We have multiple Licenses I want to Implement Conditional Access Policy
Hello Everyone, We have multiple Licenses I want to Implement Security on all users. I created a Group, added all Company users to this group, and assigned a P1 license to this group. I want to Implement a Conditional Access policy to block all new users…
Is it possible to deploy Azure VM extension for SAP solutions using Azure Policy?
Hi, I would like to deploy Azure VM extension for SAP solutions at scale with Azure Policy. I didn't found one, so I'm wondering if there is any blocker for creating such policy? Any Azure Policy limitations or any steps within SAP Extension deployment…
How to prevent a normal user to see a subscription or cancel or add a subscription?
A regular user has access to some resource groups under a subscription. If users search "Subscription" in the Azure portal, they can see related subscriptions, and also they can "Cancel" or "Add" subscriptions. I'm unsure…
Readonly Tags in Resource Groups
How to keep the tags in Azure Resource Group as read-only. We have job which update tags based on external system every day, i dont want anyone manually update the tags which are added/updated by the Job. How do i do that. Currently we give contributor…
Graph query for accessing details of Azure storage, data management lifecycle policies
I'm trying to create a query that will retrieve the details of a lifecycle management policy held against our azure storage accounts and I'm struggling to find the right properties to retrieve the details I need. Firstly, is this possible using Graph and…
Require a tag and its value on resources
To Whom Can assist: Using the "Require a tag and its value on resources" policy, I am trying to enforce requiring Tags on resource groups and resources. However how can I create a custom policy that would ensure that I can have multiple…
How to remove the expired Azure Policy Exemption. Do we need to remove from Portal or Github first?
How to remove the expired Azure Policy Exemption. Do we need to remove from Portal or Github first? Which is best practice?
Readonly Tags in Resource Groups
How to keep the tags in Azure Resource Group as read-only. We have job which update tags based on external system every day, i dont want anyone manually update the tags which are added/updated by the Job. How do i do that. Currently we give contributor…
How to correct RequestDisallowedByPolicy
Good Day I am trying to complete the course: Microsoft Azure AI Fundamentals: AI Overview, as I have an exam voucher that expires on 13 September. I have progressed to the second unit: Fundamentals of Machine Learning and I am now at the stage where I am…
Custom Policy for "Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests" is not giving desired result
I have written below Custom Policy to check whether Audit logs are enabled or not for Blob Service. It is not working when i only enable the logs for blob service. My requirement is to check only for blob service. Not for whole Storage account. Below…
Can Azure Policy parse extension settings to evaluate existence condition & compliance?
Our requirement is to build an Azure Policy with Deploy If Not Exists effect to deploy/update an extension with certain settings. We are using the below existence condition of our custom policy. The issue is, upon assigning the policy, even after…
How to create policy to deny direct user assignment to Privileged roles instead assigning roles via groups
I need to create a policy to deny direct user assignment to Entra privileged roles and force them to use groups instead for privileged role assignments.
Understanding Inconsistent data return for Azure Powershell command Get-AzPolicyDefinition
Hi, I'm encountering inconsistent data return for the Azure Powershell command Get-AzPolicyDefinition. I have a script that obtains compliance reports for Azure Policy Initiatives and I iterate over each compliance item to obtain more information. I'm…
Is there a way to force the naming of resources that automatically gets setup within Azure?
Good Day At times there are resources that gets automatically created from within ARM. That are dependencies to other resources you create. Or at times you cannot set the name of a particular service. For example the Gateway subnet will always be…
Custom policy to deploy diagnostic settings to subscription activity logs
Hello, Ms has build usefully policy to deploy diagnostic setting to forward subscription activity logs to Log Analytys: Configure Azure Activity logs to stream to specified Log Analytics workspace Policy currently activates all categories but we would…
Can Azure Policy parse extension settings to evaluate existence condition & compliance?
Our requirement is to build an Azure Policy with Deploy If Not Exists effect to deploy/update an extension with certain settings. We are using the below existence condition of our custom policy. The issue is, upon assigning the policy, even after…
Can Azure Policy parse extension settings to evaluate existence condition & compliance?
We want to build a policy with Deploy If Not Exists (effect) to deploy/update an extension with appropriate settings. We have the below existence condition with the last condition about the presence of a certain setting in extension settings. Is this…
Disallowing users to modify the Network Security Group, Firewall and VNET settings in my Azure Subscriptions?
I wanted to restrict the ability for the users to add and modify the NSG rule for all users, except the member of the Azure cloud-only group called "Network-Team". This policy must be enforced for all Network settings like NSG, VNET or firewall…
I am unable to create my azure student free subscription
I am university student pursuing my bachelor degree and unable to create my azure free student subscription. I need your help to create my Azure student free subscription account. ? I've completed the verification process, but I'm still having trouble .…
Denying OpenAI Resource Creation with Abuse Monitoring Enabled using Azure Policy
How can I create an Azure policy to deny the creation of OpenAI resources with abuse monitoring enabled, when my current policy only marks resources as non-compliant after creation? PS - Based on common issues that we have seen from customers and other…