Skip to main content
570 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
Advice
0 votes
0 replies
19 views

I would like to deploy policy at the management group level to enable Micosoft Defender for Cloud. (I have owner role for all mgmt groups). I found some these in-built policy definition: Microsoft ...
bostongeorge's user avatar
  • 85
0 votes
0 answers
34 views

I am working on an API, global policy for our Azure APIM. For API with a specific tag, I need to allow access to users only if they come from some IP Ranges: I have this: <inbound> <base /...
ClaudeVernier's user avatar
  • 533
1 vote
0 answers
66 views

Been struggling to get the regex for a resource tag to function as expected. I have an Owner tag thats one of four tags that I am forcing users to add to any resource in a particular subscription. I ...
Richard's user avatar
  • 11
0 votes
0 answers
153 views

I'd like to enforce a tag on all subscriptions in my Azure tenant. key: policy_config_path value: config/azure/mytenantname.com/subscriptions/<subscription_id> My requirement is basically apply ...
DivZ's user avatar
  • 736
-1 votes
2 answers
137 views

I'm currently working on creating Azure Policies to manage our virtual machines, and one of the policies is not behaving as expected. The goal of this custom policy is to automatically deploy the ...
Artur's user avatar
  • 363
0 votes
1 answer
88 views

I made a copy of the built-in policy to audit VMs for ASR and we want to add a condition with a specific tag existing on a VM to be considered "compliant". Meaning, the policy should ...
pgbfnf's user avatar
  • 17
0 votes
0 answers
65 views

I need help defining an Azure subscription policy. I want to say VMSS should contain at least one extension of type X OR it should contain extensions A AND B. But my code below says it should define ...
Node.JS's user avatar
  • 1,714
0 votes
1 answer
74 views

I am creating a set of Azure Policies to automatically deploy private DNS zone groups in private endpoints. I'm having issues with the if portion of the policy. Previously, I had it written like this: ...
Gabriel Kelly's user avatar
  • 103
0 votes
1 answer
69 views

I want to limit by Azure Policy the creation of Azure Front Door resources to Standard SKU only. I'm struggling to figure this policy out. So far I have. { "mode": "All", "...
Damo's user avatar
  • 2,122
0 votes
1 answer
138 views

This question is really about automation. I could easily do this manually in less time then it will take me to wait for an answer, but I think automation might be neater in the long run. I am ...
Gabriel Kelly's user avatar
  • 103
-1 votes
1 answer
126 views

I enabled Azure policy [Require a tag on resources], It is validating tags on resource creation as expected but it also evaluating existing resources and showing Non-compliant. Definition { "...
Abdul Khadar's user avatar
  • 74
0 votes
1 answer
207 views

Is there any way that we can inherit all the tags from Resource groups in a single go to it's resources using custom policy without specifying a particular tag? The policy which I am using is not ...
GUNDRAJU KRUPA VANI's user avatar
  • 29
0 votes
1 answer
132 views

We currently have an Azure Policy only allowing certain VM SKUs when building new VMs across our tenant. However, we have a new need for a single application team to use a SKU that's not in the ...
pgbfnf's user avatar
  • 17
0 votes
1 answer
87 views

I'm trying to duplicate a policy definition along with its metadata in Azure Policy, specifically for NIST SP 800 171. While I can do this through the portal UI, it doesn't duplicate the entire ...
Juan's user avatar
  • 1
1 vote
1 answer
105 views

Background I want to make an Azure Policy that requires a tag to be created for every newly created secret. What I tried so far I made a new policy by copying the pre-existing Azure Policy Require a ...
Athanasius's user avatar
  • 13
0 votes
1 answer
361 views

Recently, I received a recommendation from Microsoft Defender for Cloud regarding "Azure overprovisioned identities should have only the necessary permissions." I want to suppress this ...
codeX's user avatar
  • 5,488
0 votes
3 answers
492 views

I am trying to make an Azure policy that can ensure that my resources keep a certain naming convention, for example "app-{name}-{version}-{zone}-{build}. At the moment the part of my policiy ...
Recusiwe's user avatar
  • 890
0 votes
0 answers
169 views

Currently, I have a custom policy that audits Network Security Group (NSG) rules allowing inbound traffic from ANY or Internet (i.e., when the source is ANY or Internet). This policy is assigned at ...
Manju S's user avatar
  • 11
0 votes
1 answer
88 views

Just want to ask an expert opinion to get more information about the following Azure built-in policies if there is a similarity. Also the difference of these policies from each other. Azure built-in ...
Romeo's user avatar
  • 45
0 votes
1 answer
70 views

I'm currently configuring a Azure Policy that only allows some values to one of my tags. Here is the policy as of right now: "policyRule": { "if": { "allof":...
Helena Raia's user avatar
  • 35
0 votes
1 answer
215 views

I have an issue with the account not being able to view the Keys of connection string in CosmosDB Azure portal. Look below as it is greyed out both read write and read only keys. Take note that this ...
Romeo's user avatar
  • 45
0 votes
1 answer
182 views

I wanted to create a policy that automatically gives databases a long term retention instead of doing it manually every time so I created this code but for some reason the database does not get any ...
Dan's user avatar
  • 1
0 votes
1 answer
136 views

I have a policy already in place for installing MDE.Linux agent to all machines as extension, which works fine. We are now in the process of writing another policy to install 'QualysAgentLinux' agent, ...
ArushRaj's user avatar
  • 31
0 votes
0 answers
277 views

I have got an azure advisor alert concerning windows virtual machines. These are standard VM's and they are reporting the following remediation steps. I have carried out the following to remediate the ...
learner's user avatar
  • 1,097
2 votes
1 answer
106 views

Using Terraform/Azure Policies, I want to restrict the creation of savings plans only to one of our subscriptions i.e Prod. We have more than 10 subscriptions in the tenant in different management ...
VAP's user avatar
  • 21
0 votes
1 answer
87 views

Using Terraform, I want to deny the creation of savings plans outside of the singular Prod subscription and get an email whenever an attempt is made. We have more than 10 subscriptions in the tenant ...
VAP's user avatar
  • 21
0 votes
1 answer
155 views

I am trying to create az azure policy definition using powershell and I am receiving the following error. New-AzPolicyDefinition_CreateExpanded : Failed to parse policy rule: 'Error converting value &...
Selvam Subramani's user avatar
  • 1
0 votes
1 answer
114 views

I have written the following policy to enable it: { "mode": "Indexed", "policyRule": { "if": { "field": "tags[Environment]", ...
Quies's user avatar
  • 5
0 votes
0 answers
152 views

We have a requirement to create Azure policy with DeployIfNoExists effect with specific tag for newly created resources. But, I`m kind of stuck, I have tried to rewrite modify built in one policy - no ...
Quies's user avatar
  • 5
0 votes
1 answer
98 views

Just wondering if possible to monitor the System-assigned or User-assigned activity. For example if System-assigned manually OFF then email alert will trigger. By this automation the users will be ...
Romeo's user avatar
  • 45
0 votes
1 answer
308 views

I have a question and unfortunately I can't find anything explicit in the MS documentation. We would like to use the Azure Policies to determine the location of the resource etc. via the subscription ...
user23587070's user avatar
  • 15
0 votes
1 answer
510 views

Unable to Create Remediation Task on managed identity ACA built in policy. Although compliance state is working fine on all resources. Need to remediate non compliant resources. The question is, do ...
Romeo's user avatar
  • 45
0 votes
1 answer
532 views

currently we have implemented a modify policy that inherit tags from the resource group to the resources. The resource group have only 15 tags, I know that the limit is around 50 max But I am seeing ...
John Wilmar Herrera Gil's user avatar
  • 15
0 votes
1 answer
154 views

There is 1 policy definition on Managed Identity in Azure for Container Apps. Managed Identity should be enabled for Container Apps Just curious on how this built-in policy apply as i am new with ...
Romeo's user avatar
  • 45
0 votes
1 answer
215 views

I have attempted this using address prefix ranges, as we are aware of the address spaces used within the 'corp' VNETs. However, we do not have information on the ranges for the 'online' VNETs. ...
Aslam Bagwan's user avatar
  • 1
0 votes
1 answer
127 views

I'm trying to create a policy to deploy metrics, and I've got some of the way there but a bit stuck. For each public IP in our tenancy (spread across different subscriptions) we want to deploy a ...
JimmyACon's user avatar
  • 3
0 votes
1 answer
72 views

I want to automate the process of listing all policies in Azure that support Customer-managed keys for Azure Storage encryption. Right now my current approach is to search for them in the Azure portal ...
greg's user avatar
  • 1,224
0 votes
1 answer
120 views

I want to create an azure policy with deny effect to prevent action of removing user assigned identity from a virtual machine is not working but I am not able to do so as we are using terraform to ...
Srishti garg's user avatar
  • 21
2 votes
1 answer
123 views

I have created custom policy for adding private endpoints on Synapse Analytics Workspace. See Script below. "policyRule": { "if": { "field": "type"...
Romeo's user avatar
  • 45
0 votes
1 answer
184 views

At Microsoft Ignite 2023 MS was discussing a soon-to-be-released ability for an Azure Resource Policy definition to be allowed to invoke a Graph API query and use the results as part of the Policy ...
STW's user avatar
  • 46.8k
1 vote
1 answer
216 views

I am trying to create a custom policy in Azure using Azure CLI, but I keep encountering an error related to parsing the policy JSON file. Here are the details: Command: az policy definition create --...
Konstantin Krokhin's user avatar
  • 11
0 votes
1 answer
197 views

I have created a custom azure policy that checks if Logs and Metrics are enabled for Azure Firewall or not. But it is showing all the Azure firewall instances non-compliant, wherein diagnostics are ...
Rakesh Singh's user avatar
  • 1
2 votes
1 answer
180 views

I'm getting a LinkedAuthorizationFailed error when trying to configure diagnostic settings on a Virtual Network Gateway in Azure, and this configuration is being applied through an Azure Policy using ...
showmino's user avatar
  • 23
0 votes
1 answer
534 views

I have written a script that will automatically rigger policy remediation, the script below does that. $InitiativeAssignmentName = "xxxx" # Loop through each policy and create individual ...
learner's user avatar
  • 1,097
0 votes
1 answer
629 views

I have got azure policy auto remediation in place, however the process is a manual one where the remediation tasks needs to be manually triggered. I was wondering if there is a way to programmatically ...
learner's user avatar
  • 1,097
0 votes
1 answer
528 views

I want to be able to create a policy within Azure that prevents users from creating inbound NSG allow rules for ports 3389/22 from any/ internet source, either manually or via the options within the ...
Elliot's user avatar
  • 69
0 votes
3 answers
413 views

We have a deployment of a VNET with bicep which works fine. Moving to Terraform and there are issues with Azure policy. We have a policy which denies the creation of subnets with no NSGs. This is fine ...
PLK's user avatar
  • 409
0 votes
1 answer
128 views

I've set up Workload identity federation. Basically like this: var applicationRegistrationDisplayName = 'GitHub Actions Application Deployer.' var githubOIDCProvider = 'https://token.actions....
Veksi's user avatar
  • 3,822
0 votes
1 answer
338 views

I am writing one script to exclude all SKUs otherthan recommended in policy for that i have written script where it looks all skus and add to policy waiver list if that sku not the file i am fetching, ...
kalyani's user avatar
  • 31
1 vote
2 answers
438 views

As I mentioned on the title I'm trying to register a SHIR(ADF) on Azure VM but the error has occurred. The error message and the log were like below. According to a MS document, the solution like this ...
user avatar

1
2 3 4 5
12