Can't restrict Subscription creation with Azure Policy.
We created the policy that should restrict the creation of new subscription, if it has any or all of the specific tags missing. The policy is not restricting the creation of new subscription but, is marking the subscription "non-compliant"…
I have create a azure police with deployeifnotexist effect for ACR network setting but not work expected
{ "properties": { "displayName": "acr-test-new1", "policyType": "Custom", "mode": "Indexed", "description": "test", "metadata": { …
Custom Policy
Hello Everyone, I would like to get your help regarding to know what could be a json structure to create a Azure policy that will allow me to identify who create the Azure resources on a subscription. Thank you and help will be very helpful.
Powershell Script to Remove Duplicate Assignments
Hi, We have MS Clound Benchmark Definition assigned at 200 scopes/ subscriptions, which we dont need. Im wondering would you guys have some quick direction on how I can remove it from all 200 subscriptions with a single powershell command? Thanks.
How to create a custom policy that shows who create the resources on Azure
Hello Everyone, I would like to get your help regarding to know what could be a json structure to create a Azure policy that will allow me to identify who create the Azure resources on a subscription. Thank you and help will be very helpfull.
Paginate List Query Results For Subscription Level Policy Assignment
Hi everyone, I’m having trouble using this service to get information about policy states. It seems to only return up to 1,000 entries per call, and the @odata.nextLink parameter mentioned in the docs always comes back as null. I tried adjusting the…
Availability Sets are not supported in Azure Policy for deploying Azure Monitor Agent.
I have created a Initiative for deploying the Azure Monitor agent on a subscription. The agent is deployed on all the Windows vm's except on the machines in a availability set. The policy I'm using is "Configure Windows virtual machines to run Azure…
How to disable feature of redirecting all HTTP traffic to HTTPS in azure Web App service using azure policy.
How to disable feature of redirecting all HTTP traffic to HTTPS in azure Web App service using azure policy. Our client is asking for a policy so that if anyone creates Function app or logic App services, by default HTTPS only will configured as off.…
Cannot access "Custom deployment" blade in Azure - CORS issue
Every time I try and click "Deploy a custom resource" nothing happens in the Azure portal UI. In my browser's dev tools console I receive this error: "Access to XMLHttpRequest at…
Possible to create a policy that will automatically assign user/group RBAC roles based on tags
Is it possible to create a policy that will automatically assigned users/groups to RBAC roles for an RG based on the tags? If so, can you reference a template for this?
Azure policy does not back up persistent AVD VMs.
We're running into a weird issue. We have two Azure policies, one which adds a tag for any VM, the tag name is "backup" and it sets the value to [true]. Then a second policy is set to backup VMs with a given tag to an existing vault in the…
Effect of editing custom Azure Policy definition on existing assignments?
I am trying to understand how editing a custom Azure policy definition affects existing assignments but can't find any info on this. Our scenario: We have a custom policy definition for the deployment and configuration of the AMA client on Arc connected…
Allow-Access-Control-Origin Error on Web App
Hey everyone. I may be missing something simple, but here's one for you guys! Turning on App Gateway WAF Policy with a custom rule for geo location match. Essentially just to deny any traffic outside of select countries. Without this WAF Policy turned…
Azure resource graph query to get all policy definition details which are assigned
Azure has lot of inbuilt policies and few are custom policies.i need an Azure resource graph query to get all policy definition details of only the policies which are assigned
Creating a custom Policy Using Azure Resource Selector
Is it possible to create a custom policy or utilize Azure policies to implement a deny resource type policy by using only the resource selector parameters, rather than specifying the actual parameters within the policy without the use of…
Use Azure Policy at scale at an MSP
Hi there, I am starting to use Azure Lighthouse and Policy at a MSP. I want to use Azure Policy to manage all the delegated customer subscriptions. It seems that there is no built-in option to just push initiatives and policies to subscriptions in…
Applying azure PCI DSS4 regulatory complaince policy for passwords
Hi, I am trying to assign PCI DSS4 Defender for cloud regulatory compliance policy for passwords - Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords- where count is 24 Audit Windows machines that…
How to Enforce a Tag With a Predefined Value
I want an Azure policy in place that requires all new resources to have an "Environment" tag. With that tag I only want there to be three acceptable values: Test, Prod and Dev. If the value doesn't meet the predefined value, it fails…
Understanding Inconsistent data return for Azure Powershell command Get-AzPolicyDefinition
Hi, I'm encountering inconsistent data return for the Azure Powershell command Get-AzPolicyDefinition. I have a script that obtains compliance reports for Azure Policy Initiatives and I iterate over each compliance item to obtain more information. I'm…
Custom Policy for "Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests" is not giving desired result
I have written below Custom Policy to check whether Audit logs are enabled or not for Blob Service. It is not working when i only enable the logs for blob service. My requirement is to check only for blob service. Not for whole Storage account. Below…