Update ALZ Repo (Terraform) with Entra product names (#805)

Co-authored-by: Luis Chaves <luchaves@microsoft.com>
Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>

README.md

@@ -238,10 +238,10 @@ The following input variables are optional (have default values):
 
 ### <a name="input_archetype_config_overrides"></a> [archetype\_config\_overrides](#input\_archetype\_config\_overrides)
 
-Description: If specified, will set custom Archetype configurations for the core ALZ Management Groups.  
-Does not work for management groups specified by the 'custom\_landing\_zones' input variable.  
-To override the default configuration settings for any of the core Management Groups, add an entry to the archetype\_config\_overrides variable for each Management Group you want to customize.  
-To create a valid archetype\_config\_overrides entry, you must provide the required values in the archetype\_config\_overrides object for the Management Group you wish to re-configure.  
+Description: If specified, will set custom Archetype configurations for the core ALZ Management Groups.
+Does not work for management groups specified by the 'custom\_landing\_zones' input variable.
+To override the default configuration settings for any of the core Management Groups, add an entry to the archetype\_config\_overrides variable for each Management Group you want to customize.
+To create a valid archetype\_config\_overrides entry, you must provide the required values in the archetype\_config\_overrides object for the Management Group you wish to re-configure.
 To do this, simply create an entry similar to the root example below for one or more of the supported core Management Group IDs:
 
 - root
@@ -293,8 +293,8 @@ e.g.
       }
       access_control = {
         Example-Role-Definition = [
-          "00000000-0000-0000-0000-000000000000", # Object ID of user/group/spn/mi from Azure AD
-          "11111111-1111-1111-1111-111111111111", # Object ID of user/group/spn/mi from Azure AD
+          "00000000-0000-0000-0000-000000000000", # Object ID of user/group/spn/mi from Microsoft Entra ID
+          "11111111-1111-1111-1111-111111111111", # Object ID of user/group/spn/mi from Microsoft Entra ID
         ]
       }
     }
@@ -682,7 +682,7 @@ Default: `{}`
 
 ### <a name="input_custom_landing_zones"></a> [custom\_landing\_zones](#input\_custom\_landing\_zones)
 
-Description: If specified, will deploy additional Management Groups alongside Enterprise-scale core Management Groups.  
+Description: If specified, will deploy additional Management Groups alongside Enterprise-scale core Management Groups.
 Although the object type for this input variable is set to `any`, the expected object is based on the following structure:
 
 ```terraform
@@ -701,13 +701,13 @@ variable "custom_landing_zones" {
   )
 ```
 
-The decision not to hard code the structure in the input variable `type` is by design, as it allows Terraform to handle the input as a dynamic object type.  
-This was necessary to allow the `parameters` value to be correctly interpreted.  
+The decision not to hard code the structure in the input variable `type` is by design, as it allows Terraform to handle the input as a dynamic object type.
+This was necessary to allow the `parameters` value to be correctly interpreted.
 Without this, Terraform would throw an error if each parameter value wasn't a consistent type, as it would incorrectly identify the input as a `tuple` which must contain consistent type structure across all entries.
 
 > Note the id of the custom landing zone will be appended to `var.root_id`. The maximum length of the resulting name must be less than 90 characters.
 
-The `custom_landing_zones` object is used to deploy additional Management Groups within the core Management Group hierarchy.  
+The `custom_landing_zones` object is used to deploy additional Management Groups within the core Management Group hierarchy.
 The main object parameters are `display_name`, `parent_management_group_id`, `subscription_ids`and `archetype_config`.
 
 - `display_name` is the name assigned to the Management Group.
@@ -941,8 +941,8 @@ Default:
 
 Description: Optional - Used to tune terraform deploy when faced with errors caused by API limits.
 
-For each supported resource type, there is a child object that specifies the create, update, and delete timeouts.  
-Each of these arguments takes a string representation of a duration, such as "60m" for 60 minutes, "10s" for ten seconds, or "2h" for two hours.  
+For each supported resource type, there is a child object that specifies the create, update, and delete timeouts.
+Each of these arguments takes a string representation of a duration, such as "60m" for 60 minutes, "10s" for ten seconds, or "2h" for two hours.
 If a timeout is not specified, the default value for the resource will be used.
 
 e.g.
@@ -1243,4 +1243,4 @@ If you don't wish to send usage data to Microsoft, details on how to turn it off
   - [Feature Requests](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Feature-Requests)
   - [Contributing to Code](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Contributing-to-Code)
   - [Contributing to Documentation](https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/Contributing-to-Documentation)
-<!-- END_TF_DOCS -->
+<!-- END_TF_DOCS -->

docs/wiki/[Examples]-Create-and-Assign-Custom-RBAC-Roles.md

@@ -101,9 +101,10 @@ This code will save your new `Reader-Support-Tickets` role at this scope and all
 
 If you don't already have an `archetype_extension_es_landing_zones.tmpl.json` file within your custom `lib` directory, create one and copy the below code in to the file.
 This code will assign your new `Reader-Support-Tickets` role to a group named `Contoso Reader and Support Tickets`.
-In order to assign the `Reader-Support-Tickets` role to the group, you need to use the groups objectID which can be located in Azure Active Directory.
+In order to assign the `Reader-Support-Tickets` role to the group, you need to use the groups objectID which can be located in Microsoft Entra ID.
 
-Instead of group, if you would like to assign the role to a SPN in the form of application registered in Azure AD then make sure to use the Object ID of the Service Principal related to that application which you can find from the "Enterprise applications" blade of Azure AD Portal. For more details on the relation between application and service principal objects please see [this article](https://learn.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals).
+Instead of group, if you would like to assign the role to a SPN in the form of application registered in Microsoft Entra ID then make sure to use the Object ID of the Service Principal related to that application which you can find from the "Enterprise applications" blade of Microsoft Entra ID Portal.
+For more details on the relation between application and service principal objects please see [this article](https://learn.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals).
 
 >**IMPORTANT**: Due to how the module works, you must prefix your role name with the location at which it has been saved. In our example this would be `"[CONTOSO]"`.
 If we had saved our role at the `es_landing_zones` scope then we would use a prefix of `"[CONTOSO-LANDING-ZONES]"`

docs/wiki/[User-Guide]-Archetype-Definitions.md

@@ -109,7 +109,7 @@ We have documented some examples showing how to [set parameter values for Policy
             "access_control": {
               // Map of Role Assignments to create, grouped by Role Definition name
               // Key should match the "name" of the Role Definition to assign
-              // Value should be a list of strings, specifying the Object Id(s) (from Azure AD) of all identities to assign to the role
+              // Value should be a list of strings, specifying the Object Id(s) (from Microsoft Entra ID) of all identities to assign to the role
               "Reader": [
                 "00000000-0000-0000-0000-000000000000",
                 "11111111-1111-1111-1111-111111111111",
@@ -189,8 +189,8 @@ To simplify working with parameters at different scopes within the module, param
   > **NOTE:** Parameters are specified as simple `key/value` pairs in the module, and do not require the same structure used in native ARM templates.
 
 - `access_control` provides the option to add user-specified Role Assignments which will be added to the specified Management Group.
-To avoid a direct dependency on the [Azure Active Directory Provider][azuread_provider], this module requires the input to be a list of Object IDs for each Azure AD object you want to assign the specified permission.
-To add your own Role Assignments, specify the `name` of the Role Definition you want to assign as the `key`, and provide a list of Azure Active Directory Object IDs to assign to this role as the `value`.
+To avoid a direct dependency on the [Microsoft Entra ID Provider][azuread_provider], this module requires the input to be a list of Object IDs for each Microsoft Entra object you want to assign the specified permission.
+To add your own Role Assignments, specify the `name` of the Role Definition you want to assign as the `key`, and provide a list of Microsoft Entra Object IDs to assign to this role as the `value`.
 
 You will find the `archetype_config` object in the following places:
 
@@ -211,7 +211,7 @@ This allows you to override parameter values for as many or as few Policy Assign
 
 [TFAES-Library]: https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/tree/main/modules/archetypes/lib
 
-[azuread_provider]: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs "Azure Active Directory Provider"
+[azuread_provider]: https://registry.terraform.io/providers/hashicorp/azuread/latest/docs "Microsoft Entra ID Provider"
 
 [wiki_variables_archetype_config_overrides]:        %5BVariables%5D-archetype_config_overrides "Wiki - Variables - archetype_config_overrides"
 [wiki_variables_custom_landing_zones]:              %5BVariables%5D-custom_landing_zones "Wiki - Variables - custom_landing_zones"

modules/archetypes/lib/policy_assignments/policy_assignment_es_deny_databricks_sku.tmpl.json

@@ -3,7 +3,7 @@
   "type": "Microsoft.Authorization/policyAssignments",
   "apiVersion": "2019-09-01",
   "properties": {
-    "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for AAD.",
+    "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.",
     "displayName": "Enforces the use of Premium Databricks workspaces",
     "notScopes": [],
     "parameters": {
@@ -14,7 +14,7 @@
     "policyDefinitionId": "${root_scope_resource_id}/providers/Microsoft.Authorization/policyDefinitions/Deny-Databricks-Sku",
     "nonComplianceMessages": [
       {
-        "message": "Premium Databricks workspaces {enforcementMode} be used to ensure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for AAD."
+        "message": "Premium Databricks workspaces {enforcementMode} be used to ensure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID."
       }
     ],
     "scope": "${current_scope_resource_id}",
@@ -24,4 +24,4 @@
   "identity": {
     "type": "None"
   }
-}
+}

modules/archetypes/lib/policy_definitions/policy_definition_es_deny_databricks_sku.json

@@ -7,7 +7,7 @@
     "policyType": "Custom",
     "mode": "Indexed",
     "displayName": "Deny non-premium Databricks sku",
-    "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for AAD.",
+    "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.",
     "metadata": {
       "version": "1.0.0",
       "category": "Databricks",

tests/modules/test_001_baseline/baseline_values.json

@@ -2999,7 +2999,7 @@
             "provider_name": "registry.terraform.io/hashicorp/azurerm",
             "schema_version": 0,
             "values": {
-              "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for AAD.",
+              "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.",
               "display_name": "Deny non-premium Databricks sku",
               "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
               "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
@@ -8529,4 +8529,4 @@
       }
     ]
   }
-}
+}

tests/modules/test_002_add_custom_core/baseline_values.json

@@ -4008,7 +4008,7 @@
             "provider_name": "registry.terraform.io/hashicorp/azurerm",
             "schema_version": 0,
             "values": {
-              "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for AAD.",
+              "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.",
               "display_name": "Deny non-premium Databricks sku",
               "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
               "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
@@ -9911,4 +9911,4 @@
       }
     ]
   }
-}
+}

tests/modules/test_003_add_mgmt_conn/baseline_values.json

@@ -11241,7 +11241,7 @@
             "provider_name": "registry.terraform.io/hashicorp/azurerm",
             "schema_version": 0,
             "values": {
-              "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for AAD.",
+              "description": "Enforces the use of Premium Databricks workspaces to make sure appropriate security features are available including Databricks Access Controls, Credential Passthrough and SCIM provisioning for Microsoft Entra ID.",
               "display_name": "Deny non-premium Databricks sku",
               "management_group_id": "/providers/Microsoft.Management/managementGroups/root-id-1",
               "metadata": "{\"alzCloudEnvironments\":[\"AzureCloud\"],\"category\":\"Databricks\",\"source\":\"https://github.com/Azure/Enterprise-Scale/\",\"version\":\"1.0.0\"}",
@@ -17676,4 +17676,4 @@
       }
     ]
   }
-}
+}

variables.tf

@@ -482,8 +482,8 @@ e.g.
       }
       access_control = {
         Example-Role-Definition = [
-          "00000000-0000-0000-0000-000000000000", # Object ID of user/group/spn/mi from Azure AD
-          "11111111-1111-1111-1111-111111111111", # Object ID of user/group/spn/mi from Azure AD
+          "00000000-0000-0000-0000-000000000000", # Object ID of user/group/spn/mi from Microsoft Entra ID
+          "11111111-1111-1111-1111-111111111111", # Object ID of user/group/spn/mi from Microsoft Entra ID
         ]
       }
     }