Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
811 questions
1 answer
How to exclude a group of users in an azure policy from deny action
current situation: there is a zure policy with deny action that prohibits the deletion of resource groups and resources. requirement: create a user group in azure in which every member of that group is excluded from the azure policy deny action
asked 2024-03-13T21:04:25.21+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOJ%3C/text%3E%3C/svg%3E)
Omer Jesus Gonzalez Vizcaino
0
Reputation points
commented 2024-03-20T11:28:11.3933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SwathiDhanwada-MSFT
18,041
Reputation points
2 answers
MicrosoftDNSAgent extension
Hello Team, I am planning install/deploy MicrosoftDNSAgent extension. I have already applied AMA policy with DCRs. now planning to choose unified method to deploy and configure MicrosoftDNSAgent extension by policy since AMA and scope specific DCR…
asked 2024-01-30T13:34:19.3433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 96%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Naresh Babu
135
Reputation points
answered 2024-03-20T10:12:05.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 27%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Stellnberger Philipp
0
Reputation points
1 answer
Deny assignment for data plane actions
Can deny assignments be defined to block data plane actions (prevent deletion of blobs inside a storage account for example)? I know that Blueprints or Azure policy can provide some level of denial to delete actions it doesn't look like it covers data…
asked 2024-03-03T13:55:16.23+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 80%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AssafL
1
Reputation point
commented 2024-03-19T18:59:29.64+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 43%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Monalla-MSFT
12,281
Reputation points
1 answer
Azure initiative for ISO 27001:2022
We have to implement ISO 27001:2022 at Azure Switzerlan. Is there an azure initiative for ISO 27001:2022? There is currently one for ISO27001:2013. Does anyone know what should be changed for 27001:2022?
asked 2023-11-03T06:41:04.88+00:00
Martin Egli
105
Reputation points
commented 2024-03-19T12:56:59.58+00:00
BollaertIgor-0366
2
Reputation points
1 answer
While doing remediation in Azure policy assignment getting below error
While doing remediation in Azure policy getting error: Evaluation of DeployIfNotExists policy was unsuccessful. The policy assignment…
asked 2024-03-18T17:58:12.0866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 37%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sourabh sourabh
0
Reputation points
answered 2024-03-19T04:56:57.5+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AnuragSingh-MSFT
20,981
Reputation points
1 answer
Extracting resource compliance states | How to download data for resource compliance states in Azure Policies|
I have several Azure Policies, and from the portal If I go to the assignments and look at the policy I can get the compliance percentage and status of each resource (Compliant or not-compliant), However there is no way for me to download to the data to…
asked 2024-03-12T17:32:17.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 83%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
prasannarajayya
0
Reputation points
commented 2024-03-18T17:25:37.42+00:00
Monalla-MSFT
12,281
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Policy for BlobServices
Hi, community! I'm using this policy in order to audit blob versioning: { "properties": { "displayName": "Custom: Configure your Storage account to enable blob versioning", "policyType":…
asked 2024-03-15T12:26:44.2733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 65%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Serhii Polhorodnyk
20
Reputation points
commented 2024-03-17T13:27:37.58+00:00
Serhii Polhorodnyk
20
Reputation points
2 answers
Anyone knows for sure if, in Azure Portal, they have controls / policies to implement / be controled by Azure, for the new version of ISO 27001:2022 ?
Hello, i need to know if we can add that kind of controls to be assessed by the Azure portal, instead of the ISO 27001:2013, that already has controls listed; is there a way of add / use the new version of ISO (ISO 27001:2022), within the Policy, inside…
asked 2024-03-16T19:14:35.4766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 26%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Pedro Costa - MixMove
40
Reputation points
answered 2024-03-16T19:58:27.2633333+00:00
Azar
20,670
Reputation points
1 answer
One of the answers was accepted by the question author.
Unable to run "az deployment mg create" on Tenant Root Group
Trying to deploy a management group structure via Bicep starting 1 level down from "Tenant Root Group". CLI command az deployment mg create needs to target the Tenant Root Group (which has the same ID as the Tenant ID as per…
asked 2024-03-12T03:36:40.1733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 40%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Jose-Paolo Roldan
20
Reputation points
commented 2024-03-15T08:02:03.4766667+00:00
SwathiDhanwada-MSFT
18,041
Reputation points
2 answers
how to make azure policy definition script that limits the number of resources per resource group? how to make azure policy definition script that limits the number of resources per resource group?
I want to limit the number of resources per resource group. For example, I would like to limit the creation of a maximum of 2 virtual machines and a maximum of 1 DB per resource group. My questions are: Does an Azure Policy Definition that satisfies…
asked 2024-01-21T15:52:02.56+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 19%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEC%3C/text%3E%3C/svg%3E)
elice-cloud-practice-dev
0
Reputation points
answered 2024-03-12T14:55:10.71+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 94%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETO%3C/text%3E%3C/svg%3E)
Tabut, Olivier
0
Reputation points
1 answer
After applying Azure policy for auto update for flagged VM its flagging
created new azure policy for VM automatic update on flagged vm but it still flagging. update name: "Microsoft .NET Core Security Update for January 2024" after update also it still showing old version only. how to auto update this issue using…
asked 2024-03-12T06:57:00.2966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 78%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Maazulla Khan (HCL TECHNOLOGIES CORPORATE SER)
0
Reputation points Microsoft Vendor
edited the question 2024-03-12T11:36:13.19+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 64%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EON%3C/text%3E%3C/svg%3E)
OMMI NAVEEN KUMAR
195
Reputation points Microsoft Vendor
3 answers
Custom azure policy to enable automatic VM guest patching
I would like to enable Automatic VM guest patching using Azure Policy with DeployIfNotExist mode. I drafted a definition but it does not seems to work properly (it shows non compliant VM as compliant). { "mode": "All", …
asked 2024-01-31T10:18:40.4+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 94%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYF%3C/text%3E%3C/svg%3E)
Yasmin, Fitri
266
Reputation points
answered 2024-03-10T12:56:55.3166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(102.4, 69%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECS%3C/text%3E%3C/svg%3E)
Cristian SPIRIDON
4,471
Reputation points
1 answer
Issue on connecting tenant id and subscription id
error fetching tenantID and subscriptionID from Azure CLI (are you logged on using az login?): failed to open file (C:\Users\ADMIN.azure\azureProfile.json) while loading token: open C:\Users\ADMIN.azure\azureProfile.json: The system cannot find the path…
asked 2024-02-25T05:35:10.35+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 37%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Varma
1,250
Reputation points
commented 2024-03-08T17:00:42.2233333+00:00
deherman-MSFT
34,201
Reputation points Microsoft Employee
0 answers
How can an Azure policy assess SQL Azure database capacity?
I have a parameter "maxCores": { "type": "Integer", "metadata": { "displayName": "Max Capacity", "description": "The max cores or DTUs that can…
asked 2022-08-09T15:57:47.367+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 93%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
Russell H. DeGrove
6
Reputation points
commented 2024-03-08T09:16:20.1566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 80%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWP%3C/text%3E%3C/svg%3E)
WOJTAS, P. (PATRYCJA)
10
Reputation points
1 answer
Azure Policy trigger on Azure Budget alert
We need to assign azure policy to deny the creation of new resources to a subscription whose budget has been reached. And once it is below limit, the policy should be removed from that subscription automatically .So how can we integrate Azure Policy…
asked 2023-02-27T13:39:32.4+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 96%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
GAURAV SINGH
1
Reputation point
commented 2024-03-07T14:47:56.5266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 52%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Mohammad Wasif Rafique Mandal
35
Reputation points
1 answer
Azure arc machine configuration deployment error
Hello I am attempting to deploy sample machine configuration for an Azure arc machine resource following the steps mentioned in https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/overview except for…
asked 2024-03-06T09:15:36.6433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 37%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Anupam Kumar
0
Reputation points Microsoft Employee
commented 2024-03-06T16:48:46.0266667+00:00
Anupam Kumar
0
Reputation points Microsoft Employee
0 answers
Unable to apply Custom Guest Configuration on Linux VMs using the nxModule
Using Azure Policy, Im (unsuccessfully) applying a Custom Guest Configuration that uses the nxPackage and nxService. Troubleshooting led to me to manually apply the config using the Start-GuestConfigurationPackageRemediation cmdlet with the Verbose flag.…
asked 2021-09-21T13:19:20.923+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 43%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIV%3C/text%3E%3C/svg%3E)
Ivan Vorobiev
1
Reputation point
commented 2024-03-05T13:32:12.75+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 38%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Alexandre, Carvalho (A93)
0
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Policy | How do i configure according to my need?
How can i make azure that i can only access the always free services and dont go beyond the quota. is it possible to make a policy for it and so how do i??? I want to just use the free services of azure that are available for free and dont cost…
asked 2024-03-02T09:05:26.24+00:00
Ishtiaque Ahmed CSEH Rafin
81
Reputation points
edited the question 2024-03-05T10:39:33.25+00:00
SwathiDhanwada-MSFT
18,041
Reputation points
2 answers
One of the answers was accepted by the question author.
What are the Azure policies i can implement to be compliant for European DORA act
As per the new Digital operational resiliency act, any financial services operating in europe need to be compliant by Jan 2025. For more reading please see the…
asked 2023-10-12T18:31:59.8933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 47%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Ratish Kumar
71
Reputation points
commented 2024-03-05T05:57:53.06+00:00
SwathiDhanwada-MSFT
18,041
Reputation points
2 answers
Create Azure Policy to add role to resource group
Hello. I would like to create Azure Policy on subscription that will ensure, that to all resource groups (new and existing) that starts with 'xyz-' a role 'owner' will be granted to user with ID 'principalId'. Here is my code: { "mode":…
asked 2024-02-15T21:32:33.2+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 85%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Mateusz
0
Reputation points
commented 2024-03-05T05:52:19.32+00:00
SwathiDhanwada-MSFT
18,041
Reputation points