Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
851 questions
0 answers
We have multiple Licenses I want to Implement Conditional Access Policy
Hello Everyone, We have multiple Licenses I want to Implement Security on all users. I created a Group, added all Company users to this group, and assigned a P1 license to this group. I want to Implement a Conditional Access policy to block all new users…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 53%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFG%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 76%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
0 answers
Is it possible to deploy Azure VM extension for SAP solutions using Azure Policy?
Hi, I would like to deploy Azure VM extension for SAP solutions at scale with Azure Policy. I didn't found one, so I'm wondering if there is any blocker for creating such policy? Any Azure Policy limitations or any steps within SAP Extension deployment…
asked 2024-08-22T09:21:43.1466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 0%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJC%3C/text%3E%3C/svg%3E)
Jakub Chwała
0
Reputation points
edited a comment 2024-08-22T12:55:55.5033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 86%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Akshay kumar Mandha
0
Reputation points Microsoft Vendor
1 answer
How to prevent a normal user to see a subscription or cancel or add a subscription?
A regular user has access to some resource groups under a subscription. If users search "Subscription" in the Azure portal, they can see related subscriptions, and also they can "Cancel" or "Add" subscriptions. I'm unsure…
asked 2024-08-14T20:24:57.9833333+00:00
Mohsen Akhavan
791
Reputation points
edited a comment 2024-08-22T09:31:35.5866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 90%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Abdul
2,540
Reputation points Microsoft Vendor
1 answer
Readonly Tags in Resource Groups
How to keep the tags in Azure Resource Group as read-only. We have job which update tags based on external system every day, i dont want anyone manually update the tags which are added/updated by the Job. How do i do that. Currently we give contributor…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 7.000000000000001%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
1 answer
Graph query for accessing details of Azure storage, data management lifecycle policies
I'm trying to create a query that will retrieve the details of a lifecycle management policy held against our azure storage accounts and I'm struggling to find the right properties to retrieve the details I need. Firstly, is this possible using Graph and…
asked 2024-08-15T12:58:59.06+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 71%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
Ben Wild
0
Reputation points
edited a comment 2024-08-20T06:08:03.17+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 86%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Hitesh Pachipulusu - MSFT
1,100
Reputation points Microsoft Vendor
1 answer
Require a tag and its value on resources
To Whom Can assist: Using the "Require a tag and its value on resources" policy, I am trying to enforce requiring Tags on resource groups and resources. However how can I create a custom policy that would ensure that I can have multiple…
asked 2024-07-12T20:41:42.07+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 8%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
Bisi Ajala
0
Reputation points
commented 2024-08-19T14:20:48.7566667+00:00
Bisi Ajala
0
Reputation points
2 answers
How to remove the expired Azure Policy Exemption. Do we need to remove from Portal or Github first?
How to remove the expired Azure Policy Exemption. Do we need to remove from Portal or Github first? Which is best practice?
asked 2024-08-14T14:14:04.35+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 56.00000000000001%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Madhusudhana Rao Dasari
0
Reputation points
answered 2024-08-15T02:28:25.7733333+00:00
brtrach-MSFT
15,866
Reputation points Microsoft Employee
1 answer
Readonly Tags in Resource Groups
How to keep the tags in Azure Resource Group as read-only. We have job which update tags based on external system every day, i dont want anyone manually update the tags which are added/updated by the Job. How do i do that. Currently we give contributor…
0 answers
How to correct RequestDisallowedByPolicy
Good Day I am trying to complete the course: Microsoft Azure AI Fundamentals: AI Overview, as I have an exam voucher that expires on 13 September. I have progressed to the second unit: Fundamentals of Machine Learning and I am now at the stage where I am…
asked 2024-08-12T09:20:11.4166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 30%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Nureyin Reddy
0
Reputation points
commented 2024-08-14T08:33:14.5+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 78%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
dupammi
8,455
Reputation points Microsoft Vendor
2 answers
Custom Policy for "Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests" is not giving desired result
I have written below Custom Policy to check whether Audit logs are enabled or not for Blob Service. It is not working when i only enable the logs for blob service. My requirement is to check only for blob service. Not for whole Storage account. Below…
asked 2024-08-05T11:01:09.9833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 63%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
shashank rastogi
0
Reputation points
commented 2024-08-14T05:25:42.0333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 64%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Nehruji R
6,121
Reputation points Microsoft Vendor
1 answer
Can Azure Policy parse extension settings to evaluate existence condition & compliance?
Our requirement is to build an Azure Policy with Deploy If Not Exists effect to deploy/update an extension with certain settings. We are using the below existence condition of our custom policy. The issue is, upon assigning the policy, even after…
asked 2024-08-02T16:55:01.4433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 5%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVN%3C/text%3E%3C/svg%3E)
Venkata Naga Kartik Pidatala
5
Reputation points Microsoft Employee
commented 2024-08-13T11:36:38.7833333+00:00
Joshua Bines
0
Reputation points
1 answer
One of the answers was accepted by the question author.
How to create policy to deny direct user assignment to Privileged roles instead assigning roles via groups
I need to create a policy to deny direct user assignment to Entra privileged roles and force them to use groups instead for privileged role assignments.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 34%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Understanding Inconsistent data return for Azure Powershell command Get-AzPolicyDefinition
Hi, I'm encountering inconsistent data return for the Azure Powershell command Get-AzPolicyDefinition. I have a script that obtains compliance reports for Azure Policy Initiatives and I iterate over each compliance item to obtain more information. I'm…
asked 2024-08-07T03:23:24.6333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 35%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Jaswanth G
20
Reputation points
commented 2024-08-07T14:20:36.76+00:00
Jaswanth G
20
Reputation points
1 answer
Is there a way to force the naming of resources that automatically gets setup within Azure?
Good Day At times there are resources that gets automatically created from within ARM. That are dependencies to other resources you create. Or at times you cannot set the name of a particular service. For example the Gateway subnet will always be…
asked 2021-05-17T08:18:30.237+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
Desmond Richard
11
Reputation points
commented 2024-08-07T11:23:45.0966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 33%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
EPNAdam
35
Reputation points
2 answers
One of the answers was accepted by the question author.
Custom policy to deploy diagnostic settings to subscription activity logs
Hello, Ms has build usefully policy to deploy diagnostic setting to forward subscription activity logs to Log Analytys: Configure Azure Activity logs to stream to specified Log Analytics workspace Policy currently activates all categories but we would…
asked 2023-04-24T06:43:43.7166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 56.00000000000001%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
Bombbe
1,621
Reputation points
edited a comment 2024-08-06T20:26:08.5466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 11%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Vijay Kumar
0
Reputation points
2 answers
Can Azure Policy parse extension settings to evaluate existence condition & compliance?
Our requirement is to build an Azure Policy with Deploy If Not Exists effect to deploy/update an extension with certain settings. We are using the below existence condition of our custom policy. The issue is, upon assigning the policy, even after…
asked 2024-08-01T16:45:57.1366667+00:00
Venkata Naga Kartik Pidatala
5
Reputation points Microsoft Employee
answered 2024-08-06T10:27:09.55+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 6%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Sebastian Hoff
0
Reputation points Microsoft Employee
1 answer
Can Azure Policy parse extension settings to evaluate existence condition & compliance?
We want to build a policy with Deploy If Not Exists (effect) to deploy/update an extension with appropriate settings. We have the below existence condition with the last condition about the presence of a certain setting in extension settings. Is this…
asked 2024-08-01T16:32:31.4+00:00
Venkata Naga Kartik Pidatala
5
Reputation points Microsoft Employee
commented 2024-08-05T16:18:22.45+00:00
Venkata Naga Kartik Pidatala
5
Reputation points Microsoft Employee
2 answers
One of the answers was accepted by the question author.
Disallowing users to modify the Network Security Group, Firewall and VNET settings in my Azure Subscriptions?
I wanted to restrict the ability for the users to add and modify the NSG rule for all users, except the member of the Azure cloud-only group called "Network-Team". This policy must be enforced for all Network settings like NSG, VNET or firewall…
asked 2024-07-25T13:42:50.6566667+00:00
EnterpriseArchitect
5,276
Reputation points
commented 2024-08-05T07:11:57.2833333+00:00
EnterpriseArchitect
5,276
Reputation points
1 answer
I am unable to create my azure student free subscription
I am university student pursuing my bachelor degree and unable to create my azure free student subscription. I need your help to create my Azure student free subscription account. ? I've completed the verification process, but I'm still having trouble .…
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,040 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
851 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
284 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
246 questions
asked 2024-08-02T05:35:28.66+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 57.00000000000001%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
mustafa gharakiya wala
0
Reputation points
edited the question 2024-08-02T07:29:52.96+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 86%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AmaranS
5,380
Reputation points Microsoft Vendor
1 answer
Denying OpenAI Resource Creation with Abuse Monitoring Enabled using Azure Policy
How can I create an Azure policy to deny the creation of OpenAI resources with abuse monitoring enabled, when my current policy only marks resources as non-compliant after creation? PS - Based on common issues that we have seen from customers and other…
asked 2024-08-01T08:17:29.8633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SwathiDhanwada-MSFT
18,656
Reputation points
answered 2024-08-01T08:17:51.9233333+00:00
SwathiDhanwada-MSFT
18,656
Reputation points