Resolved DKM SFI issues

NirajC-Microsoft · NirajC-Microsoft · commit 332a985e16e2 · 2026-05-14T14:33:26.000+05:30
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -699,7 +699,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {
     }
     allowBlobPublicAccess: enablePrivateNetworking ? true : false
     publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled'
-
+    requireInfrastructureEncryption: true
     privateEndpoints: enablePrivateNetworking
       ? [
           {
@@ -822,6 +822,7 @@ module avmOpenAi 'br/public:avm/res/cognitive-services/account:0.14.2' = {
     tags: tags
     enableTelemetry: enableTelemetry
     customSubDomainName: openAiAccountName
+    disableLocalAuth: true
     managedIdentities: {
       systemAssigned: true
     }
@@ -897,6 +898,7 @@ module documentIntelligence 'br/public:avm/res/cognitive-services/account:0.14.2
     tags: tags
     sku: 'S0'
     customSubDomainName: docIntelAccountName
+    disableLocalAuth: true
     managedIdentities: {
       systemAssigned: true
     }
diff --git a/infra/main.json b/infra/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.43.1.21952",
-      "templateHash": "16210311400744160873"
+      "version": "0.43.8.12551",
+      "templateHash": "6450034536549346009"
     }
   },
   "parameters": {
@@ -6883,8 +6883,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.43.1.21952",
-              "templateHash": "10615902090169258577"
+              "version": "0.43.8.12551",
+              "templateHash": "14509138889694036561"
             }
           },
           "definitions": {
@@ -21078,8 +21078,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.43.1.21952",
-              "templateHash": "2328998422553242639"
+              "version": "0.43.8.12551",
+              "templateHash": "2224548258804916323"
             },
             "name": "Container Registry Module"
           },
@@ -35692,6 +35692,9 @@
           },
           "allowBlobPublicAccess": "[if(parameters('enablePrivateNetworking'), createObject('value', true()), createObject('value', false()))]",
           "publicNetworkAccess": "[if(parameters('enablePrivateNetworking'), createObject('value', 'Disabled'), createObject('value', 'Enabled'))]",
+          "requireInfrastructureEncryption": {
+            "value": true
+          },
           "privateEndpoints": "[if(parameters('enablePrivateNetworking'), createObject('value', createArray(createObject('name', format('pep-blob-{0}', variables('solutionSuffix')), 'privateDnsZoneGroup', createObject('privateDnsZoneGroupConfigs', createArray(createObject('name', 'storage-dns-zone-group-blob', 'privateDnsZoneResourceId', reference(format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)).outputs.resourceId.value))), 'subnetResourceId', reference('virtualNetwork').outputs.pepsSubnetResourceId.value, 'service', 'blob'), createObject('name', format('pep-queue-{0}', variables('solutionSuffix')), 'privateDnsZoneGroup', createObject('privateDnsZoneGroupConfigs', createArray(createObject('name', 'storage-dns-zone-group-queue', 'privateDnsZoneResourceId', reference(format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)).outputs.resourceId.value))), 'subnetResourceId', reference('virtualNetwork').outputs.pepsSubnetResourceId.value, 'service', 'queue'))), createObject('value', createArray()))]",
           "blobServices": {
             "value": {
@@ -43814,8 +43817,8 @@
         }
       },
       "dependsOn": [
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageQueue)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').storageBlob)]",
         "userAssignedIdentity",
         "virtualNetwork"
       ]
@@ -45948,6 +45951,9 @@
           "customSubDomainName": {
             "value": "[variables('openAiAccountName')]"
           },
+          "disableLocalAuth": {
+            "value": true
+          },
           "managedIdentities": {
             "value": {
               "systemAssigned": true
@@ -49105,8 +49111,8 @@
       },
       "dependsOn": [
         "avmOpenAi",
-        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
         "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').cognitiveServices)]",
+        "[format('avmPrivateDnsZones[{0}]', variables('dnsZoneIndex').openAI)]",
         "virtualNetwork"
       ]
     },
@@ -49138,6 +49144,9 @@
           "customSubDomainName": {
             "value": "[variables('docIntelAccountName')]"
           },
+          "disableLocalAuth": {
+            "value": true
+          },
           "managedIdentities": {
             "value": {
               "systemAssigned": true

Original file line number	Diff line number	Diff line change
`@@ -699,7 +699,7 @@ module avmStorageAccount 'br/public:avm/res/storage/storage-account:0.32.0' = {`
`699`	`699`	`}`
`700`	`700`	`allowBlobPublicAccess: enablePrivateNetworking ? true : false`
`701`	`701`	`publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled'`
`702`		`-`
	`702`	`+ requireInfrastructureEncryption: true`
`703`	`703`	`privateEndpoints: enablePrivateNetworking`
`704`	`704`	`? [`
`705`	`705`	`{`
`@@ -822,6 +822,7 @@ module avmOpenAi 'br/public:avm/res/cognitive-services/account:0.14.2' = {`
`822`	`822`	`tags: tags`
`823`	`823`	`enableTelemetry: enableTelemetry`
`824`	`824`	`customSubDomainName: openAiAccountName`
	`825`	`+ disableLocalAuth: true`
`825`	`826`	`managedIdentities: {`
`826`	`827`	`systemAssigned: true`
`827`	`828`	`}`
`@@ -897,6 +898,7 @@ module documentIntelligence 'br/public:avm/res/cognitive-services/account:0.14.2`
`897`	`898`	`tags: tags`
`898`	`899`	`sku: 'S0'`
`899`	`900`	`customSubDomainName: docIntelAccountName`
	`901`	`+ disableLocalAuth: true`
`900`	`902`	`managedIdentities: {`
`901`	`903`	`systemAssigned: true`
`902`	`904`	`}`