geo-redundant (GRS) or geo-zone-redundant storage (GZRS), mainly for compliance and integration with other Azure services and tools. - potentialBenefits: Enhances compliance and regional fault tolerance + potentialBenefits Enhances compliance and regional fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Log Analytics workspace data export in Azure Monitor - url: https://learn.microsoft.com/azure/azure-monitor/logs/logs-data-export - - name: Azure Monitor configuration recommendations - url: https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations + - name: Log Analytics workspace data export in Azure Monitor + url: "https://learn.microsoft.com/azure/azure-monitor/logs/logs-data-export" + - name: Azure Monitor configuration recommendations + url: "https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations" - description: Create a health status alert rule for your Log Analytics workspace aprlGuid: 4b77191c-cc3c-8c4e-844b-0f56d0927890 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | A health status alert will proactively notify you if a workspace becomes unavailable because of a datacenter or regional failure. - potentialBenefits: Early alert for workspace failure + potentialBenefits Early alert for workspace failure pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitor Log Analytics workspace health - url: https://learn.microsoft.com/azure/azure-monitor/logs/log-analytics-workspace-health - - name: Azure Monitor configuration recommendations - url: https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations + - name: Monitor Log Analytics workspace health + url: "https://learn.microsoft.com/azure/azure-monitor/logs/log-analytics-workspace-health" + - name: Azure Monitor configuration recommendations + url: "https://learn.microsoft.com/azure/azure-monitor/best-practices-logs#configuration-recommendations" - description: Configure minimal logging and retention of logs aprlGuid: 7a0063ee-98a0-4634-823b-310a67f798cc @@ -49,17 +49,17 @@ recommendationMetadataState: Active longDescription: | Azure Monitor Logs retain log data for specific periods depending on the data type, e.g., 30 days for platform logs. For compliance or business reasons, you might need longer retention. Data retention settings are adjustable. - potentialBenefits: Cost-saving & compliance with data rules + potentialBenefits Cost-saving & compliance with data rules pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Data retention and archive in Azure Monitor Logs - url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2 - - name: Run search jobs in Azure Monitor - url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/search-jobs?tabs=portal-1%2Cportal-2 - - name: Restore logs in Azure Monitor - url: https://learn.microsoft.com/en-us/azure/azure-monitor/logs/restore?tabs=api-1 + - name: Data retention and archive in Azure Monitor Logs + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/data-retention-archive?tabs=portal-1%2Cportal-2" + - name: Run search jobs in Azure Monitor + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/search-jobs?tabs=portal-1%2Cportal-2" + - name: Restore logs in Azure Monitor + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/logs/restore?tabs=api-1" diff --git a/azure-resources/RecoveryServices/vaults/recommendations.yaml b/azure-resources/RecoveryServices/vaults/recommendations.yaml index 3feaf352d..0eab13b46 100644 --- a/azure-resources/RecoveryServices/vaults/recommendations.yaml +++ b/azure-resources/RecoveryServices/vaults/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Ensure VM failover settings' static IP addresses are available in the failover subnet to maintain consistent IP assignment during failover, with the target VM receiving the same static IP if it's available or the next available IP otherwise. IP adjustments can be made in VM Network settings. - potentialBenefits: Smooth failover IP management + potentialBenefits Smooth failover IP management pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Setup network mapping for site recovery - url: https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-network-mapping#set-up-ip-addressing-for-target-vms + - name: Setup network mapping for site recovery + url: "https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-network-mapping#set-up-ip-addressing-for-target-vms" - description: Validate VM functionality with a test failover to check performance at target aprlGuid: 17e877f7-3a89-4205-8a24-0670de54ddcd @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | Perform a test failover to validate your BCDR strategy and ensure that your applications are functioning correctly in the target region without impacting your production environment. Test your Disaster Recovery plan periodically without any data loss or downtime, using test failovers. - potentialBenefits: Ensures BCDR plan accuracy and VM performance + potentialBenefits Ensures BCDR plan accuracy and VM performance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Run a test failover - url: https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill#run-a-test-failover + - name: Run a test failover + url: "https://learn.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-dr-drill#run-a-test-failover" - description: Migrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services Vaults aprlGuid: 2912472d-0198-4bdc-aa90-37f145790edc @@ -45,17 +45,17 @@ recommendationMetadataState: Active longDescription: | Classic alerts for Recovery Services vaults in Azure Backup will be retired on 31 March 2026. - potentialBenefits: Enhanced, scalable, and consistent alerting. + potentialBenefits Enhanced, scalable, and consistent alerting. pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Move to Azure monitor Alerts - url: https://learn.microsoft.com/azure/backup/move-to-azure-monitor-alerts - - name: Classic alerts retirement announcement - url: https://azure.microsoft.com/updates/transition-to-builtin-azure-monitor-alerts-for-recovery-services-vaults-in-azure-backup-by-31-march-2026/ + - name: Move to Azure monitor Alerts + url: "https://learn.microsoft.com/azure/backup/move-to-azure-monitor-alerts" + - name: Classic alerts retirement announcement + url: "https://azure.microsoft.com/updates/transition-to-builtin-azure-monitor-alerts-for-recovery-services-vaults-in-azure-backup-by-31-march-2026/" - description: Opt-in to Cross Region Restore for all Geo-Redundant Storage (GRS) Azure Recovery Services vaults aprlGuid: 1549b91f-2ea0-4d4f-ba2a-4596becbe3de @@ -66,19 +66,19 @@ recommendationMetadataState: Active longDescription: | Cross Region Restore enables the restoration of Azure VMs in a secondary, Azure paired region, facilitating drills for audit or compliance and allowing recovery of VMs or disks in the event of a primary region disaster. It is an opt-in feature available exclusively for GRS vaults. - potentialBenefits: Enhances disaster recovery capabilities + potentialBenefits Enhances disaster recovery capabilities pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Set Cross Region Restore - url: https://learn.microsoft.com/azure/backup/backup-create-recovery-services-vault#set-cross-region-restore - - name: Azure Backup Best Practices - url: https://learn.microsoft.com/azure/backup/guidance-best-practices - - name: Minimum Role Requirements for Cross Region Restore - url: https://learn.microsoft.com/azure/backup/backup-rbac-rs-vault#minimum-role-requirements-for-azure-vm-backup - - name: Recovery Services Vault - url: https://learn.microsoft.com/azure/backup/backup-azure-arm-vms-prepare + - name: Set Cross Region Restore + url: "https://learn.microsoft.com/azure/backup/backup-create-recovery-services-vault#set-cross-region-restore" + - name: Azure Backup Best Practices + url: "https://learn.microsoft.com/azure/backup/guidance-best-practices" + - name: Minimum Role Requirements for Cross Region Restore + url: "https://learn.microsoft.com/azure/backup/backup-rbac-rs-vault#minimum-role-requirements-for-azure-vm-backup" + - name: Recovery Services Vault + url: "https://learn.microsoft.com/azure/backup/backup-azure-arm-vms-prepare" diff --git a/azure-resources/Resources/resourceGroups/recommendations.yaml b/azure-resources/Resources/resourceGroups/recommendations.yaml index 2d9b99ae3..098e68990 100644 --- a/azure-resources/Resources/resourceGroups/recommendations.yaml +++ b/azure-resources/Resources/resourceGroups/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | The root management group in Azure is designed for organizational hierarchy, allowing for all management groups and subscriptions to fold into it. - potentialBenefits: Enhanced security, compliance, and management + potentialBenefits Enhanced security, compliance, and management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Management group recommendations - url: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-group-recommendations - - name: Root management group for each directory - url: https://learn.microsoft.com/en-us/azure/governance/management-groups/overview#root-management-group-for-each-directory + - name: Management group recommendations + url: "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-area/resource-org-management-groups#management-group-recommendations" + - name: Root management group for each directory + url: "https://learn.microsoft.com/en-us/azure/governance/management-groups/overview#root-management-group-for-each-directory" - description: Ensure Resource Group and its Resources are located in the same Region aprlGuid: 98bd7098-49d6-491b-86f1-b143d6b1a0ff @@ -28,13 +28,13 @@ recommendationMetadataState: Active longDescription: | Ensure resource locations align with their resource group to manage resources during regional outages. ARM stores resource data, which if in an unavailable region, could halt updates, rendering resources read-only. - potentialBenefits: Improves outage management + potentialBenefits Improves outage management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Resource Manager Overview - url: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-group-location-alignment + - name: Azure Resource Manager Overview + url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-group-location-alignment" diff --git a/azure-resources/ServiceBus/namespaces/recommendations.yaml b/azure-resources/ServiceBus/namespaces/recommendations.yaml index 7dc5f0138..0ad4822b5 100644 --- a/azure-resources/ServiceBus/namespaces/recommendations.yaml +++ b/azure-resources/ServiceBus/namespaces/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Use Service Bus with zone redundancy for high availability. The Premium SKU supports availability zones, ensuring isolations within the same region. It manages 3 copies of the messaging store, kept in sync. - potentialBenefits: Enhances fault tolerance and uptime + potentialBenefits Enhances fault tolerance and uptime pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Service Bus and reliability - url: https://learn.microsoft.com/en-us/azure/well-architected/services/messaging/service-bus/reliability - - name: Azure Service Bus Geo-disaster recovery - url: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-geo-dr#availability-zones - - name: Insulate Azure Service Bus applications against outages and disasters - url: https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-outages-disasters + - name: Service Bus and reliability + url: "https://learn.microsoft.com/en-us/azure/well-architected/services/messaging/service-bus/reliability" + - name: Azure Service Bus Geo-disaster recovery + url: "https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-geo-dr#availability-zones" + - name: Insulate Azure Service Bus applications against outages and disasters + url: "https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-outages-disasters" diff --git a/azure-resources/SignalRService/SignalR/recommendations.yaml b/azure-resources/SignalRService/SignalR/recommendations.yaml index 56e214579..990724060 100644 --- a/azure-resources/SignalRService/SignalR/recommendations.yaml +++ b/azure-resources/SignalRService/SignalR/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | Use SignalR with zone redundancy for production to improve uptime. This feature, available in the Premium tier, is activated upon creating or upgrading to Premium. Standard can upgrade to Premium without downtime. - potentialBenefits: Enhances reliability & uptime + potentialBenefits Enhances reliability & uptime pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Availability zones support in Azure SignalR Service - url: https://learn.microsoft.com/azure/azure-signalr/availability-zones + - name: Availability zones support in Azure SignalR Service + url: "https://learn.microsoft.com/azure/azure-signalr/availability-zones" diff --git a/azure-resources/Sql/servers/recommendations.yaml b/azure-resources/Sql/servers/recommendations.yaml index 4b594402a..fd3d414a2 100644 --- a/azure-resources/Sql/servers/recommendations.yaml +++ b/azure-resources/Sql/servers/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | If your primary database fails, perform a manual failover to the secondary database which remains read-only until then. Active geo-replication allows creating readable replicas and manual failover in case of a datacenter outage or application upgrade. - potentialBenefits: Enhanced disaster recovery & read scalability + potentialBenefits Enhanced disaster recovery & read scalability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Active Geo Replication - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview + - name: Active Geo Replication + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/active-geo-replication-overview" - description: Auto Failover Groups for apps should include all related databases for cohesion aprlGuid: 943c168a-2ec2-a94c-8015-85732a1b4859 @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | You can use the readable secondary databases to offload read-only query workloads. Autofailover groups involve multiple databases configured on a primary server, supporting replication of all databases in the group to only one secondary server or instance in a different region. - potentialBenefits: Improves load balancing & disaster recovery + potentialBenefits Improves load balancing & disaster recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: AutoFailover Groups - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview?tabs=azure-powershell - - name: DR Design - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/designing-cloud-solutions-for-disaster-recovery + - name: AutoFailover Groups + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/auto-failover-group-overview?tabs=azure-powershell" + - name: DR Design + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/designing-cloud-solutions-for-disaster-recovery" - description: Use a Zone-Redundant Database aprlGuid: c0085c32-84c0-c247-bfa9-e70977cbf108 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | By default, the premium availability model clusters nodes in one datacenter. - potentialBenefits: Enhanced reliability, no extra cost + potentialBenefits Enhanced reliability, no extra cost pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Zone Redundant Databases - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla + - name: Zone Redundant Databases + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla" - description: Implement Retry Logic aprlGuid: cbb17a29-64fb-c943-95d0-8df814a37c40 @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | Azure SQL Database, known for its resilience to infrastructure failures, can occasionally encounter connectivity issues due to transient errors. Implementing retry logic in your code ensures continued operation by reattempting failed calls, maintaining smooth database interaction. - potentialBenefits: Enhanced connectivity stability + potentialBenefits Enhanced connectivity stability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: How to Implement Retry Logic - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/troubleshoot-common-connectivity-issues + - name: How to Implement Retry Logic + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/troubleshoot-common-connectivity-issues" - description: Monitor your Azure SQL Database in Near Real-Time to Detect Reliability Incidents aprlGuid: 7e7daec9-6a81-3546-a4cc-9aef72fec1f7 @@ -85,19 +85,19 @@ recommendationMetadataState: Active longDescription: | Use available solutions to monitor SQL Database to detect reliability incidents early, making your databases more reliable. Opt for near real-time monitoring to rapidly react to incidents. - potentialBenefits: Quick incident detection & response + potentialBenefits Quick incident detection & response pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Monitor - url: https://learn.microsoft.com/en-us/azure/azure-monitor/insights/azure-sql#analyze-data-and-create-alerts - - name: Azure SQL Database Monitoring - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor - - name: Monitoring SQL Database Reference - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor-reference + - name: Azure Monitor + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/insights/azure-sql#analyze-data-and-create-alerts" + - name: Azure SQL Database Monitoring + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor" + - name: Monitoring SQL Database Reference + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/monitoring-sql-database-azure-monitor-reference" - description: Back Up Your Keys aprlGuid: d6ef87aa-574e-584e-a955-3e6bb8b5425b @@ -108,15 +108,15 @@ recommendationMetadataState: Active longDescription: | It is highly recommended to use Azure Key Vault to store encryption keys for Always Encrypted configurations. Though not mandatory, if not using AKV, ensure keys are properly backed up. - potentialBenefits: Enhanced security & data recovery + potentialBenefits Enhanced security & data recovery pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Azure Key Vault - url: https://learn.microsoft.com/en-us/azure/key-vault/general/overview - - name: Getting Started with Always Encrypted - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-landing?view=azuresql + - name: Azure Key Vault + url: "https://learn.microsoft.com/en-us/azure/key-vault/general/overview" + - name: Getting Started with Always Encrypted + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/always-encrypted-landing?view=azuresql" diff --git a/azure-resources/Storage/storageAccounts/recommendations.yaml b/azure-resources/Storage/storageAccounts/recommendations.yaml index a36de536e..65959bad1 100644 --- a/azure-resources/Storage/storageAccounts/recommendations.yaml +++ b/azure-resources/Storage/storageAccounts/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Redundancy ensures storage accounts meet availability and durability targets amidst failures, weighing lower costs against higher availability. Locally redundant storage offers the least durability at the lowest cost. - potentialBenefits: High availability & durability for storage + potentialBenefits High availability & durability for storage pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure Storage redundancy - url: https://learn.microsoft.com/azure/storage/common/storage-redundancy - - name: Change the redundancy configuration for a storage account - url: https://learn.microsoft.com/azure/storage/common/redundancy-migration + - name: Azure Storage redundancy + url: "https://learn.microsoft.com/azure/storage/common/storage-redundancy" + - name: Change the redundancy configuration for a storage account + url: "https://learn.microsoft.com/azure/storage/common/redundancy-migration" - description: Do not use classic storage accounts aprlGuid: 63ad027e-611c-294b-acc5-8e3234db9a40 @@ -28,17 +28,17 @@ recommendationMetadataState: Active longDescription: | Classic storage accounts will be fully retired on August 31, 2024. If you have classic storage accounts, start planning your migration now. - potentialBenefits: Avoids service retirement issues + potentialBenefits Avoids service retirement issues pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Azure classic storage accounts retirement announcement - url: https://azure.microsoft.com/updates/classic-azure-storage-accounts-will-be-retired-on-31-august-2024/ - - name: Migrate your classic storage accounts to Azure Resource Manager - url: https://learn.microsoft.com/azure/storage/common/classic-account-migration-overview + - name: Azure classic storage accounts retirement announcement + url: "https://azure.microsoft.com/updates/classic-azure-storage-accounts-will-be-retired-on-31-august-2024/" + - name: Migrate your classic storage accounts to Azure Resource Manager + url: "https://learn.microsoft.com/azure/storage/common/classic-account-migration-overview" - description: Ensure Performance tier is set as per workload aprlGuid: 5587ef77-7a05-a74d-9c6e-449547a12f27 @@ -49,23 +49,23 @@ recommendationMetadataState: Active longDescription: | Consider using the appropriate storage performance tier for workload scenarios. Each workload scenario requires appropriate performance tiers, and selecting the appropriate tiers based on storage usage is crucial. - potentialBenefits: Optimized cost & performance + potentialBenefits Optimized cost & performance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Types of storage accounts - url: https://learn.microsoft.com/azure/storage/common/storage-account-overview#types-of-storage-accounts - - name: Scalability and performance targets for standard storage accounts - url: https://learn.microsoft.com/azure/storage/common/scalability-targets-standard-account - - name: Performance and scalability checklist for Blob storage - url: https://learn.microsoft.com/azure/storage/blobs/storage-performance-checklist - - name: Scalability and performance targets for Blob storage - url: https://learn.microsoft.com/azure/storage/blobs/scalability-targets - - name: Premium block blob storage accounts - url: https://learn.microsoft.com/azure/storage/blobs/storage-blob-block-blob-premium + - name: Types of storage accounts + url: "https://learn.microsoft.com/azure/storage/common/storage-account-overview#types-of-storage-accounts" + - name: Scalability and performance targets for standard storage accounts + url: "https://learn.microsoft.com/azure/storage/common/scalability-targets-standard-account" + - name: Performance and scalability checklist for Blob storage + url: "https://learn.microsoft.com/azure/storage/blobs/storage-performance-checklist" + - name: Scalability and performance targets for Blob storage + url: "https://learn.microsoft.com/azure/storage/blobs/scalability-targets" + - name: Premium block blob storage accounts + url: "https://learn.microsoft.com/azure/storage/blobs/storage-blob-block-blob-premium" - description: Enable soft delete for recovery of data aprlGuid: 03263c57-c869-3841-9e0a-3dbb9ef3e28d @@ -76,15 +76,15 @@ recommendationMetadataState: Active longDescription: | The soft delete option enables data recovery if mistakenly deleted, while the Lock feature prevents the accidental deletion of the storage account itself, ensuring additional security and data integrity measures. - potentialBenefits: Prevents accidental data/account loss + potentialBenefits Prevents accidental data/account loss pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Soft delete detail docs - url: https://learn.microsoft.com//azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal + - name: Soft delete detail docs + url: "https://learn.microsoft.com//azure/storage/blobs/soft-delete-blob-enable?tabs=azure-portal " - description: Enable versioning for accidental modification and keep the number of versions below 1000 aprlGuid: 8ebda7c0-e0e1-ed45-af59-2d7ea9a1c05d @@ -95,15 +95,15 @@ recommendationMetadataState: Active longDescription: | Consider enabling versioning for Azure Storage Accounts to recover from accidental modifications or deletions and manage blob operation latency. Microsoft advises maintaining fewer than 1000 versions per blob to optimize performance. Lifecycle management can help delete old versions automatically. - potentialBenefits: Recover data, manage latency + potentialBenefits Recover data, manage latency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Blob versioning - url: https://learn.microsoft.com/azure/storage/blobs/versioning-overview + - name: Blob versioning + url: "https://learn.microsoft.com/azure/storage/blobs/versioning-overview " - description: Enable point-in-time restore for GPv2 accounts to safeguard against data loss aprlGuid: 1b965cb9-7629-214e-b682-6bf6e450a100 @@ -114,17 +114,17 @@ recommendationMetadataState: Active longDescription: | Consider enabling point-in-time restore for standard general purpose v2 accounts with flat namespace to protect against accidental deletion or corruption by restoring block blob data to an earlier state. - potentialBenefits: Protects data from loss/corruption + potentialBenefits Protects data from loss/corruption pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Point-in-time restore for block blobs - url: https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-overview - - name: Perform a point-in-time restore on block blob data - url: https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-manage?tabs=portal + - name: Point-in-time restore for block blobs + url: "https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-overview" + - name: Perform a point-in-time restore on block blob data + url: "https://learn.microsoft.com/azure/storage/blobs/point-in-time-restore-manage?tabs=portal" - description: Monitor all blob storage accounts aprlGuid: 96cb8331-6b06-8242-8ce8-4e2f665dc679 @@ -135,17 +135,17 @@ recommendationMetadataState: Active longDescription: | For critical applications and business processes relying on Azure, monitoring and alerts are crucial. Resource logs are only stored after creating a diagnostic setting to route logs to specified locations, requiring selection of log categories to collect. - potentialBenefits: Enhanced alerting & log analysis + potentialBenefits Enhanced alerting & log analysis pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Monitor Azure Blob Storage - url: https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage - - name: Best practices for monitoring Azure Blob Storage - url: https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios + - name: Monitor Azure Blob Storage + url: "https://learn.microsoft.com/azure/storage/blobs/monitor-blob-storage" + - name: Best practices for monitoring Azure Blob Storage + url: "https://learn.microsoft.com/azure/storage/blobs/blob-storage-monitoring-scenarios" - description: Consider upgrading legacy storage accounts to v2 storage accounts aprlGuid: 2ad78dec-5a4d-4a30-8fd1-8584335ad781 @@ -156,15 +156,15 @@ recommendationMetadataState: Active longDescription: | General-purpose v2 accounts are recommended for most storage scenarios offering the latest features or the lowest per-gigabyte pricing. Legacy accounts like Standard general-purpose v1 and Blob Storage aren't advised by Microsoft but may fit specific scenarios. - potentialBenefits: Latest features, lowest cost + potentialBenefits Latest features, lowest cost pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Legacy storage account types - url: https://learn.microsoft.com/azure/storage/common/storage-account-overview#legacy-storage-account-types - - name: Upgrade to a general-purpose v2 storage account - url: https://learn.microsoft.com/azure/storage/common/storage-account-upgrade + - name: Legacy storage account types + url: "https://learn.microsoft.com/azure/storage/common/storage-account-overview#legacy-storage-account-types" + - name: Upgrade to a general-purpose v2 storage account + url: "https://learn.microsoft.com/azure/storage/common/storage-account-upgrade" diff --git a/azure-resources/Subscription/subscriptions/recommendations.yaml b/azure-resources/Subscription/subscriptions/recommendations.yaml index 61eb0011a..c401d2673 100644 --- a/azure-resources/Subscription/subscriptions/recommendations.yaml +++ b/azure-resources/Subscription/subscriptions/recommendations.yaml @@ -7,13 +7,13 @@ recommendationMetadataState: Active longDescription: | A Citrix Managed Azure subscription supports VMs with VDA for app/desktop delivery, excluding other machines like Cloud Connectors. When close to the limit, signaled by a dashboard notification, and with sufficient licenses, request another subscription. Can't exceed the given limits for catalogs. - potentialBenefits: Avoids hitting limit, ensures reliability + potentialBenefits Avoids hitting limit, ensures reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Citrix Limits - url: https://docs.citrix.com/en-us/citrix-daas-azure/limits + - name: Citrix Limits + url: "https://docs.citrix.com/en-us/citrix-daas-azure/limits" diff --git a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml index d4656ec30..7892a4041 100644 --- a/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml +++ b/azure-resources/VirtualMachineImages/imageTemplates/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | When building Image Templates, use sources for gen 2 VMs. Gen 2 offers more memory, supports >2TB disks, uses UEFI for faster boot/installation, has Intel SGX, and virtualized persistent memory (vPMEM), unlike gen 1's BIOS-based architecture. - potentialBenefits: More memory, supports >2TB disks, faster boot + potentialBenefits More memory, supports >2TB disks, faster boot pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Generation 1 vs generation 2 virtual machines - url: https://learn.microsoft.com/en-us/azure/virtual-machines/generation-2#features-and-capabilities + - name: Generation 1 vs generation 2 virtual machines + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/generation-2#features-and-capabilities" - description: Replicate your Image Templates to a secondary region aprlGuid: 21fb841b-ba70-1f4e-a460-1f72fb41aa51 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | The Azure Image Builder service, used for deploying Image Templates, lacks availability zones support. By replicating Image Templates to a secondary, preferably paired, region, quick recovery from a region failure is enabled, ensuring continuous virtual machine deployment from these templates. - potentialBenefits: Enhances disaster recovery capability + potentialBenefits Enhances disaster recovery capability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Image Template resiliency - url: https://learn.microsoft.com/en-us/azure/reliability/reliability-image-builder?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json#capacity-and-proactive-disaster-recovery-resiliency - - name: Azure Image Builder Supported Regions - url: https://learn.microsoft.com/en-us/azure/virtual-machines/image-builder-overview?tabs=azure-powershell#regions + - name: Image Template resiliency + url: "https://learn.microsoft.com/en-us/azure/reliability/reliability-image-builder?toc=%2Fazure%2Fvirtual-machines%2Ftoc.json&bc=%2Fazure%2Fvirtual-machines%2Fbreadcrumb%2Ftoc.json#capacity-and-proactive-disaster-recovery-resiliency" + - name: Azure Image Builder Supported Regions + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/image-builder-overview?tabs=azure-powershell#regions" diff --git a/azure-resources/Web/serverFarms/recommendations.yaml b/azure-resources/Web/serverFarms/recommendations.yaml index 606f9aa27..b197b66af 100644 --- a/azure-resources/Web/serverFarms/recommendations.yaml +++ b/azure-resources/Web/serverFarms/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Azure's feature of deploying App Service plans across availability zones enhances resiliency and reliability by ensuring operation during datacenter failures, providing redundancy without needing different regions, thus minimizing downtime and maintaining uninterrupted services. - potentialBenefits: Enhances app resiliency & reliability + potentialBenefits Enhances app resiliency & reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Migrate App Service to availability zone support - url: https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service - - name: High availability enterprise deployment using App Service Environment - url: https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/enterprise-integration/ase-high-availability-deployment + - name: Migrate App Service to availability zone support + url: "https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service" + - name: High availability enterprise deployment using App Service Environment + url: "https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/enterprise-integration/ase-high-availability-deployment" - description: Use Standard or Premium tier aprlGuid: b2113023-a553-2e41-9789-597e2fb54c31 @@ -28,15 +28,15 @@ recommendationMetadataState: Active longDescription: | Choose Standard/Premium Azure App Service Plan for robust apps with advanced scaling, high availability, better performance, and multiple slots, ensuring resilience and continuous operation. - potentialBenefits: Enhanced scaling & reliability + potentialBenefits Enhanced scaling & reliability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services - url: https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist for specific Azure services + url: "https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service" - description: Avoid scaling up or down aprlGuid: 07243659-4643-d44c-a1c6-07ac21635072 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Avoid frequent scaling up/down of Azure App Service instances to prevent service disruptions. Choose the right tier and size for the workload and scale out for traffic changes, as scaling adjustments can trigger application restarts. - potentialBenefits: Minimizes restarts, enhances stability + potentialBenefits Minimizes restarts, enhances stability pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services - url: https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist for specific Azure services + url: "https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service" - description: Create separate App Service plans for production and test aprlGuid: dbe3fd66-fb2a-9d46-b162-1791e21da236 @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | It is strongly recommended to create separate App Service plans for production and test environments to avoid using slots within your production deployment for testing purposes. - potentialBenefits: Protects prod performance; avoids test impact + potentialBenefits Protects prod performance; avoids test impact pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services - url: https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist for specific Azure services + url: "https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#app-service" - description: Enable Autoscale/Automatic scaling to ensure adequate resources are available to service requests aprlGuid: 6320abf6-f917-1843-b2ae-4779c35985ae @@ -85,15 +85,15 @@ recommendationMetadataState: Active longDescription: | Enabling Autoscale/Automatic Scaling for your Azure App Service ensures sufficient resources for incoming requests. Autoscaling is rule-based, whereas Automatic Scaling, a newer feature, automatically adjusts resources based on HTTP traffic. - potentialBenefits: Optimizes resources for traffic + potentialBenefits Optimizes resources for traffic pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Automatic scaling in Azure App Service - url: https://learn.microsoft.com/en-us/azure/app-service/manage-automatic-scaling?tabs=azure-portal - - name: Auto Scale Web Apps - url: https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-get-started + - name: Automatic scaling in Azure App Service + url: "https://learn.microsoft.com/en-us/azure/app-service/manage-automatic-scaling?tabs=azure-portal" + - name: Auto Scale Web Apps + url: "https://learn.microsoft.com/en-us/azure/azure-monitor/autoscale/autoscale-get-started" diff --git a/azure-resources/Web/sites/recommendations.yaml b/azure-resources/Web/sites/recommendations.yaml index a55196e69..c70dd8462 100644 --- a/azure-resources/Web/sites/recommendations.yaml +++ b/azure-resources/Web/sites/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Enabling diagnostics logging for your Azure App Service is crucial for monitoring and diagnostics, including both application logging and web server logging. - potentialBenefits: Enhanced monitoring & diagnostics + potentialBenefits Enhanced monitoring & diagnostics pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Enable diagnostics logging for apps in Azure App Service - url: https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs + - name: Enable diagnostics logging for apps in Azure App Service + url: "https://learn.microsoft.com/azure/app-service/troubleshoot-diagnostic-logs" - description: Monitor Performance aprlGuid: a7e8bb3d-8ceb-442d-b26f-007cd63f9ffc @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | Use Application Insights to monitor app performance and load behavior, offering real-time insights, issue diagnosis, and root-cause analysis. It supports ASP.NET, ASP.NET Core, Java, and Node.js on Azure App Service, now with built-in monitoring. - potentialBenefits: Real-time insights & issue diagnosis + potentialBenefits Real-time insights & issue diagnosis pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Application Insights - url: https://learn.microsoft.com/azure/application-insights/app-insights-overview - - name: Application monitoring for Azure App Service - url: https://learn.microsoft.com/azure/azure-monitor/app/azure-web-apps + - name: Application Insights + url: "https://learn.microsoft.com/azure/application-insights/app-insights-overview" + - name: Application monitoring for Azure App Service + url: "https://learn.microsoft.com/azure/azure-monitor/app/azure-web-apps" - description: Separate web apps from web APIs aprlGuid: 78a5c033-ff51-4332-8a71-83464c34494b @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | If your solution includes both a web front end and a web API, decomposing them into separate App Service apps facilitates solution decomposition by workload, allowing for independent scaling. Initially, you can deploy both in the same plan and separate them for independent scaling when necessary. - potentialBenefits: Independent scaling, easier management + potentialBenefits Independent scaling, easier management pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resiliency checklist for specific Azure services - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist for specific Azure services + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service" - description: Create a separate storage account for logs aprlGuid: 3f9ddb59-0bb3-4acb-9c9b-99aa1776f0ab @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | Creating a separate storage account for logs and not using the same one for application data prevents logging activities from reducing application performance by ensuring that the resources dedicated to handling application data are not burdened by logging processes. - potentialBenefits: Improves app performance + potentialBenefits Improves app performance pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: no tags: null learnMoreLink: - - name: Resiliency checklist - url: https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service + - name: Resiliency checklist + url: "https://learn.microsoft.com/azure/architecture/checklist/resiliency-per-service#app-service" - description: Deploy to a staging slot aprlGuid: a1d91661-32d4-430b-b3b6-5adeb0975df7 @@ -85,15 +85,15 @@ recommendationMetadataState: Active longDescription: | Create a deployment slot for staging to deploy updates, verify them, and ensure all instances are warmed up before production swap, reducing bad update chances. An LKG slot allows easy rollback to a previous good deployment if issues arise later, enhancing reliability. - potentialBenefits: Safer updates & easy rollback + potentialBenefits Safer updates & easy rollback pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Set up staging environments in Azure App Service - url: https://learn.microsoft.com/azure/app-service-web/web-sites-staged-publishing + - name: Set up staging environments in Azure App Service + url: "https://learn.microsoft.com/azure/app-service-web/web-sites-staged-publishing" - description: Store configuration as app settings aprlGuid: 0b80b67c-afbe-4988-ad58-a85a146b681e @@ -104,13 +104,13 @@ recommendationMetadataState: Active longDescription: | Use app settings for configuration and define them in Resource Manager templates or via PowerShell to facilitate part of an automated deployment/update process for improved reliability. - potentialBenefits: Enhanced reliability via automation + potentialBenefits Enhanced reliability via automation pgVerified: Preview publishedToLearn: false publishedToAdvisor: false automationAvailable: arg tags: null learnMoreLink: - - name: Configure web apps in Azure App Service - url: https://learn.microsoft.com/azure/app-service-web/web-sites-configure + - name: Configure web apps in Azure App Service + url: "https://learn.microsoft.com/azure/app-service-web/web-sites-configure" diff --git a/azure-specialized-workloads/recommendations.yaml b/azure-specialized-workloads/recommendations.yaml new file mode 100644 index 000000000..380f748eb --- /dev/null +++ b/azure-specialized-workloads/recommendations.yaml @@ -0,0 +1,497 @@ +- description: Ensure File shares that stores jobs metadata are accessible from all head nodes + aprlGuid: 4c78fab4-845a-495d-ab14-3ad51de53a2a + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Currently in all HPC Pack ARM templates we create the cluster share on one of the head node which is not highly available. + potentialBenefits Enhances job metadata availability + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#hpc-pack-cluster-shares" + +- description: Automatically grow and shrink HPC Pack cluster resources + aprlGuid: b02b5a0e-3770-44da-a099-5dd4d9f8cd70 + recommendationTypeId: null + recommendationControl: Scalability + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + By deploying Azure "burst" nodes (both Windows and Linux) in your HPC Pack cluster or creating your HPC Pack cluster in Azure, you can automatically grow or shrink the cluster's resources such as nodes or cores according to the workload on the cluster. + potentialBenefits Efficient, uninterrupted execution + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-auto-grow-shrink?view=hpc19-ps" + +- description: Use multiple head nodes for HPC Pack + aprlGuid: a48b1be6-77a3-4e3c-8205-dda2ba010a99 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Establish a cluster with a minimum of two head nodes. In the event of a head node failure, the active HPC Service will be automatically transferred from the affected head node to another functioning one. + potentialBenefits Enhanced reliability for HPC + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-head-node-failure" + +- description: Use HPC Pack Azure AD Integration or other highly available AD configuration + aprlGuid: 37eec891-7880-4759-b597-7cd925512fe3 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + When HPC failed to connect to the Domain controller, admin and user will not be able to connect to the HPC Service thus not able to manage and submit jobs to the cluster. + potentialBenefits Enhanced reliability & job management + pgVerified: Preview + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Learn More + url: "https://learn.microsoft.com/en-us/powershell/high-performance-computing/hpcpack-ha-cloud?view=hpc19-ps#dealing-with-ad-failure" + +- description: Ensure that each SAP production system is designed for high availability across availability zones + aprlGuid: a9b649a5-2bfe-40ca-9b8f-34f9c71dfa12 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Azure Availability Zones are physically separate locations within each Azure region that are tolerant to local failures. Use availability zones to protect your applications and data against unlikely data center failures. Ensure each single point of failure of each SAP production system is protected with high availability using multiple availability zones. If you cannot deploy across different zones in a region, then refer to Microsoft guidance for High availability deployment options for SAP workload. + potentialBenefits High availability for SAP systems + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Quality Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: Move Regional SAP HA to Zonal + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/Move-VM-from-AvSet-to-AvZone/Move-Regional-SAP-HA-To-Zonal-SAP-HA-WhitePaper" + - name: High Availability Deployment Options for SAP + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-high-availability-architecture-scenarios#high-availability-deployment-options-for-sap-workload" + +- description: Run SAP application servers on two or more VMs using VMSS Flex + aprlGuid: 49bd34ab-d117-4b0e-99f8-34cc8a5394bc + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Use Virtual Machines Scale Set (VMSS) with flexible orchestration to distribute the virtual machines across specified zones and within each zone to also distribute VMs across different fault domains within the zone on a best effort basis. Configure VMSS Flex following Microsoft recommendation for SAP workload using the right mode and correct settings. If you aren't currently using VMSS Flex for SAP application servers and also not using Availability Sets with Fault domain & Update domain distribution, then you should consider moving to VMSS Flex architecture to improve the resiliency posture of your SAP deployment. The following blog post in links below outlines the details on the process of migrating existing SAP workloads that are deployed in an availability set or availability zone to a flexible scale set with FD=1 deployment option. + potentialBenefits Enhanced resiliency for SAP on Azure + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: Virtual machine Scale Set SAP Deployment Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide" + - name: Considerations for Flexible VM Scale Sets for SAP + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/virtual-machine-scale-set-sap-deployment-guide?tabs=scaleset-cli#important-consideration-of-flexible-virtual-machine-scale-sets-for-sap-workload" + - name: Migrate existing SAP system VMs to VMSS Flex + url: "https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/how-to-easily-migrate-an-existing-sap-system-vms-to-flexible/ba-p/3833548" + +- description: If using single-instance VMs all OS and data disks must be Premium SSD or Ultra Disk + aprlGuid: b60ae773-9917-4bca-8a42-7cb45365a917 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For single-instance VMs, both OS and data disks must be either Premium SSD or Ultra Disk to achieve the single-instance SLA of 99.9% availability. + potentialBenefits Higher SLA of 99.9% with SSDs + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: VM SLA + url: "https://www.azure.cn/en-us/support/sla/virtual-machines/" + - name: SAP Storage Planning Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/planning-guide-storage" + +- description: Ensure that the data is replicated synchronously (SYNC mode) between the primary and secondary database hosting VM nodes + aprlGuid: 094400a5-f112-408d-a334-afd68873ff0f + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + High availability for databases should be implemented using database native replication technologies and the data should be replicated synchronously that is in SYNC mode from primary database to a stand-by node. + potentialBenefits Ensures high availability for SAP data + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + +- description: Ensure that SAP shared file systems are designed for high availability and when possible using availability zones + aprlGuid: e09ca960-20b7-4831-b85b-83ec84c1390e + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +SAP shared file systems such as /sapmnt, /usr/trans, interfaces should be made highly available. +In case of Azure File Shares, we recommend that you use ZRS (Zone-redundant storage) and for Azure NetApp Files use Zonal replication for your volumes. + potentialBenefits Enhanced data availability for SAP + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + +- description: Test high availability solutions thoroughly to ensure fail overs work as expected + aprlGuid: 5663a808-56be-49ea-8d5c-c5dfc6925f76 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +Test all high availability solutions thoroughly (including kernel panic in Linux VMs and also fail-back). Include zonal failure scenarios in your testing, the testing should confirm that each layer of your SAP solution including database, central services, application servers and shared file systems is configured correctly for zone redundancy, the solution meets RPO = 0 and the application fails over automatically meeting your RTO. +The fail back can be either automatic or manual. + potentialBenefits Ensures SAP Azure's failover reliability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Test Cases + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/sap-hana-high-availability?tabs=lb-portal#test-the-cluster-setup" + +- description: Remove unwanted location constraints from Linux Pacemaker clusters + aprlGuid: 1b8a3051-dfd4-4780-bfb7-446296774029 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +When executing a migrate command in a Linux Pacemaker cluster, the system generates a temporary "prefer" location constraint, aiming to move a resource to a specified node. This constraint prioritizes the target node for the resource temporarily without permanently altering the cluster�s configuration. + +During planned maintenances and fail over testing, you can leverage the migrate command for temporary resource relocation during maintenance or administrative tasks to ensure minimal disruption. This constraint is not permanent and does not survive reboots or cluster resets. It's designed for short-term adjustments. + +Once the planned task necessitating the resource migration is complete, manually remove the temporary constraint to revert to the cluster's original resource management policies. +This approach allows for controlled resource movement within the cluster, facilitating maintenance while preserving the integrity and efficiency of the cluster's configuration. + potentialBenefits Enhanced maintenance and failover handling + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Secure compute resource capacity for critical VM roles in DR region + aprlGuid: 820b4c0c-8a74-442a-8ba7-b0cb840cd983 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +To ensure the availability of compute resources for critical VM roles in a DR region, consider securing capacity either through a warm standby approach or by utilizing Azure's On-demand Capacity Reservation. + +Warm standby involves keeping VMs in the DR region running. On-demand Capacity Reservation, on the other hand, reserves compute capacity without having to run the VMs, allowing you to start them when needed. When DR VMs are not needed, the reserved capacity may safely be used to run other workloads without the risk of losing the capacity to other customers. This strategy guarantees resource availability for your critical workloads in the event of a disaster, balancing cost and readiness. + potentialBenefits Guarantees DR region availability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: Capacity Reservation + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/capacity-reservation-overview" + +- description: Ensure that the production databases are replicated (ASYNC) to DR location using the database vendor's replication technology + aprlGuid: fb8bdcee-d88f-408d-8572-a76a4aaa733b + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Replicate production databases (ASYNC) to the DR location using the database vendor�s replication technology. + potentialBenefits Enhanced DR resilience + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP Disaster Recovery Guide + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" + +- description: SAP components are backed up to DR location using an appropriate backup tool or ASR + aprlGuid: 41f0d88e-7866-4444-aac4-ef5fee3e6874 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + SAP components such as (A)SCS, application servers, WebDispatchers, etc are backed up to DR location using an appropriate backup tool or ASR. + potentialBenefits Ensures SAP data safety & recovery + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Inventory Checks + url: "https://aka.ms/ACESInventoryCheckSAP" + +- description: SAP shared files systems are replicated or backed up to DR location + aprlGuid: ee4dc309-00a1-49fe-92fa-1724baf5f103 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Implementing robust monitoring and alerting for DR in SAP on Azure ensures coverage across its complex, multi-layer architecture. This strategy is crucial for databases, services, applications, and shared systems. + potentialBenefits Enhances SAP DR oversight + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: DR Guidance + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/disaster-recovery-sap-guide?tabs=windows" + +- description: Automate DR infrastructure build or pre-deploy DR resources + aprlGuid: 0fabc52e-cdbb-4acd-8626-c4c637061e2d + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + Automate the build of disaster recovery (DR) infrastructure (or pre-deploy DR resources) and streamline SAP service recovery as much as possible. + potentialBenefits Faster SAP recovery, reduced downtime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Document and test DR procedure ensure it meets RPO and RTO targets + aprlGuid: c300e949-528d-4ac9-889b-cacf8b4a6e90 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +Create detailed documentation of your DR procedures for each layer of the SAP architecture-database, central services, application servers, and shared file systems. This documentation should include configuration details, failover mechanisms, and step-by-step recovery procedures. + +Test a wide range of failure scenarios, including regional outages. Testing should confirm that your DR strategy is robust, meets your RPO and RTO targets, and provides seamless failover across all layers of the SAP architecture. This will ensure a comprehensive and resilient DR strategy capable of withstanding regional failures and ensuring business continuity. + potentialBenefits Ensures robust DR, meets RPO/RTO + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Ensure there is a robust monitoring and alerting solution in place for the entire DR solution + aprlGuid: c27134b7-6917-4852-8276-3dbef5c71578 + recommendationTypeId: null + recommendationControl: Disaster Recovery + recommendationImpact: Medium + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For an SAP solution hosted on Azure it is imperative to implement a robust monitoring and alerting solution that comprehensively covers DR of each layer of the SAP architecture. Given the complexity of SAP systems, which span multiple layers using diverse technologies and Azure resources, each with potentially distinct DR replication mechanisms, an appropriate monitoring strategy is crucial. The different layers include database, central services, application, and shared file systems. + potentialBenefits Improved DR oversight & rapid issue response + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + + +- description: Configure scheduled events notification + aprlGuid: 6b589ce6-c847-4cee-af35-f6e8eb1cf983 + recommendationTypeId: null + recommendationControl: Monitoring and Alerting + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | +Scheduled events is an Azure Metadata Services that provides proactive notifications about upcoming maintenance events (for example, reboot) so that your application can prepare for them and limit disruption. You should configure scheduled events for all your critical Azure VMs. + + +Resource agent azure-events-az can also integrate with Pacemaker clusters. + +To ensure high availability and service continuity in your Azure VMs, you should configure the azure-events-az resource agent within your Pacemaker clusters. This agent monitors for scheduled Azure maintenance events and can proactively relocate resources for a graceful node shutdown. Configure the agent to monitor specific event types such as Reboot and Redeploy, and enable verbose logging for detailed diagnostics. + + + +In addition, it is also important that you define a procedure on how to react to scheduled events. + potentialBenefits Proactive maintenance awareness + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: VM Scheduled Events + url: "https://learn.microsoft.com/en-us/azure/virtual-machines/linux/scheduled-events" + - name: Configure Pacemaker for Azure Scheduled Events + url: "https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#configure-pacemaker-for-azure-scheduled-events" + +- description: ASCS-Pacemaker (Central Server Instance) Ensure Pacemaker cluster has been setup for SAP ASCS high availability + aprlGuid: 9d8f6678-694c-4da4-8384-415201f65194 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the ASCS-Pacemaker (Central Server Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP ASCS high availability. + potentialBenefits Enhances SAP ASCS uptime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: ASCS-Pacemaker - Central Server Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" + +- description: ASCS-LB (Central Server Instance) Ensure the load balancer is configured correctly for SAP ASCS High availability + aprlGuid: 5c2e52d0-25be-4b1c-833c-b98b5ef1a26b + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the ASCS-LB (Central Server Instance), ensure that the load balancer is configured correctly for SAP ASCS high availability. + potentialBenefits Enhanced HA for SAP ASCS + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: ASCS-LB - Central Server Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" + +- description: DBHANA-Pacemaker (Database Instance) Ensure the Pacemaker cluster has been setup for SAP HANA DB high availability + aprlGuid: 6648fe61-880d-4a96-8d2d-190a23d5580b + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the DBHANA-Pacemaker (Database Instance), ensure that the Pacemaker cluster configuration parameters are correctly set up for SAP HANA DB high availability. + potentialBenefits Enhances SAP HANA DB uptime + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: DBHANA-Pacemaker - Database Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" + +- description: DBHANA-LB (Database Instance) Ensure the load balancer is configured correctly for SAP HANA DB High availability + aprlGuid: 2e4c2171-a83f-4238-a8e3-b51c90d86a99 + recommendationTypeId: null + recommendationControl: High Availability + recommendationImpact: High + recommendationResourceType: n/a + recommendationMetadataState: Active + longDescription: | + For the DBHANA-LB (Database Instance), make sure the load balancer is configured correctly for SAP HANA DB high availability. + potentialBenefits Enhanced DB availability + pgVerified: Verified + publishedToLearn: false + publishedToAdvisor: false + automationAvailable: no + tags: null + learnMoreLink: + - name: SAP ACSS Insights + url: "https://learn.microsoft.com/en-us/azure/sap/center-sap-solutions/get-quality-checks-insights" + - name: OpenSource Quality Checks + url: "https://github.com/Azure/SAP-on-Azure-Scripts-and-Utilities/tree/main/QualityCheck" + - name: DBHANA-LB- Database Instance + url: "https://docs.microsoft.com/en-us/azure/advisor/advisor-reference-reliability-recommendations" + diff --git a/azure-waf/define/recommendations.yaml b/azure-waf/define/recommendations.yaml index 734dbc35c..5acd401b2 100644 --- a/azure-waf/define/recommendations.yaml +++ b/azure-waf/define/recommendations.yaml @@ -7,17 +7,17 @@ recommendationMetadataState: Active longDescription: | Ensure the Availability Targets (SLA, SLO, SLI) are well defined, tested, monitored and communicated across teams working on the Workload. A Service Level Agreement (SLA) is an availability target that represents a commitment around performance and availability of the application. Understanding the SLA of individual components within the system is essential to define reliability targets. Knowing the SLA of dependencies will also provide a justification for additional spend when making the dependencies highly available and with proper support contracts. Availability targets for any dependencies leveraged by the application should be understood and ideally align with application targets should also be considered. Understanding your availability expectations is vital to reviewing overall operations for the application. For example, if you are striving to achieve an application Service Level Objective (SLO) of 99.999%, the level of inherent operational action required by the application is going to be far greater than if an SLO of 99.9% was the goal. - potentialBenefits: Enhances reliability & communication + potentialBenefits Enhances reliability & communication pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Use business metrics to design resilient Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/business-metrics#workload-availability-targets - - name: Target functional and nonfunctional requirements - url: https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements + - name: Use business metrics to design resilient Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/business-metrics#workload-availability-targets" + - name: Target functional and nonfunctional requirements + url: "https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements" - description: Ensure the Recovery Targets are well defined and communicated across teams working on the Workload aprlGuid: a43ab756-5b33-2345-8743-3daee911a1ae @@ -28,13 +28,13 @@ recommendationMetadataState: Active longDescription: | Ensure the Recovery Targets are well defined and communicated across teams working on the Workload. Two important metrics to consider are the recovery time objective and recovery point objective, as they pertain to disaster recovery. - Recovery time objective (RTO) is the maximum acceptable time that an application can be unavailable after an incident. If your RTO is 90 minutes, you must be able to restore the application to a running state within 90 minutes from the start of a disaster. If you have a very low RTO, you might keep a second regional deployment continually running an active/passive configuration on standby, to protect against a regional outage. In some cases, you might deploy an active/active configuration to achieve even lower RTO. - Recovery point objective (RPO) is the maximum duration of data loss that is acceptable during a disaster. For example, if you store data in a single database, with no replication to other databases, and perform hourly backups, you could lose up to an hour of data. RTO and RPO are non-functional requirements of a system and should be dictated by business requirements. To derive these values, it's a good idea to conduct a risk assessment, and clearly understanding the cost of downtime or data loss. Monitoring and measuring application availability is vital to qualifying overall application health and progress towards defined targets. Make sure you measure and monitor key targets such as: - Mean Time Between Failures (MTBF) - The average time between failures of a particular component. - Mean Time to Recover (MTTR) - The average time it takes to restore a component after a failure. - potentialBenefits: Improved recovery times & data loss prevention + potentialBenefits Improved recovery times & data loss prevention pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Target functional and nonfunctional requirements - url: https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements + - name: Target functional and nonfunctional requirements + url: "https://learn.microsoft.com/azure/well-architected/resiliency/design-requirements" diff --git a/azure-waf/deploy/recommendations.yaml b/azure-waf/deploy/recommendations.yaml index 3bbc6cca2..ff73dcb31 100644 --- a/azure-waf/deploy/recommendations.yaml +++ b/azure-waf/deploy/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Infrastructure as code (IaC) uses DevOps methodology and versioning with a descriptive model to define and deploy infrastructure, such as networks, virtual machines, load balancers, and connection topologies. Just as the same source code always generates the same binary, an IaC model generates the same environment every time it deploys. IaC is a key DevOps practice and a component of continuous delivery. With IaC, DevOps teams can work together with a unified set of practices and tools to deliver applications and their supporting infrastructure rapidly and reliably at scale. Key Points: - Avoid manual configuration to enforce consistency - Deliver stable test environments rapidly at scale - Use declarative definition files - potentialBenefits: Ensures consistent, scalable deployments + potentialBenefits Ensures consistent, scalable deployments pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Avoid manual configuration to enforce consistency - url: https://learn.microsoft.com/devops/deliver/what-is-infrastructure-as-code#avoid-manual-configuration-to-enforce-consistency + - name: Avoid manual configuration to enforce consistency + url: "https://learn.microsoft.com/devops/deliver/what-is-infrastructure-as-code#avoid-manual-configuration-to-enforce-consistency" - description: Validated all changes in development environments before applying them to production aprlGuid: e42e646c-7d67-dd4b-96dc-16a3439fa030 @@ -26,13 +26,13 @@ recommendationMetadataState: Active longDescription: | Continuously delivering value has become a mandatory requirement for organizations. To deliver value to your end users, you must release continually and without errors. Continuous delivery (CD) is the process of automating build, test, configuration, and deployment from a build to a production environment. A release pipeline can create multiple testing or staging environments to automate infrastructure creation and deploy new builds. Successive environments support progressively longer-running integration, load, and user acceptance testing activities. - potentialBenefits: Ensures error-free releases + potentialBenefits Ensures error-free releases pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Safe deployment practices - url: https://learn.microsoft.com/devops/operate/safe-deployment-practices + - name: Safe deployment practices + url: "https://learn.microsoft.com/devops/operate/safe-deployment-practices" diff --git a/azure-waf/design/recommendations.yaml b/azure-waf/design/recommendations.yaml index 8a9acc2f8..4b2c33597 100644 --- a/azure-waf/design/recommendations.yaml +++ b/azure-waf/design/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Design your application architecture to use availability zones within a region. Availability zones can be used to optimize application availability within a region by providing datacenter-level fault tolerance. However, the application architecture must not share dependencies between zones to use them effectively. Consider if component proximity is required for application performance reasons. If all or part of the application is highly sensitive to latency, components might need to be co-located which can limit the applicability of multi-region and multi-zone strategies. - potentialBenefits: Enhanced app availability & fault tolerance + potentialBenefits Enhanced app availability & fault tolerance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Use Availability Zones - url: https://learn.microsoft.com/azure/reliability/availability-zones-overview#availability-zones + - name: Use Availability Zones + url: "https://learn.microsoft.com/azure/reliability/availability-zones-overview#availability-zones" - description: Consider deploying your application across multiple regions aprlGuid: 8a497b6d-d065-0d43-a7d9-e3f8eebfe0f4 @@ -26,17 +26,17 @@ recommendationMetadataState: Active longDescription: | If your application is deployed to a single region, and the region becomes unavailable, your application will also be unavailable. This might be unacceptable under the terms of your application's SLA. If so, consider deploying your application and its services across multiple regions. A multiregional deployment can use an active-active or active-passive configuration. An active-active configuration distributes requests across multiple active regions. An active-passive configuration keeps warm instances in the secondary region, but doesn't send traffic there unless the primary region fails. - potentialBenefits: Enhances app availability & SLA compliance + potentialBenefits Enhances app availability & SLA compliance pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Design reliable Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/app-design - - name: Cross-region replication in Azure: Business continuity and disaster recovery - url: https://learn.microsoft.com/azure/reliability/cross-region-replication-azure + - name: Design reliable Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/app-design" + - name: Cross-region replication in Azure: Business continuity and disaster recovery + url: "https://learn.microsoft.com/azure/reliability/cross-region-replication-azure" - description: Ensure that all fault-points and fault-modes are understood and operationalized aprlGuid: 99ebe682-6306-6446-bfc7-cf6610ebfa02 @@ -47,15 +47,15 @@ recommendationMetadataState: Active longDescription: | Ensure that all fault-points and fault-modes are understood and operationalized. Failure mode analysis (FMA) is a process for building resiliency into a system, by identifying possible failure points in the system. The FMA should be part of the architecture and design phases, so that you can build failure recovery into the system from the beginning. Identify all fault-points and fault-modes. Fault-points describe the elements within an application architecture which can fail, while fault-modes capture the various ways by which a fault-point may fail. To ensure an application is resilient to end-to-end failures, it is essential that all fault-points and fault-modes are understood and operationalized. - potentialBenefits: Enhanced system resiliency + potentialBenefits Enhanced system resiliency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Failure mode analysis for Azure applications - url: https://learn.microsoft.com/azure/architecture/resiliency/failure-mode-analysis + - name: Failure mode analysis for Azure applications + url: "https://learn.microsoft.com/azure/architecture/resiliency/failure-mode-analysis" - description: Use PaaS Azure services instead of IaaS aprlGuid: 097651d8-6e62-314a-9299-a0234ffd190e @@ -66,15 +66,15 @@ recommendationMetadataState: Active longDescription: | PaaS provides a framework for developing and running apps. As with IaaS, the PaaS provider hosts and maintains the platform's servers, networks, storage, and other computing resources. But PaaS also includes tools, services, and systems that support the web application lifecycle. Developers use the platform to build apps without having to manage backups, security solutions, upgrades, and other administrative tasks. - potentialBenefits: Saves time, enhances security, simplifies app lifecycle + potentialBenefits Saves time, enhances security, simplifies app lifecycle pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Use platform as a service (PaaS) options - url: https://learn.microsoft.com/azure/architecture/guide/design-principles/managed-services + - name: Use platform as a service (PaaS) options + url: "https://learn.microsoft.com/azure/architecture/guide/design-principles/managed-services" - description: Design the application to scale out aprlGuid: 7f4c76d7-f9d4-d643-ab73-4d8f27fd7ed9 @@ -85,15 +85,15 @@ recommendationMetadataState: Active longDescription: | Azure provides elastic scalability and you should design to scale out. However, applications must leverage a scale-unit approach to navigate service and subscription limits to ensure that individual components and the application as a whole can scale horizontally. Don't forget about scale in, which is important to reduce cost. For example, scale in and out for App Service is done via rules. Often customers write scale out rules and never write scale in rules, which leaves the App Service more expensive. - potentialBenefits: Enhances scalability & cost efficiency + potentialBenefits Enhances scalability & cost efficiency pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Design to scale out - url: https://learn.microsoft.com/azure/architecture/guide/design-principles/scale-out + - name: Design to scale out + url: "https://learn.microsoft.com/azure/architecture/guide/design-principles/scale-out" - description: Create a landing zone for the workload following the Microsoft Cloud Adoption Framework aprlGuid: 6132a11a-3ea0-e64c-877b-f01ca1de79d4 @@ -104,15 +104,15 @@ recommendationMetadataState: Active longDescription: | From a workload perspective, a landing zone refers to a prepared platform into which the application gets deployed. A landing zone implementation can have compute, data sources, access controls, and networking components already provisioned. With the required plumbing ready in place; the workload needs to plug into it. When considering the overall security, a landing zone offers centralized security capabilities that adds a threat mitigation layer for the workload. Implementations can vary but here are some common strategies that enhance the security posture. - Isolation through segmentation. You can isolate assets at several layers from Azure enrollment down to a subscription that has the resources for the workload. - Consistent adoption of organizational policies, enforce creation and deletion of services and their configuration through Azure Policy. - Configurations that align with principles of Zero Trust . For instance an implementation might have network connectivity to on-premises data centers. - potentialBenefits: Enhances security & speeds deployment + potentialBenefits Enhances security & speeds deployment pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Azure landing zone integration - url: https://learn.microsoft.com/azure/well-architected/security/design-governance-landing-zone + - name: Azure landing zone integration + url: "https://learn.microsoft.com/azure/well-architected/security/design-governance-landing-zone" - description: Design a BCDR strategy that will help to meet the business requirements aprlGuid: b09061cb-d536-1347-9957-390c2d0cfa3d @@ -123,15 +123,15 @@ recommendationMetadataState: Active longDescription: | Disaster recovery is the process of restoring application functionality after a catastrophic loss. In cloud environments, we acknowledge up front that failures happen. Instead of trying to prevent failures altogether, the goal is to minimize the effects of a single failing component. Testing is one way to minimize these effects. You should automate testing of your applications where possible, but you also need to be prepared for when they fail. When a failure happens, having backup and recovery strategies becomes important. Your tolerance for reduced functionality during a disaster is a business decision that varies from one application to the next. It might be acceptable for some applications to be temporarily unavailable, or partially available with reduced functionality or delayed processing. For other applications, any reduced functionality is unacceptable. Key points: - Create and test a disaster recovery plan regularly using key failure scenarios. - Design a disaster recovery strategy to run most applications with reduced functionality. - Design a backup strategy that's tailored for the business requirements and circumstances of the application. - Automate failover and failback steps and processes. - Test and validate the failover and failback approach successfully at least once. - potentialBenefits: Minimizes disaster impact, ensures operational continuity + potentialBenefits Minimizes disaster impact, ensures operational continuity pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Backup and disaster recovery for Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery + - name: Backup and disaster recovery for Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery" - description: Provide security assurance through identity management aprlGuid: 835e616d-78e6-7f4c-a48b-6f80382a48cf @@ -142,15 +142,15 @@ recommendationMetadataState: Active longDescription: | Provide security assurance through identity management: the process of authenticating and authorizing security principals. Use identity management services to authenticate and grant permission to users, partners, customers, applications, services, and other entities. Identity management is typically a centralized function not controlled by the workload team as a part of the workload's architecture. - Define clear lines of responsibility and separation of duties for each function. Restrict access based on a need-to-know basis and least privilege security principles. - Assign permissions to users, groups, and applications at a certain scope through Azure RBAC. Use built-in roles when possible. - Prevent deletion or modification of a resource, resource group, or subscription through management locks. - Use managed identities to access resources in Azure. - potentialBenefits: Enhanced access control & security + potentialBenefits Enhanced access control & security pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Azure identity and access management considerations - url: https://learn.microsoft.com/azure/well-architected/security/design-identity + - name: Azure identity and access management considerations + url: "https://learn.microsoft.com/azure/well-architected/security/design-identity" - description: Addressing security risks minimizes downtime and data loss from exposures aprlGuid: c5d8f87e-45ef-1644-a4aa-95ec08b88109 @@ -161,13 +161,13 @@ recommendationMetadataState: Active longDescription: | Security is one of the most important aspects of any architecture. It provides the following assurances against deliberate attacks and abuse of your valuable data and systems: Confidentiality ,Integrity, and Availability. The security of complex systems depends on understanding the business context, social context, and technical context. As you design your system, cover these areas: - Ensure that the identity provider (AAD/ADFS/AD/Other) is highly available and aligns with application availability and recovery targets. - All external application endpoints are secured. - Communication to Azure PaaS services secured using Virtual Network Service Endpoints or Private Link. - Keys and secrets are backed-up to geo-redundant storage, and are still available in a failover case. - Ensure that the process for key rotation is automated and tested. - Emergency access break glass accounts have been tested and secured for recovering from Identity provider failure scenarios. - potentialBenefits: Minimizes downtime & data loss + potentialBenefits Minimizes downtime & data loss pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Security design principles - url: https://learn.microsoft.com/azure/well-architected/security/security-principles + - name: Security design principles + url: "https://learn.microsoft.com/azure/well-architected/security/security-principles" diff --git a/azure-waf/monitor/recommendations.yaml b/azure-waf/monitor/recommendations.yaml index a6f3e4921..d155be79e 100644 --- a/azure-waf/monitor/recommendations.yaml +++ b/azure-waf/monitor/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Monitoring and diagnostics are crucial for availability and resiliency. If something fails, you need to know that it failed, when it failed, and why. Monitoring isn't the same as failure detection. For example, your application might detect a transient error and retry, avoiding downtime. It should also log the retry operation so that you can monitor the error rate to get an overall picture of application health. Key points: - Define alerts that are actionable and effectively prioritized. - Create alerts that poll for services nearing their limits and quotas. - Use application instrumentation to detect and resolve performance anomalies. - Track the progress of long-running processes. - Troubleshoot issues to gain an overall view of application health. - Document how to analyze, diagnose, and respond to signals being monitored - potentialBenefits: Enhanced availability and issue tracking + potentialBenefits Enhanced availability and issue tracking pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Monitoring application health for reliability - url: https://learn.microsoft.com/azure/well-architected/resiliency/monitoring + - name: Monitoring application health for reliability + url: "https://learn.microsoft.com/azure/well-architected/resiliency/monitoring" - description: Define a health model based on performance, availability, and recovery targets aprlGuid: 5dd7a9a3-fb79-004d-bc89-c9ef79890900 @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | The health model should be able to surface the health of critical system flows or key subsystems to ensure that appropriate operational prioritization is applied. For example, the health model should be able to represent the current state of the user sign-in transaction flow. The health model shouldn't treat all failures the same. The health model should distinguish between transient and non transient faults. It should clearly distinguish between expected-transient but recoverable failures and a true disaster state. Key points: - Know how to tell if an application is healthy or unhealthy. - Understand the effects of logs in diagnostic data. - Ensure the consistent use of diagnostic settings across the application. - Use critical system flows in your health model. - potentialBenefits: Enhanced system health insights + potentialBenefits Enhanced system health insights pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Health modeling for reliability - url: https://learn.microsoft.com/azure/well-architected/resiliency/monitor-model + - name: Health modeling for reliability + url: "https://learn.microsoft.com/azure/well-architected/resiliency/monitor-model" - description: Create Dashboards and Alerts for Azure Platform resources aprlGuid: 1691bfea-c9fd-0948-969a-03e5abcab299 @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | In this stage, telemetry data is presented so that an operator can quickly notice problems or trends. Examples include Workbook, Dashboards or email alerts. With Azure Workbooks and/or dashboards, you can build a single pane of glass view of monitoring graphs originating from Application Insights, Log Analytics, Azure Monitor metrics and service health. With Azure Monitor alerts, you can create alerts on service health and resource health. - potentialBenefits: Quick issue detection & response + potentialBenefits Quick issue detection & response pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Azure Workbooks templates - url: https://learn.microsoft.com/azure/azure-monitor/visualize/workbooks-templates + - name: Azure Workbooks templates + url: "https://learn.microsoft.com/azure/azure-monitor/visualize/workbooks-templates" - description: Ensure that the right people in your organization will be notified about any future service issues aprlGuid: 1422b388-5d23-5641-ba1c-139a59fb7b4c @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Azure offers a suite of experiences to keep you informed about the health of your cloud resources. The Service Health portal tracks four types of health events that may impact your resources: - Service issues - Problems in the Azure services that affect you right now (Outages) - Planned maintenance - Upcoming maintenance that can affect the availability of your services in the future. - Health advisories - Changes in Azure services that require your attention. Examples include deprecation of Azure features or upgrade requirements (e.g upgrade to a supported PHP framework). - Security advisories - Security related notifications or violations that may affect the availability of your Azure services. - potentialBenefits: Quick issue alerts to key personnel + potentialBenefits Quick issue alerts to key personnel pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Create a Service Health alert using the Azure portal - url: https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal#create-a-service-health-alert-using-the-azure-portal + - name: Create a Service Health alert using the Azure portal + url: "https://learn.microsoft.com/azure/service-health/alerts-activity-log-service-notifications-portal#create-a-service-health-alert-using-the-azure-portal" - description: Utilize built-in Resilience policies aprlGuid: 2af4f8c2-bafc-4808-88df-0af009a019b5 @@ -83,15 +83,15 @@ recommendationMetadataState: Active longDescription: | Utilize Azure's built-in Resilience policies to audit and enforce resilient configurations of Azure services. Azure Policy helps to enforce organizational standards and to assess compliance at-scale. - potentialBenefits: Ensures compliance & upscale resilience + potentialBenefits Ensures compliance & upscale resilience pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Built-in Resilience policy definitions - url: https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Resilience - - name: Get policy compliance data - url: https://learn.microsoft.com/azure/governance/policy/how-to/get-compliance-data + - name: Built-in Resilience policy definitions + url: "https://github.com/Azure/azure-policy/tree/master/built-in-policies/policyDefinitions/Resilience" + - name: Get policy compliance data + url: "https://learn.microsoft.com/azure/governance/policy/how-to/get-compliance-data" diff --git a/azure-waf/respond/recommendations.yaml b/azure-waf/respond/recommendations.yaml index 01e685f8a..eb7ab07a9 100644 --- a/azure-waf/respond/recommendations.yaml +++ b/azure-waf/respond/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Prevention of all problems is a laudable, but impossible goal. Things will go wrong, so we need a plan to limit the impact on our end users and return operations to normal as quickly as possible. The key is to respond with urgency, rather than react. A reaction tends to be more impulsive and based in the present moment, without consideration of long-term effects. A response is well-thought-out, organized, and information based. Your incident response approach determines your effectiveness at: Understanding what�s going on (diagnosing the problem) Triaging (determining the urgency) and prioritizing the problem Engaging the right resources to mitigate the issue(s), and Communicating with stakeholders about the problem After the problem has been remediated, you can then learn from the incident through a post-incident review process. That's an important subject which has a whole separate module worth of discussion. - potentialBenefits: Quicker recovery, less impact + potentialBenefits Quicker recovery, less impact pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Importance of incident response - url: https://learn.microsoft.com/training/modules/improve-reliability-incidents/2-importance - - name: Incident tracking - url: https://learn.microsoft.com/training/modules/improve-reliability-incidents/5-tracking + - name: Importance of incident response + url: "https://learn.microsoft.com/training/modules/improve-reliability-incidents/2-importance" + - name: Incident tracking + url: "https://learn.microsoft.com/training/modules/improve-reliability-incidents/5-tracking" diff --git a/azure-waf/test/recommendations.yaml b/azure-waf/test/recommendations.yaml index ae2ea91d4..05fc5d0cf 100644 --- a/azure-waf/test/recommendations.yaml +++ b/azure-waf/test/recommendations.yaml @@ -7,15 +7,15 @@ recommendationMetadataState: Active longDescription: | Applications should be tested to ensure availability and resiliency. Availability describes the amount of time that an application runs in a healthy state without significant downtime. Resiliency describes how quickly an application recovers from failure. Being able to measure availability and resiliency can answer questions like: How much downtime is acceptable? How much does potential downtime cost your business? What are your availability requirements? How much do you invest in making your application highly available? What is the risk versus the cost? Testing plays a critical role in making sure your applications can meet these requirements. Key points: - Test regularly to validate existing thresholds, targets, and assumptions. - Automate testing as much as possible. - Perform testing on both key Test environments and the production environment. - Verify how the end-to-end workload performs under intermittent failure conditions. - Test the application against critical functional and nonfunctional requirements for performance. - Conduct load testing with expected peak volumes to Test scalability and performance under load. - Perform chaos testing by injecting faults. - potentialBenefits: Improves uptime & speeds recovery + potentialBenefits Improves uptime & speeds recovery pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Testing applications for availability and resiliency - url: https://learn.microsoft.com/azure/well-architected/resiliency/testing + - name: Testing applications for availability and resiliency + url: "https://learn.microsoft.com/azure/well-architected/resiliency/testing" - description: Consider building logic into your workload to handle errors aprlGuid: 155dda00-c264-1b45-8ac0-d6f68178844f @@ -26,15 +26,15 @@ recommendationMetadataState: Active longDescription: | In a distributed system, ensuring that your application can recover from errors is critical. You can test your applications to prevent errors and failure, but you need to prepare for a wide range of issues. Testing doesn't always catch everything, so you should understand how to handle errors and prevent potential failure. Many things in a distributed system, such as underlying cloud infrastructure and third-party runtime dependencies, are outside your span of control and your means to test. You can be sure something will fail eventually, so you need to be prepared. Key points: - Implement retry logic to handle transient application failures and transient failures with internal or external dependencies. - Uncover issues or failures in your application's retry logic. - Configure request timeouts to manage intercomponent calls. - Configure and test health probes for your load balancers and traffic managers. - Segregate read operations from update operations across application data stores. - potentialBenefits: Enhances recovery & error management + potentialBenefits Enhances recovery & error management pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Error handling for resilient applications in Azure - url: https://learn.microsoft.com/azure/well-architected/resiliency/app-design-error-handling + - name: Error handling for resilient applications in Azure + url: "https://learn.microsoft.com/azure/well-architected/resiliency/app-design-error-handling" - description: Perform disaster recovery tests regularly aprlGuid: 1b612a06-28dc-e64e-9057-17467e57764a @@ -45,15 +45,15 @@ recommendationMetadataState: Active longDescription: | Disaster recovery is the process of restoring application functionality after a catastrophic loss. In cloud environments, we acknowledge up front that failures happen. Instead of trying to prevent failures altogether, the goal is to minimize the effects of a single failing component. Testing is one way to minimize these effects. You should automate testing of your applications where possible, but you also need to be prepared for when they fail. When a failure happens, having backup and recovery strategies becomes important. Your tolerance for reduced functionality during a disaster is a business decision that varies from one application to the next. It might be acceptable for some applications to be temporarily unavailable, or partially available with reduced functionality or delayed processing. For other applications, any reduced functionality is unacceptable. Key points - Create and test a disaster recovery plan regularly using key failure scenarios. - Design a disaster recovery strategy to run most applications with reduced functionality. - Design a backup strategy that's tailored for the business requirements and circumstances of the application. - Automate failover and failback steps and processes. - Test and validate the failover and failback approach successfully at least once. - potentialBenefits: Enhances recovery speed and reliability + potentialBenefits Enhances recovery speed and reliability pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Backup and disaster recovery for Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery + - name: Backup and disaster recovery for Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/backup-and-recovery" - description: Use chaos engineering to test Azure applications aprlGuid: e10f11a5-9c5b-6c4c-a684-4d9f4063127a @@ -64,15 +64,15 @@ recommendationMetadataState: Active longDescription: | Ideally, you should apply chaos principles continuously. There's constant change in the environments in which software and hardware run, so monitoring the changes is key. By constantly applying stress or faults on components, you can help expose issues early, before small problems are compounded by many other factors. Apply chaos engineering principles when you: - Deploy new code. - Add dependencies. - Observe changes in usage patterns. - Mitigate problems. - potentialBenefits: Early issue detection, prevents compounding + potentialBenefits Early issue detection, prevents compounding pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Use chaos engineering to test Azure applications - url: https://learn.microsoft.com/azure/well-architected/resiliency/chaos-engineering + - name: Use chaos engineering to test Azure applications + url: "https://learn.microsoft.com/azure/well-architected/resiliency/chaos-engineering" - description: Test application fault resiliency aprlGuid: c8ba80d4-20d9-456f-a2bd-8e6d488d8ff9 @@ -83,13 +83,13 @@ recommendationMetadataState: Active longDescription: | High availability is a fundamental part of the SQL Database platform that works transparently for your database application. However, we recognize that you may want to test how the automatic failover operations initiated during planned or unplanned events would impact an application before you deploy it to production. You can manually trigger a failover by calling a special API to restart a database, or an elastic pool. In the case of a zone-redundant serverless or provisioned General Purpose database or elastic pool, the API call would result in redirecting client connections to the new primary in an Availability Zone different from the Availability Zone of the old primary. So in addition to testing how failover impacts existing database sessions, you can also verify if it changes the end-to-end performance due to changes in network latency. Because the restart operation is intrusive and a large number of them could stress the platform, only one failover call is allowed every 15 minutes for each database or elastic pool. - potentialBenefits: Enhances fault resilience testing + potentialBenefits Enhances fault resilience testing pgVerified: Verified publishedToLearn: false publishedToAdvisor: false automationAvailable: No tags: null learnMoreLink: - - name: Test application fault resiliency - url: https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla?view=azuresql&tabs=azure-powershell#testing-application-fault-resiliency + - name: Test application fault resiliency + url: "https://learn.microsoft.com/en-us/azure/azure-sql/database/high-availability-sla?view=azuresql&tabs=azure-powershell#testing-application-fault-resiliency"