docs: add Variables from variables.yml tables to Part 2 Azure Foundation (26 files)

- Phase 01 Landing Zones: 6 files (3 simplified + 3 full deployment)
- Phase 02 Resource Providers: 2 files
- Phase 03 RBAC Permissions: 2 files
- Phase 04 Manual Deployment: 11 files (VNet, VPN, Bastion, NSG, NAT, Arc GW, Log Analytics, Key Vault, VMs)
- Phase 04 VM Configuration: 5 files (ADDS, Utility, NDM, Lighthouse, WAC)
- Skipped 13 CI/CD pipeline files (Terraform-based) and 1 PIM file (Entra ID config)
- All tables use Variable | Config Path | Example (IIC) format

Author: Kristopher Turner

docs/implementation/02-azure-foundation/phase-01-landing-zones/full-deployment/task-01-configure-management-groups.mdx

@@ -103,6 +103,21 @@ Tenant Root Group
 - **Authenticated Azure session** — see [Authentication](../../../05-authentication.mdx)
 - **`variables.yml`** — configured with the full management group hierarchy names and display names
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Root MG ID | `azure.management_groups.tenant_root.name` | `cmp-iic-root` |
+| Platform MG ID | `azure.management_groups.platform.name` | `cmp-platform-iic` |
+| Platform Identity MG ID | `azure.management_groups.platform_identity.name` | `cmp-platform-identity-iic` |
+| Platform Management MG ID | `azure.management_groups.platform_management.name` | `cmp-platform-management-iic` |
+| Platform Connectivity MG ID | `azure.management_groups.platform_connectivity.name` | `cmp-platform-connectivity-iic` |
+| Landing Zones MG ID | `azure.management_groups.landing_zone.name` | `cmp-landing-zones-iic` |
+| Corp Landing Zone MG ID | `azure.management_groups.lz_corp.name` | `cmp-lz-corp-iic` |
+| Online Landing Zone MG ID | `azure.management_groups.lz_online.name` | `cmp-lz-online-iic` |
+| Sandbox MG ID | `azure.management_groups.sandbox.name` | `cmp-sandbox-iic` |
+| Decommissioned MG ID | `azure.management_groups.decommissioned.name` | `cmp-decommissioned-iic` |
+
 ---
 
 ## Execution Options

docs/implementation/02-azure-foundation/phase-01-landing-zones/full-deployment/task-02-create-subscriptions.mdx

@@ -107,6 +107,16 @@ cmp-iic-root                              ← organization root MG
 └── cmp-decommissioned-iic (no subscription yet)
 ```
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Platform Identity Sub | `azure.subscriptions.platform_identity.name` | `iic-platform-identity-001` |
+| Platform Management Sub | `azure.subscriptions.platform_management.name` | `iic-platform-management-001` |
+| Platform Connectivity Sub | `azure.subscriptions.platform_connectivity.name` | `iic-platform-connectivity-001` |
+| Corp Landing Zone Sub | `azure.subscriptions.lz_corp.name` | `iic-lz-azurelocal-corp-001` |
+| Online Landing Zone Sub | `azure.subscriptions.lz_online.name` | `iic-lz-azurelocal-online-001` |
+
 ---
 
 ## Execution Options

docs/implementation/02-azure-foundation/phase-01-landing-zones/full-deployment/task-03-create-resource-groups.mdx

@@ -102,6 +102,20 @@ Each landing zone subscription (e.g., `iic-lz-azurelocal-corp-001`) gets a singl
 For multiple clusters in the same subscription, increment the cluster identifier: `rg-c01-azl-eus-01`, `rg-c02-azl-eus-01`, etc.
 :::
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Identity — Entra Connect RG | `azure_resources.platform_identity.rg_entraconnect` | `rg-identity-entraconnect-eus-01` |
+| Identity — PIM RG | `azure_resources.platform_identity.rg_pim` | `rg-identity-pim-eus-01` |
+| Management — Monitoring RG | `azure_resources.platform_management.rg_monitoring` | `rg-mgmt-monitoring-eus-01` |
+| Management — Automation RG | `azure_resources.platform_management.rg_automation` | `rg-mgmt-automation-eus-01` |
+| Management — Backup RG | `azure_resources.platform_management.rg_backup` | `rg-mgmt-backup-eus-01` |
+| Connectivity — Hub RG | `azure_resources.platform_connectivity.rg_hub` | `rg-connectivity-hub-eus-01` |
+| Connectivity — DNS RG | `azure_resources.platform_connectivity.rg_dns` | `rg-connectivity-dns-eus-01` |
+| Connectivity — Bastion RG | `azure_resources.platform_connectivity.rg_bastion` | `rg-connectivity-bastion-eus-01` |
+| Cluster RG | `azure_resources.resource_group_name` | `rg-c01-azl-eus-01` |
+
 ---
 
 ## Execution Options

docs/implementation/02-azure-foundation/phase-01-landing-zones/simplified-deployment/task-01-configure-management-group.mdx

@@ -84,6 +84,14 @@ Tenant Root Group
 - **Authenticated Azure session** — see [Authentication](../../../05-authentication.mdx)
 - **`variables.yml`** configured with management group values
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Parent MG ID | `azure.management_groups.tenant_root.name` | `cmp-iic-root` |
+| Landing Zone MG ID | `azure.management_groups.landing_zone.name` | `cmp-landing-zones-iic` |
+| Landing Zone Display Name | `azure.management_groups.landing_zone.display_name` | `IIC Landing Zone Management Group` |
+
 ---
 
 ## Execution Options

docs/implementation/02-azure-foundation/phase-01-landing-zones/simplified-deployment/task-02-create-subscription.mdx

@@ -108,6 +108,14 @@ iic-lz-azurelocal-001                    ← subscription
 The single resource group is created in [Task 03: Create Resource Groups](./task-03-create-resource-groups). This task only covers the subscription itself.
 :::
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Subscription Name | `azure.subscriptions.lab.name` | `iic-lz-azurelocal-001` |
+| Subscription ID | `azure.subscriptions.lab.id` | *(per environment)* |
+| Landing Zone MG | `azure.management_groups.landing_zone.name` | `cmp-landing-zones-iic` |
+
 ---
 
 ## Execution Options

docs/implementation/02-azure-foundation/phase-01-landing-zones/simplified-deployment/task-03-create-resource-groups.mdx

@@ -92,6 +92,14 @@ cmp-iic-root ← root MG (Task 01)
  └── Storage accounts
 ```
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Subscription ID | `azure.subscriptions.lab.id` | *(per environment)* |
+| Resource Group Name | `azure_resources.resource_group_name` | `rg-c01-azl-eus-01` |
+| Region | `cluster.location` | `eastus` |
+
 ---
 
 ## Execution Options

docs/implementation/02-azure-foundation/phase-02-resource-providers/task-01-register-resource-providers.mdx

@@ -56,6 +56,12 @@ Resource provider registration typically takes 1–3 minutes per provider. Some
 | **Authenticated Azure session** | See [Authentication](../../05-authentication.mdx) |
 | **`variables.yml`** | Configured with target subscription ID |
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Subscription ID | `azure.subscriptions.lab.id` | *(per environment)* |
+
 ---
 
 ## Required Providers

docs/implementation/02-azure-foundation/phase-02-resource-providers/task-02-verify-provider-registration.mdx

@@ -56,6 +56,12 @@ Some providers may still be in "Registering" state after Task 01. Wait 2–5 min
 | **Authenticated Azure session** | See [Authentication](../../05-authentication.mdx) |
 | **`variables.yml`** | Configured with target subscription ID |
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Subscription ID | `azure.subscriptions.lab.id` | *(per environment)* |
+
 ---
 
 ## Execution Options

docs/implementation/02-azure-foundation/phase-03-rbac-permissions/task-01-create-azure-local-deployment-spn.mdx

@@ -70,6 +70,13 @@ This task requires **Owner** or **User Access Administrator** permissions at the
 If the deployment SPN already exists in the target environment, the script detects existing SPNs and prompts before creating a new secret. Enter **n** if the existing secret in the platform Key Vault is still valid.
 :::
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Subscription ID | `azure.subscriptions.lab.id` | *(per environment)* |
+| Key Vault Name | `azure_infrastructure.key_vaults.management.name` | `kv-iic-platform` |
+
 ---
 
 ## Create Deployment Service Principal

docs/implementation/02-azure-foundation/phase-03-rbac-permissions/task-02-assign-rbac-roles.mdx

@@ -60,6 +60,13 @@ After assigning these roles, the deployment SPN will have sufficient permissions
 - [ ] Subscription ID confirmed in `variables.yml` → `azure.subscriptions.lab.id`
 - [ ] Cluster resource group confirmed in `variables.yml` → `azure_resources.resource_group_name`
 
+## Variables from variables.yml
+
+| Variable | Config Path | Example (IIC) |
+|----------|-------------|---------------|
+| Subscription ID | `azure.subscriptions.lab.id` | *(per environment)* |
+| Cluster Resource Group | `azure_resources.resource_group_name` | `rg-c01-azl-eus-01` |
+
 ---
 
 ## Section 1: Assign RBAC Roles to Service Principal