Policy to block the creation of NSGs with rules that allow RDP or SSH access from the Internet
I have been creating a policy that should allow the creation of private IP Network Security Groups (NSGs) in the following IP range (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) with the ports SSH and RDP. I have a problem and it is that I do not know how…
Azure Policy: Inheriting a Tag and Its Value from Subscription to Resource Groups
Is it possible to create an Azure policy that can automatically inherit a tag and its value (no matter what the value are) from the subscription to the resource group? The tag is always the same, for instance, Application, but the value can change…
Azure Policy for enabling diagnostic settings for WebApp/Function App - No resources remediated
I am working in an existing Azure environment where there is no governance and I am in the process of creating Azure Policies. Currently I am working on creating Azure Policy to enable Diagnostic settings for Azure Web App, Azure Function App and Web…
Suspension or cancelation subscriptions policies
Hello team , when a customer has a reserved instances and the partner put the customer in a suspension services, how is the managed for the instances?
Azure arc machine configuration deployment error
Hello I am attempting to deploy sample machine configuration for an Azure arc machine resource following the steps mentioned in https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/overview except for…
Custom policy export feature on portal.
Hi , so I am trying find out if the EXPORT POLICY feature that used to be available on the Azure portal was removed? I have use it a while back but I don't see that option on there any more .
Azure Policy: check subscription role assignments
Hi everyone We have different types of users in our Azure AD. Only a certain subset of them are allowed to administer Azure resources. Those all start with "ACO" or "ACA". We now wish to create an Azure Policy that checks whether only…
Enabling periodic assessment automatically for the VM
After creating the VM, I should see that periodic assesment option to be enabled a when I navigate to update section. how it can be achieved?
Azure Policy for enabling diagnostic settings for WebApp/Function App - No resources remediated
I am working in an existing Azure environment where there is no governance and I am in the process of creating Azure Policies. Currently I am working on creating Azure Policy to enable Diagnostic settings for Azure Web App, Azure Function App and Web…
Azure deny policy not working correctly
Hi, Currently I am trying to create various policies. One of those is to allow the creation of a storageAccount but disallow the creation of Queues. The policy is deployed through the use of a Bicep template: resource policyBlockResourceTypes…
How to disable SSPR for specific users?
We have 3 computers that share a Microsoft 365 account. While replacing one of the 3 computers, Microsoft asks for "More information required ... Your organization needs more information to keep your account secure" and then requests that I…
How to determine if my company is using the gov cloud or the global cloud?
I am working on our organizations compliance status and trying to determine which version of Azure and O365 we purchased. We should be using the Gov cloud option but I'm not sure how to tell. Thanks.
Disable trusted launch Azure VM
Hello Everyone, I have an issue with one of my VM's on Azure. This machine was previously created with Trusted Launch enabled on it(Don't know why). Now, I can't backup it up with my default backup policy, only with enhanced one which is…
Import powershell module in guest configuration script resource
Hi, I'm trying to create a guest configuration to monitor if the VM enabled Windows defender realtimeMonitoring. Here is my code: Configuration EnableRealtimeMonitoring { Import-DscResource -ModuleName 'PSDscResources' …
How to fix Creating policy assignment 'Policy be Zone Resilient' in 'Subcription Name' failed. Reason: Could not find a version of policy definition: '/providers/Microsoft.Authorization/policyDefinit
Creating policy assignment 'Policy should be Zone Resilient' in 'Subcription Name' failed. Reason: Could not find a version of policy definition: '/providers/Microsoft.Authorization/policyDefinitions/xxxxx-xxx-xxx' that matches '1..'. The available…
Azure Policy Deployifnotexist Nested Templates and Parameters
Hello, I have a policy to deploy an alert on all subs not having it (as you can not create alert with MG group scope for now)...And I was not able to have parameters bein taken into account from the Policy down to the two nested templates for the…
Azure Custom Based Policy Migration
Azure Custom Based Policies needs to be migrated to new subscription any tool available or else need to recreate all policies manually Kindly advise
Azure Custom Based Policy Migration Tool
Need to Migrate Azure Custom Based Policy from one subscription to another subscription. any migration tool available. Kindly Advice
How to exclude a group of users in an azure policy from deny action
current situation: there is a zure policy with deny action that prohibits the deletion of resource groups and resources. requirement: create a user group in azure in which every member of that group is excluded from the azure policy deny action
Policy written in azure purview
You can manage all the Azure resources under the same policy in Azure Purview. To manage all Azure resources under the same policy in Azure Purview, you can create a single policy that covers an entire resource group or subscription. This approach…