Share via

Implement exemption in Azure Policies via using Tags and its value.

Rakesh Singh 210 Reputation points
2023-09-13T15:31:40.7066667+00:00

We have different sets of resources in our environment and need to implement some policies for audit and deny. However, we are not able to figure out how to exclude resources based on their tags and its value. We cannot just exclude whole RGs or subs. Need assistance.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
911 questions
Accepted answer
  1. Tushar Kumar 3,331 Reputation points MVP
    2023-09-13T18:59:55.14+00:00

    Hi Rakesh,

    You can use logical operators to exclude the tags under all resources:

    https://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-logical-operators

    Example:

    "policyRule": {
   "if": {
      "allOf": [
         {
            "field": "tags['tagName']",
            "notEquals": "tagValue"
         }
      ]
   },
   "then": {
      "effect": "deny" // Or "audit" depending on your needs
   }
}

    Please click "Accept as Answer" if it helps.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.