How to exclude a group of users in an azure policy from deny action
current situation: there is a zure policy with deny action that prohibits the deletion of resource groups and resources. requirement: create a user group in azure in which every member of that group is excluded from the azure policy deny action
MicrosoftDNSAgent extension
Hello Team, I am planning install/deploy MicrosoftDNSAgent extension. I have already applied AMA policy with DCRs. now planning to choose unified method to deploy and configure MicrosoftDNSAgent extension by policy since AMA and scope specific DCR…
Deny assignment for data plane actions
Can deny assignments be defined to block data plane actions (prevent deletion of blobs inside a storage account for example)? I know that Blueprints or Azure policy can provide some level of denial to delete actions it doesn't look like it covers data…
Azure initiative for ISO 27001:2022
We have to implement ISO 27001:2022 at Azure Switzerlan. Is there an azure initiative for ISO 27001:2022? There is currently one for ISO27001:2013. Does anyone know what should be changed for 27001:2022?
While doing remediation in Azure policy assignment getting below error
While doing remediation in Azure policy getting error: Evaluation of DeployIfNotExists policy was unsuccessful. The policy assignment…
Extracting resource compliance states | How to download data for resource compliance states in Azure Policies|
I have several Azure Policies, and from the portal If I go to the assignments and look at the policy I can get the compliance percentage and status of each resource (Compliant or not-compliant), However there is no way for me to download to the data to…
Azure Policy for BlobServices
Hi, community! I'm using this policy in order to audit blob versioning: { "properties": { "displayName": "Custom: Configure your Storage account to enable blob versioning", "policyType":…
Anyone knows for sure if, in Azure Portal, they have controls / policies to implement / be controled by Azure, for the new version of ISO 27001:2022 ?
Hello, i need to know if we can add that kind of controls to be assessed by the Azure portal, instead of the ISO 27001:2013, that already has controls listed; is there a way of add / use the new version of ISO (ISO 27001:2022), within the Policy, inside…
Unable to run "az deployment mg create" on Tenant Root Group
Trying to deploy a management group structure via Bicep starting 1 level down from "Tenant Root Group". CLI command az deployment mg create needs to target the Tenant Root Group (which has the same ID as the Tenant ID as per…
how to make azure policy definition script that limits the number of resources per resource group? how to make azure policy definition script that limits the number of resources per resource group?
I want to limit the number of resources per resource group. For example, I would like to limit the creation of a maximum of 2 virtual machines and a maximum of 1 DB per resource group. My questions are: Does an Azure Policy Definition that satisfies…
After applying Azure policy for auto update for flagged VM its flagging
created new azure policy for VM automatic update on flagged vm but it still flagging. update name: "Microsoft .NET Core Security Update for January 2024" after update also it still showing old version only. how to auto update this issue using…
Custom azure policy to enable automatic VM guest patching
I would like to enable Automatic VM guest patching using Azure Policy with DeployIfNotExist mode. I drafted a definition but it does not seems to work properly (it shows non compliant VM as compliant). { "mode": "All", …
Issue on connecting tenant id and subscription id
error fetching tenantID and subscriptionID from Azure CLI (are you logged on using az login?): failed to open file (C:\Users\ADMIN.azure\azureProfile.json) while loading token: open C:\Users\ADMIN.azure\azureProfile.json: The system cannot find the path…
How can an Azure policy assess SQL Azure database capacity?
I have a parameter "maxCores": { "type": "Integer", "metadata": { "displayName": "Max Capacity", "description": "The max cores or DTUs that can…
Azure Policy trigger on Azure Budget alert
We need to assign azure policy to deny the creation of new resources to a subscription whose budget has been reached. And once it is below limit, the policy should be removed from that subscription automatically .So how can we integrate Azure Policy…
Azure arc machine configuration deployment error
Hello I am attempting to deploy sample machine configuration for an Azure arc machine resource following the steps mentioned in https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/overview except for…
Unable to apply Custom Guest Configuration on Linux VMs using the nxModule
Using Azure Policy, Im (unsuccessfully) applying a Custom Guest Configuration that uses the nxPackage and nxService. Troubleshooting led to me to manually apply the config using the Start-GuestConfigurationPackageRemediation cmdlet with the Verbose flag.…
Azure Policy | How do i configure according to my need?
How can i make azure that i can only access the always free services and dont go beyond the quota. is it possible to make a policy for it and so how do i??? I want to just use the free services of azure that are available for free and dont cost…
What are the Azure policies i can implement to be compliant for European DORA act
As per the new Digital operational resiliency act, any financial services operating in europe need to be compliant by Jan 2025. For more reading please see the…
Create Azure Policy to add role to resource group
Hello. I would like to create Azure Policy on subscription that will ensure, that to all resource groups (new and existing) that starts with 'xyz-' a role 'owner' will be granted to user with ID 'principalId'. Here is my code: { "mode":…