Azure Policy target only windows

Jesper Mogensen 0 Reputation points
2024-05-10T08:25:57.5633333+00:00

Hello! :)

I am fairly new to Azure Policy, I am trying to create a policy to target windows servers that doesn't have AHUB enabled, however this policy keeps getting Linux machines in aswell.

Why is that, when I state it should be windowsserver or dynamics?

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "anyOf": [
            {
              "field": "type",
              "equals": "Microsoft.Compute/virtualMachines"
            }
          ]
        },
        {
          "anyOf": [
            {
              "field": "Microsoft.Compute/virtualMachines/storageProfile.imageReference.publisher",
              "equals": "MicrosoftDynamicsAX"
            },
            {
              "field": "Microsoft.Compute/virtualMachines/storageProfile.imageReference.publisher",
              "equals": "MicrosoftWindowsServer"
            }
          ]
        },
        {
          "field": "Microsoft.Compute/virtualMachines/licenseType",
          "notEquals": "Windows_Server"
        }
      ]
    },
    "then": {
      "effect": "audit"
    }
  },
  "parameters": {}
}
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
912 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Prashant Kumar 780 Reputation points Microsoft Employee
    2024-06-11T06:52:10.83+00:00

    The Audit effect policy works like this only. VMs(resource type in IF) matching all the policy conditions will be marked as non-compliant and remaining VMs(linux/windows) that do not match will be compliant.

    To avoid this and only get Windows VM in compliance report, please use AuditIfnotexists effect.

    https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-audit-if-not-exists

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.