Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
817 questions
1 answer
Azure Default Policy preventing us creating or amending resources
Came into work after a weekend, and we noticed that Azure resources (VM's, AVD, Storage accounts etc), would not lets us create or amend settings because of a deny error with the Azure Default Policy (error below) Resource '#########' was disallowed by…
asked 2024-05-29T09:55:57.41+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 71%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGT%3C/text%3E%3C/svg%3E)
Graham Thackery
6
Reputation points
commented 2024-06-05T16:19:46.9666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 74%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGW%3C/text%3E%3C/svg%3E)
Gavin Wickens
0
Reputation points
0 answers
Does the current SQL Database TLS Policy check if nothing is selected?
We recently implemented a built-in Azure Policy, that checks for the minimum TLS Version to be 1.2. -…
asked 2024-06-04T00:35:40.3333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 48%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPG%3C/text%3E%3C/svg%3E)
Pooja Goel
0
Reputation points
commented 2024-06-04T18:50:52.8366667+00:00
tbgangav-MSFT
10,411
Reputation points
1 answer
Azure Policy & VM JIT - Do not allow Any as source
I am currently trying to prevent users from requesting Azure JIT VM access coming from the Source IP addresses "Any". According to this thread, https://learn.microsoft.com/en-us/answers/questions/846584/azure-vm-jit-do-not-allow-any-as-source ,…
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,409 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,060 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
817 questions
asked 2024-05-14T12:27:20.6233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 14.000000000000002%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJE%3C/text%3E%3C/svg%3E)
Jara Entren
20
Reputation points
edited the question 2024-06-03T12:05:35.69+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
29,676
Reputation points Microsoft Employee
2 answers
How to create a overview over all VMs and his CIS compliance status?
Is there any way to generate an overview to see the CIS compliance coverage over all virtual maschines? Me problem is, we need to use CIS Images vor VMs but some applications need the possibility to deactivate some of the CIS rules to work correctly. So…
asked 2024-05-15T07:00:47.17+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 17%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
Rust, Christopher
0
Reputation points
edited the question 2024-06-03T12:03:07.5933333+00:00
Givary-MSFT
29,676
Reputation points Microsoft Employee
0 answers
"ResourceNotFound" Error from the existing Azure Policy once the VM was deployed
I am trying to add MDE for all the resources. I know there is an "Endpoint Protection" function on server's service of CWP. But my requirement is that we need to control MDE's deployment by policy. So, I purchased the CWP server's service but…
asked 2024-06-03T05:03:05.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 59%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBY%3C/text%3E%3C/svg%3E)
Barry Yuan
0
Reputation points
edited the question 2024-06-03T05:05:47.4333333+00:00
Barry Yuan
0
Reputation points
1 answer
My Azure Student Suscription suddenly was deactivated
Today I was developing a simple API in Go for learning purposes. I had installed go and set up the server using localhost on port 8080 and when it came to testing my host lost connection to remote and an email arrived explaining that my Azure…
asked 2024-05-28T20:22:56.6+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 9%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
Juan David Padilla Diaz
0
Reputation points
answered 2024-05-29T07:07:23.3+00:00
SadiqhAhmed-MSFT
39,916
Reputation points Microsoft Employee
1 answer
Problem with "exclude" user/target resource in conditional access policy
Hi, I have been trying to restrict 1 user to access only 1 app on Azure Entra ID, so I use the condition access policy under security tab. I have put the conditions as follows: user: userx@microsoft.com Target Resources: Include All cloud apps &…
asked 2024-05-28T10:28:15.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 37%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Atima Thong
0
Reputation points
commented 2024-05-29T06:32:54.36+00:00
Givary-MSFT
29,676
Reputation points Microsoft Employee
1 answer
Configure machines to receive a vulnerability assessment provider azure policy confusion
hi, can anyone please tell me why does the following Azure Policy Configure machines to receive a vulnerability assessment provider https://www.azadvertizer.net/azpolicyadvertizer/13ce0167-8ca6-4048-8e6b-f996402e3c1b.html has two options for the…
asked 2024-05-27T13:42:11.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 28.000000000000004%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA0%3C/text%3E%3C/svg%3E)
AdamBudzinskiAZA-0329
91
Reputation points
edited a comment 2024-05-28T09:00:19.51+00:00
Stanislav Zhelyazkov
21,846
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
Unable to add application access policy: The remote name could not be resolved 'webdir.online.lync.com'
I am unable to add an application access policy to my organization due to the following error: I need an application access policy as my organization would like to use Microsoft Graph API and application access policy is needed for some of the APIs.
asked 2024-05-14T13:59:49.71+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 85%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAD%3C/text%3E%3C/svg%3E)
Ana Dudita
20
Reputation points
commented 2024-05-27T09:30:56.6333333+00:00
Ana Dudita
20
Reputation points
3 answers
Unable to deployment many 3rd party product from Azure Marketplace
Every time I try to deploy a product from the Azure Marketplace. I get an error at the validation step that looks like this: Is there any way to resolve this?
asked 2022-08-28T15:51:09.097+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 78%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Dagni McPhee
1
Reputation point
commented 2024-05-25T21:56:44.7866667+00:00
Dagni McPhee
1
Reputation point
1 answer
How can i export Azure policy controls output
I am trying to export the output of azure policy controls output into an excel file so that they can be tracked in the form of a report that i can present, if i copy and paste from the portal the formatting is all over the place. I was wondering if…
asked 2023-11-02T16:21:12.98+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 39%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MrFlinstone
501
Reputation points
commented 2024-05-22T09:34:11.9466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 37%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rajesh Sao
0
Reputation points
1 answer
Problem with subscription creating Azure AD B2C tenant
Hi everyone, i'm trying to separate my app environments so i want to create AD B2C tenants and their resources per environment (develop and production). I've created a Azure AD B2C tenant, but it doesn't have any subscription, so i can't create any…
asked 2022-12-07T14:09:18.067+00:00
Bruno Caruso
41
Reputation points
commented 2024-05-20T14:05:32.7+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 75%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Russell Gilbert
0
Reputation points
2 answers
Bug in built-in activity log alert should exist policies
We use the following built-in policies to ensure activity log alerts are created for certain…
asked 2023-11-10T07:41:23.96+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 7.000000000000001%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENG%3C/text%3E%3C/svg%3E)
neok-g
36
Reputation points
edited an answer 2024-05-15T19:44:01.2133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 43%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Monalla-MSFT
12,686
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure VM JIT - Do not allow Any as source
Hello gents, I'm having some issues with JIT for Azure VMs. We want to use JIT to allow externals (Third-parties or contractors) to access specifics VMs remotely. As we have an huge list of externals (big enterprise, long list of applications…
asked 2022-05-12T07:55:25.313+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 69%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Ted
191
Reputation points
commented 2024-05-14T09:52:18.11+00:00
Jara Entren
20
Reputation points
4 answers
Azure Policy- Remediating Managed Disks to Disable Public Access+Disable Private Endpoint
Hello Microsoft and Community, There is a built in policy for Managed Disks: Managed disks should disable public network access and there is one remediation/configuration called: Configure managed disks to disable public network access But,on closer…
asked 2023-07-02T10:00:17.0733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 27%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Aditya Garg
61
Reputation points
answered 2024-05-08T14:37:28.9533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 74%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWA%3C/text%3E%3C/svg%3E)
Winter, Ashley
0
Reputation points
0 answers
I am using the azure policy to whitelist the domain for outbound connectivity from Azure Data Factory to other services. But facing issues in connectivity due to throttling applied on policy.
I am using the azure policy (https://learn.microsoft.com/en-us/azure/data-factory/configure-outbound-allow-list-azure-policy) which is applied at resource group level. This policy is working as expected and is only allowing outbound connectivity to the…
asked 2023-11-27T13:36:07.8833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 75%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHD%3C/text%3E%3C/svg%3E)
Harshwardhan Deshmukh
5
Reputation points
commented 2024-05-06T22:12:53.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 99%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Shahzad
0
Reputation points
1 answer
How to automate turning off or suspending some Azure services to save money?
What Azure objects can we suspend or turn off outside business hours to save running costs? App Service: The app service implements the message compose experience in the team tab and the messaging endpoint for the bot. Service Bus: The individual…
asked 2024-05-05T13:46:36.69+00:00
EnterpriseArchitect
4,956
Reputation points
edited an answer 2024-05-05T14:46:41.47+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sina Salam
5,711
Reputation points
2 answers
One of the answers was accepted by the question author.
Implement exemption in Azure Policies via using Tags and its value.
We have different sets of resources in our environment and need to implement some policies for audit and deny. However, we are not able to figure out how to exclude resources based on their tags and its value. We cannot just exclude whole RGs or subs.…
asked 2023-09-13T15:31:40.7066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rakesh Singh
20
Reputation points
commented 2024-05-02T16:34:35.4366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 61%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKD%3C/text%3E%3C/svg%3E)
Kozak, Daniel
0
Reputation points
2 answers
One of the answers was accepted by the question author.
How to access a <send-request> reponse variable in azure apim policies
I am trying to add a oauth2 callout to my azure apim policy. I do a <send-request> <send-request mode="new" response-variable-name="tokenResponse" timeout="20" ignore-error="false"> …
asked 2024-05-02T08:07:33.0066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 54%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHH%3C/text%3E%3C/svg%3E)
Hendriks, Hugo
20
Reputation points
accepted 2024-05-02T10:32:11.8933333+00:00
Hendriks, Hugo
20
Reputation points
0 answers
Azure APIM Developer Portal - Need help with handling CORS errors
Hello, I'm trying to test an API operation, but when I provide an invalid subscription key, the error message returned is related to CORS rather than an invalid subscription error message. However, I receive a success response when using a valid…
asked 2024-04-25T14:54:17.6033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 85%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHP%3C/text%3E%3C/svg%3E)
Hari Prathipati
0
Reputation points
edited a comment 2024-05-01T05:15:56.5666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(0, 59%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
JananiRamesh-MSFT
22,996
Reputation points