Policy Refresh H2 FY25

[Springstone]

Overview/Summary

This pull request includes several updates across documentation and configuration files, primarily focusing on policy enhancements, bug fixes, and improvements to the Azure Landing Zones (ALZ) portal accelerator. The key changes include fixing typographical errors, adding new policies and initiatives, updating existing policies for better functionality, and simplifying portal configurations.

Documentation Updates:

• Fixed typos in policy descriptions in policies.json to correct "reccomended" to "recommended" and "vunerabilities" to "vulnerabilities." [1] [2]
• Updated ALZ-Policies.md to reflect the addition of a new policy definition set: Configure prerequisites to enable Guest Attestation on Trusted Launch enabled VMs. This policy enhances VM security through Trusted Launch features. [1] [2]
• Added a new section in Whats-new.md for "Policy Refresh H2 FY25," detailing breaking changes, updates to existing policies, and the introduction of new initiatives like Guest Attestation and Defender for AI workloads.

Policy and Initiative Enhancements:

• Introduced a new initiative for enabling Guest Attestation on Trusted Launch enabled VMs, assigned by default at the Platform and Landing Zones management group scope. [1] [2]
• Updated existing policies such as Deploy-Windows-DomainJoin and Deploy-MDFC-Config_20240319 to support newer features and improve functionality.

ALZ Portal Accelerator Improvements:

• Simplified the eslz-portal.json configuration by removing sovereign cloud options and defaulting to Azure Public Cloud. This ensures better alignment with supported environments. [1] [2]
• Added a new option to enable Guest Attestation on Trusted Launch enabled VMs directly from the portal accelerator.
• Adjusted visibility conditions for Microsoft Defender for Cloud options to streamline the user experience. [1] [2] [3]