SharePoint Subscription / 2019 / 2016 / 2013 all configured
This template deploys SharePoint Subscription, 2019, 2016 or 2013 with the following configuration:
- 1 web application created with 2 zones: Windows NTLM on Default zone and ADFS on Intranet zone.
- ADFS is installed on the DC.
- If SharePoint Subscription is selected, an Open ID Connect trust is configured between SharePoint and ADFS. Otherwise, a SAML trust is configured.
- A certificate authority (ADCS) is provisioned on the DC and issues all certificates needed for ADFS and SharePoint.
- A couple of site collections are created, including host-named site collections that are configured for both zones.
- User Profiles Application service is provisioned and personal sites are configured as host-named site collections.
- Add-ins service application is provisioned and an app catalog is created.
- 2 add-in domains / DNS zones are created (1 for for each zone of the web application).
- Latest version of claims provider LDAPCP is installed and configured.
- Multiple SharePoint Web Front End servers can optionally be created and joined to the farm.
Remote access and security
The template creates 1 virtual network with 3 subnets. All subnets are protected by a Network Security Group with no custom rule by default.
The following parameters impact the remote access of the virtual machines, and the network security:
- Parameter 'addPublicIPAddressToEachVM':
- if true (default value): Each virtual machine gets a public IP, a DNS name, and may be reachable from Internet.
- if false: No public IP resource is created.
- Parameter 'RDPTrafficAllowed':
- If 'No' (default value): Firewall denies all incoming RDP traffic from Internet.
- If '*' or 'Internet': Firewall accepts all incoming RDP traffic from Internet.
- If 'ServiceTagName': Firewall accepts all incoming RDP traffic from the specified 'ServiceTagName'.
- If 'xx.xx.xx.xx': Firewall accepts incoming RDP traffic only from the IP 'xx.xx.xx.xx'.
- Parameter 'addAzureBastion':
- if true: Configure service Azure Bastion to allow a secure remote access.
- if false (default value): Service Azure Bastion is not created.
By default, virtual machines use B-series burstable, ideal for such template and much cheaper than other comparable series. Here is the default size and storage type per virtual machine role:
- DC: Size Standard_B2s (2 vCPU / 4 GiB RAM) and OS disk is a 32 GiB standard SSD E4.
- SQL Server: Size Standard_B2ms (2 vCPU / 8 GiB RAM) and OS disk is a 128 GiB standard SSD E10.
- SharePoint: Size Standard_B4ms (4 vCPU / 16 GiB RAM) and OS disk is a 128 GiB standard SSD E10.
You can visit https://azure.com/e/c86a94bb7e3943fe96e2c71cf8ece33a to view the monthly cost of the template when it is deployed using the default settings, in the region/currency of your choice.
- With the default settings, the deployment takes about 1h to complete.
- Once it is completed, the template will return valuable information in the 'Outputs' of the deployment.
- For various (very good) reasons, the template sets the local (not domain) administrator name with a string that is unique to your subscription (e.g. 'local-q1w2e3r4t5'). You can find the name of the local admin in the 'Outputs' of the deployment once it is completed.
Tags: Microsoft.Network/networkSecurityGroups, Microsoft.Network/virtualNetworks, Microsoft.Network/publicIPAddresses, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines, extensions, DSC, Microsoft.Compute/virtualMachines/extensions, Microsoft.DevTestLab/schedules, Microsoft.Network/virtualNetworks/subnets, Microsoft.Network/bastionHosts