This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 68%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hello,
Is it possible to bypass Azure policy for specific AD users or AD groups while creating objects in AKS
Hey @KarishmaTiwari-MSFT , could you please help on this. Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
@Tanul Let me investigate it and get back to you. Thanks.
@KarishmaTiwari-MSFT Thanks
Hope you are doing well. Did you get any update on this.
Hello @Tanul !
Do you have an update on your issue ?
In case any answer helped kindly mark it as Accepted and upvote so others can benefit as well!
Regards
Hello @Tanul !
i am working on your case and i have found something that is quite simple !
My example is as follows:
You will find a Policy Configure AAD integrated Azure Kubernetes Service Clusters with required Admin Group Access
Duplicate it and before saving , change the name and select from the bottom the Roles you want
When you are ready to assign the Policy you will see that you will be able to select the Object ID of the Grouo you want , also the resource to narrow down from the Resource Selector . You can also customize the policy definition according to your needs
Be careful to write the Object ID as ["1234-1234-1234-1234"] , add the quotes
Regarding the Exclusion based on AAD Group , i am working on a Solution but i need more time . So i post this to answer the initial question of this thread.
My Question before was if a workaround could fit your needs, bt i think this is more straight forward
Please send any feedback i would be extremely happy to make this work for you , as i am also iin need of a similar solution!
If this helped kindly mark the answer as Accepted and upvote or send us additional feedback !
Regards
I tried looking for this role selections. But unable to find them anywhere. But yes, you are correct. In the same way we need to by-pass the policy for specific azure ad groups. So that user belonging to that group can do anything.
Hello @Tanul
Find the Policy
Configure AAD integrated Azure Kubernetes Service Clusters with required Admin Group Access
The policy includes these!
Regards
Tanul Checking in to see if the suggestions shared by Konstantinos above helped. If you are still seeing the issue, let me know in the comments and send an email to 'Azcommunity@microsoft.com' with the subject-Attn:Katiwa with a link to this thread, for further investigation.
If any of the responses helped, please 'Accept as answer' and/or hit 'Yes' to mark as 'helpful'. Thanks.
Tanul Checking in to see if the suggestions shared by Konstantinos above helped. If you are still seeing the issue, let me know in the comments and send an email to 'Azcommunity@microsoft.com' with the subject-Attn:Katiwa with a link to this thread, for further investigation.
If any of the responses helped, please 'Accept as answer' and/or hit 'Yes' to mark as 'helpful'. Thanks.
@KarishmaTiwari-MSFT Hey, no the answers didn't help. Will reach out to you once I get another Azure subscription. Waiting for that
Hello @Tanul !
Since i have created a lot of scenarios would you help me understand a little bit more ?
For example , are you referring to a specific Azure Policy ?
Is this a Custom Policy Definition that locks down Kubernetes actions ?
If you could help me a little bit more i will really appreciate your input!
Thank you !
Hello @Tanul !
Thanks i was getting overwhelmed so thanks again! Yes i managed something with the Built In Azure Policy but as i can see you could not find it , I will get back later today , although it seems MS does not have something at this time to help.
Regards
Hello @Chauhan, Shikha
I think it is futile to research it more .
This is from Azure CoPilot :
Azure Policy is a tool that allows organizations to create and enforce policies over resources in Azure. It provides a way to enforce compliance with corporate standards and government regulations. In AKS, Azure Policy can be used to audit and enforce secure configurations. However, it is not possible to bypass Azure Policy for specific AD users or AD groups while creating objects in AKS. Azure Policy applies to all resources in the subscription, and it cannot be selectively applied to specific users or groups.
For more information, you can refer to the Azure Policy Regulatory Compliance controls for Azure Kubernetes Service (AKS).
I am trying to create a parameter with AD Groups but failing so i can say NO it is not possible
--
The answer or portions of it have been assisted by AI Source: Azure CoPilot
Kindly mark the answer as Accepted and Upvote in case it helped or post your feedback to help !
Regards