// Example parameter file for avd-firewall.bicep. // // Copy this file, rename it (e.g., tenant.bicepparam), and replace the // contoso placeholders with your tenant's actual SharePoint / OneDrive // hostnames. Deploy with: // // az deployment group create \ // --resource-group rg-avd-prod-usgovva \ // --template-file avd-firewall.bicep \ // --parameters tenant.bicepparam // // The base avd-firewall.bicep is unchanged between deployments; tenant- // specific endpoints live only in this parameter file. Adding endpoints // later is an edit to this file, not to the template. using './avd-firewall.bicep' // Override the base defaults only if your environment differs. // param location = 'usgovvirginia' // param firewallPolicyName = 'fwp-avd-prod-usgovva' // avdSubnetAddressSpace is an ARRAY of session-host subnet CIDR blocks. // Every entry is added to sourceAddresses on every Allow rule. // // SINGLE-POOL deployment — the default works: // (no override needed; template default is ['10.0.0.0/24']) // // MULTI-POOL deployment — list every session-host subnet explicitly. // Failing to add a new pool's subnet here means every HTTPS request from // that pool falls through to the deny-all-log collection. The runbook's // Multi-Pool Variant covers the subnet allocation pattern; copy the same // list here. Example for a 1 + 2 large + 4 small pool deployment: // // param avdSubnetAddressSpace = [ // '10.0.0.0/24' // pool 1 (existing default subnet) // '10.0.2.0/26' // large pool A // '10.0.2.64/26' // large pool B // '10.0.2.128/27' // pool 3 // '10.0.2.160/27' // pool 4 // '10.0.2.192/27' // pool 5 // '10.0.2.224/27' // pool 6 // ] // Tenant-specific FQDNs. Replace the contoso entries with your tenant. // Typical SharePoint Online entries in GCC High: // .sharepoint.us — root SharePoint site collection host // -my.sharepoint.us — OneDrive host // -files.sharepoint.us — Files endpoint used by the sync client // -myfiles.sharepoint.us param clientTenantFqdns = [ 'contoso.sharepoint.us' 'contoso-my.sharepoint.us' 'contoso-files.sharepoint.us' 'contoso-myfiles.sharepoint.us' ]