Service Catalog

gen-azure-virtual-desktop-sharedservices

Latest: v3.0.1
Category
Workplace
Total Versions
24
Last Updated
3/18/2026

Release History

v3.0.1 Latest

Changes:

  • Added the ACT - Nightly build trigger as a pipeline resource trigger. Pipeline will then only run the test stage every night. Removed src trigger
  • Merged PR 17450: Update pr template and add nightly build trigger
  • MDE Deny policy deployment is made optional
  • If set to 'false', the policy is expected to be deployed outside the module.
  • AVD Session host policy set is made optional
  • If set to 'false', the policy set is expected to be deployed outside the module.
  • Add role assignment for bastion reader group (optional function)
  • Fixed ip handling for keyvault
  • Updated documentation
  • Changed storage role smb e​levated contributor​ to smb admin​
  • Added support for iprules on keyvault, to allow build agents to retrieve credentials
  • Add policy to block the MDE extension installation on the imagebuilding resource group.Required to have a clean masterimage vm without the Defender extension, on the sessionshost vms this extension will be deployed automatically. Add NTLMv2 to the default smb security settings, required for imagebuilder access to application sources.
  • Change for the capacitity warning and critical alerts, the existenceCondition value to match the policy name.
  • Added resources required for AVD monitoring:
  • Automation Account**: Automated monitoring and data collection for AVD host pools
  • This update changes some basic functionality, so be sure the provided variables are correct.
  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v3.0.0 Breaking

Changes:

  • MDE Deny policy deployment is made optional
  • If set to 'false', the policy is expected to be deployed outside the module.
  • AVD Session host policy set is made optional
  • If set to 'false', the policy set is expected to be deployed outside the module.
  • Merged PR 17446: AVD_sharedservices_make_policies_optional
  • Add role assignment for bastion reader group (optional function)
  • Fixed ip handling for keyvault
  • Updated documentation
  • Changed storage role smb e​levated contributor​ to smb admin​
  • Added support for iprules on keyvault, to allow build agents to retrieve credentials
  • Add policy to block the MDE extension installation on the imagebuilding resource group.Required to have a clean masterimage vm without the Defender extension, on the sessionshost vms this extension will be deployed automatically. Add NTLMv2 to the default smb security settings, required for imagebuilder access to application sources.
  • Change for the capacitity warning and critical alerts, the existenceCondition value to match the policy name.
  • Added resources required for AVD monitoring:
  • Automation Account**: Automated monitoring and data collection for AVD host pools
  • This update changes some basic functionality, so be sure the provided variables are correct.
  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v2.4.0

Changes:

  • Add role assignment for bastion reader group (optional function)
  • Merged PR 17336: Fix missing newline at end of bastion.tf file
  • Fixed ip handling for keyvault
  • Updated documentation
  • Changed storage role smb e​levated contributor​ to smb admin​
  • Added support for iprules on keyvault, to allow build agents to retrieve credentials
  • Add policy to block the MDE extension installation on the imagebuilding resource group.Required to have a clean masterimage vm without the Defender extension, on the sessionshost vms this extension will be deployed automatically. Add NTLMv2 to the default smb security settings, required for imagebuilder access to application sources.
  • Change for the capacitity warning and critical alerts, the existenceCondition value to match the policy name.
  • Added resources required for AVD monitoring:
  • Automation Account**: Automated monitoring and data collection for AVD host pools
  • This update changes some basic functionality, so be sure the provided variables are correct.
  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v2.3.1

Changes:

  • Fixed ip handling for keyvault
  • Merged PR 17148: Fix typo in Key Vault module: change 'iprules' to 'ip_rules'
  • Updated documentation
  • Changed storage role smb e​levated contributor​ to smb admin​
  • Added support for iprules on keyvault, to allow build agents to retrieve credentials
  • Add policy to block the MDE extension installation on the imagebuilding resource group.Required to have a clean masterimage vm without the Defender extension, on the sessionshost vms this extension will be deployed automatically. Add NTLMv2 to the default smb security settings, required for imagebuilder access to application sources.
  • Change for the capacitity warning and critical alerts, the existenceCondition value to match the policy name.
  • Added resources required for AVD monitoring:
  • Automation Account**: Automated monitoring and data collection for AVD host pools
  • This update changes some basic functionality, so be sure the provided variables are correct.
  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v2.3.0

Changes:

  • Updated documentation
  • Changed storage role smb e​levated contributor​ to smb admin​
  • Added support for iprules on keyvault, to allow build agents to retrieve credentials
  • Merged PR 17052: Enhance Key Vault and Storage Account configurations with new settings and ro...
  • Add policy to block the MDE extension installation on the imagebuilding resource group.Required to have a clean masterimage vm without the Defender extension, on the sessionshost vms this extension will be deployed automatically. Add NTLMv2 to the default smb security settings, required for imagebuilder access to application sources.
  • Change for the capacitity warning and critical alerts, the existenceCondition value to match the policy name.
  • Added resources required for AVD monitoring:
  • Automation Account**: Automated monitoring and data collection for AVD host pools
  • This update changes some basic functionality, so be sure the provided variables are correct.
  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v2.2.0

Changes:

  • Add policy to block the MDE extension installation on the imagebuilding resource group.Required to have a clean masterimage vm without the Defender extension, on the sessionshost vms this extension will be deployed automatically. Add NTLMv2 to the default smb security settings, required for imagebuilder access to application sources.
  • Merged PR 17010: Add deny MDE policy
  • Change for the capacitity warning and critical alerts, the existenceCondition value to match the policy name.
  • Added resources required for AVD monitoring:
  • Automation Account**: Automated monitoring and data collection for AVD host pools
  • This update changes some basic functionality, so be sure the provided variables are correct.
  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v2.1.1

Changes:

  • Change policy initative name and description to make thing more clear in the portal.
  • Merged PR 16881: Update monitoring AVD
  • Added resources required for AVD monitoring:
  • Automation Account**: Automated monitoring and data collection for AVD host pools
  • This update changes some basic functionality, so be sure the provided variables are correct.
  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v2.1.0

Changes:

  • Added resources required for AVD monitoring:
  • Automation Account**: Automated monitoring and data collection for AVD host pools
  • Merged PR 16839: Add automation account for monitoring
  • This update changes some basic functionality, so be sure the provided variables are correct.
  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v2.0.0 Breaking

Changes:

  • This update changes some basic functionality, so be sure the provided variables are correct.
  • Merged PR 16460: Update module version (gen-storage-account)
  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.5.0

Changes:

  • Added default nsg rules. Make it easier to configure nsg rules. Added default rule to allow 445 between provisioning subnet and storage subnet.
  • Merged PR 16440: Refactor network security group rules to use 'security_rules' variable and ad...
  • Fix variable types. Array needs to be delimited string
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.4.2

Changes:

  • Fix variable types. Array needs to be delimited string
  • Merged PR 15999: Fix fileshare creation
  • Add fileshare for application data, which can be referenced by installation scripts
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.4.1

Changes:

  • Add fileshare for application data, which can be referenced by installation scripts
  • Merged PR 15942: add dependson
  • Add dependson to make sure the storage account exists before getting the id of the management identity
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.4.0

Changes:

  • Add fileshare for application data, which can be referenced by installation scripts
  • Merged PR 15937: replace blob by fileshare
  • Remove emptylines of code
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.3.2

Changes:

  • Remove emptylines of code
  • Merged PR 15891: Remove unnecessary blank lines in computegallery.tf
  • Add IPM Publish to the build pipeline.
  • Update NSG module to latest version. Make NSG code easier.
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.3.1

Changes:

  • Update NSG module to latest version. Make NSG code easier.
  • Merged PR 15821: Update NSG module source to v3.0.2 and remove unused NSG rules configuration
  • An extra subnet is created for VM Provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.3.0

Changes:

  • An extra subnet is created for VM Provisioning
  • Merged PR 15814: Add subnet for vm provisioning
  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.2.4

Changes:

  • Remove propertiesbypass andvirtual_network_subnet_ids from application storage account.
  • Merged PR 15804: Remove bypass and virtual network subnet IDs from application data storage ac...
  • Add keyvault for image deployment to sharedservices environment
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.2.3

Changes:

  • Add keyvault for image deployment to sharedservices environment
  • Merged PR 15784: add dependson
  • Add api key variable to calculate ip-space.
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.

v1.2.2

Changes:

  • Add api key variable to calculate ip-space.
  • Merged PR 15780: Add apim_subscription_key variable to environment metadata
  • Dependson Resource Group to keyvault deployment.
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.
  • Add keyvault for image deployment to sharedservices environment

v1.2.1

Changes:

  • Dependson Resource Group to keyvault deployment.
  • Merged PR 15768: Add dependency on image builder resource for Key Vault module
  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.
  • Add keyvault for image deployment to sharedservices environment

v1.2.0

Changes:

  • IP-calculation function to automatically calculate the IP-space based on a subnetmask.
  • Merged PR 15765: Add IP-Space calculation features
  • Add keyvault for image deployment to sharedservices environment

v1.1.0

Changes:

  • Add keyvault for image deployment to sharedservices environment
  • Merged PR 15762: Add a keyvault for image creation

v1.0.1

Changes:

  • Exception for trivy scan:AVD-AZU-0010Allow Microsoft Service Bypass.This is a configurable option, to avoid false positive warnings when public access is disabled we need this exception.
  • Merged PR 15726: Update storage account module
  • First release for the AVD sharedservices module. Azure Compute Gallery**: Centralized image management for AVD session host images Application Storage Account**: Blob storage for application sources and data with private endpoint connectivity Log Analytics Workspace**: Centralized monitoring and diagnostics for AVD environments Data Collection Rule (DCR)**: Performance counters and event log collection for session hosts User Assigned Managed Identity**: Identity for session host monitoring and data collection Network Infrastructure**: Dedicated subnets with NSG and route table RBAC Configuration**: Azure AD security group with Storage Blob Data Contributor role assignment

v1.0.0

Changes:

  • First release for the AVD sharedservices module. Azure Compute Gallery**: Centralized image management for AVD session host images Application Storage Account**: Blob storage for application sources and data with private endpoint connectivity Log Analytics Workspace**: Centralized monitoring and diagnostics for AVD environments Data Collection Rule (DCR)**: Performance counters and event log collection for session hosts User Assigned Managed Identity**: Identity for session host monitoring and data collection Network Infrastructure**: Dedicated subnets with NSG and route table RBAC Configuration**: Azure AD security group with Storage Blob Data Contributor role assignment
  • Merged PR 15618: First release
Back to Modules