Hello @Tanul !
Ok ! i got what you want !!!
Please Hold On !
making the example!
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
Is it possible to bypass Azure policy for specific AD users or AD groups while creating objects in AKS
Hello @Tanul !
i am working on your case and i have found something that is quite simple !
My example is as follows:
You will find a Policy Configure AAD integrated Azure Kubernetes Service Clusters with required Admin Group Access
Duplicate it and before saving , change the name and select from the bottom the Roles you want
When you are ready to assign the Policy you will see that you will be able to select the Object ID of the Grouo you want , also the resource to narrow down from the Resource Selector . You can also customize the policy definition according to your needs
Be careful to write the Object ID as ["1234-1234-1234-1234"] , add the quotes
Regarding the Exclusion based on AAD Group , i am working on a Solution but i need more time . So i post this to answer the initial question of this thread.
My Question before was if a workaround could fit your needs, bt i think this is more straight forward
Please send any feedback i would be extremely happy to make this work for you , as i am also iin need of a similar solution!
If this helped kindly mark the answer as Accepted and upvote or send us additional feedback !
Regards
Hello @Chauhan, Shikha
I think it is futile to research it more .
This is from Azure CoPilot :
Azure Policy is a tool that allows organizations to create and enforce policies over resources in Azure. It provides a way to enforce compliance with corporate standards and government regulations. In AKS, Azure Policy can be used to audit and enforce secure configurations. However, it is not possible to bypass Azure Policy for specific AD users or AD groups while creating objects in AKS. Azure Policy applies to all resources in the subscription, and it cannot be selectively applied to specific users or groups.
For more information, you can refer to the Azure Policy Regulatory Compliance controls for Azure Kubernetes Service (AKS).
I am trying to create a parameter with AD Groups but failing so i can say NO it is not possible
--
The answer or portions of it have been assisted by AI Source: Azure CoPilot
Kindly mark the answer as Accepted and Upvote in case it helped or post your feedback to help !
Regards