This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 87%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
I deployed managed application definition by referring https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.solutions/managed-application as a service catalog application.
When I try to deploy managed application to subscription it fails with error disallowed by Policy. This subscription has policy configured on resource group to have Owner Tag.
Although mainTemplate of managed application is configured with
{
"type": "Microsoft.Resources/tags",
"name": "default",
"apiVersion": "2021-04-01",
"properties": {
"tags": {
"Owner": "ABCD"}
}
}
Is it possible to create managed resource group with proper tags using managed application definition?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 43%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
@Chinmay Vartak - Welcome to Microsoft Q&A and thanks for reaching out.
For security or compliance, your subscription administrators might assign policies that limit how resources are deployed. For example, policies that prevent creating public IP addresses, network security groups, user-defined routes, or route tables.
To resolve RequestDisallowedByPolicy errors, review the resource policies and determine how to deploy resources that comply with those policies. The error message displays the names of the policy definition and policy assignment.
Please take a look at this document for more info : error-policy-requestdisallowedbypolicy
UPDATE:
So I have confirmed with Product team and was told that there is no way to set the tag on a managed resource group today, so this would fail. You would have to add a policy exception to exempt the Managed app and its resource group from this policy.
Hope this helps. and please feel free to reach out if you have any further questions.
------------------------------------------------------------------
If the above response was helpful, please feel free to "Accept as Answer" and "Upvote" the same so it can be beneficial to the community.
I understand RequestDisallowedByPolicy error. This question is specific to managed application where AZure/Microsoft is creating resource group not allowing me to create resource group with policy compliance and then use it.
Or process of managed application deployment is not using tags I specified for RG creation but it is creating Resource group first and then updating tags.
@Chinmay Vartak - Thanks for sharing more insights into the issue. Let me look into this and will get back to you shortly.
Thank you for your patience while we work on this.
@Chinmay Vartak - I have added an updated answer above, see if that helps. If so, please :Accept the answer so it can be beneficial to the community members who come across the similar issue.
Thank you.
@Monalla-MSFT Thanks for the update.
One followup question: Does managed application supports using existing empty resource group as an managed resource group.
@Chinmay Vartak - No, it won't pass a review for marketplace, but you would find it in service catalog.
Hope that helps. If so, please Accept the answer so it can be beneficial to the community members who come across the similar issue. Thank you.
This is related to Service catalog only. Can I use existing resource group for service catalog application's managed group