Skip to content
SMB Ready Foundation

Changelog

See the full CHANGELOG.md for the complete version history with links to diffs.

v0.10.0 — 2026-02-02

Section titled “v0.10.0 — 2026-02-02”

Azure Developer CLI migration, AVM version updates, 4-scenario deployment testing.

Highlights

Section titled “Highlights”
  • azd migration: Migrated from deploy.ps1 to azd up with pre/post-provision hooks
  • AVM updates: Updated 7 of 13 AVM modules to latest versions
  • MG deployment split: Separated MG creation (step 5a) from policy deployment (step 5b)
  • Policy fix: Fixed retired policy definition GUID (auditDeprecatedAccounts)
  • Testing: Added automated 4-scenario test runner (scripts/test-scenarios.sh)
  • Full scenario fix: Serialized Firewall → VPN Gateway deployment to resolve VNet race condition (ADR-0004)
  • All 4 scenarios (baseline, firewall, vpn, full) tested and validated against live Azure

Changed

Section titled “Changed”
  • main.bicep (v0.3): Added conditional dependsOn: [firewall] to VPN Gateway module
  • deploy.ps1 (v0.5): Enhanced retry patterns, VPN cleanup, progress indicators (deprecated — use azd up)
  • Remove-SmbReadyFoundation.ps1 (v1.1): Added VPN Gateway and public IP cleanup

v0.2.0 — 2026-01-30

Section titled “v0.2.0 — 2026-01-30”

Full Azure Verified Modules (AVM) migration across all Bicep modules.

Highlights

Section titled “Highlights”
  • Migrated 7 core modules from raw ARM to AVM: VNet, NSG, NAT Gateway, Firewall, VPN Gateway, Monitoring, Backup
  • 13 AVM modules total (4 justified exceptions documented)
  • What-if validation for all deployment scenarios
  • AVM Firewall migration (ADR-0003) with sequential resource creation

Module Versions

Section titled “Module Versions”
ModuleAVM Version
Virtual Network0.7.2
Network Security Group0.5.2
NAT Gateway2.0.1
Azure Firewall0.9.2
Firewall Policy0.3.4
VPN Gateway0.10.1
Log Analytics0.15.0
Recovery Services Vault0.11.1
Route Table0.5.0

v0.1.0 — 2026-01-28

Section titled “v0.1.0 — 2026-01-28”

Initial release of SMB Ready Foundation.

Added

Section titled “Added”
  • Hub-spoke network topology with Azure Bastion Developer
  • 4 deployment scenarios: baseline, firewall, vpn, full
  • 21 Azure Policy assignments for governance (later expanded to 34)
  • Recovery Services Vault with DefaultVMPolicy
  • Azure Migrate project for server assessment
  • Log Analytics Workspace with 500 MB/day cap
  • Cost Management Budget with $500/month alerts
  • NAT Gateway for baseline outbound connectivity
  • Azure Firewall Basic (optional) with network rules
  • VPN Gateway VpnGw1AZ (optional) for hybrid connectivity
  • Route tables for forced tunneling through firewall

Security

Section titled “Security”
  • Deny-by-default NSG rules (priority 4096)
  • Azure Bastion Developer SKU (no public IP)
  • Private DNS Zone with auto-registration
  • Soft delete on Recovery Services Vault
  • VM backup auto-enrollment via Azure Policy