The template deployment failed because of policy violation.
When I attempt to run through Exercise1 - Create a WordPress website hosted in Auzure, I encounter "The template deployment failed because of policy violation." while creating the WordPress Detailed: Information: "galleryItemId":…
How can I create a custom Azure policy to prevent/deny manual resource creation in resource groups while allowing automated creation through GitHub Actions or Azure Automation?
How can I create a custom Azure policy to restrict end users from manually creating resources in resource groups and prevent unauthorized peerings with existing VNets, while also allowing the creation of resources through GitHub action automation or…
Looking for Kusto query or a azure policy where an alert should be generated when azure blob data action role permissions are assigned on a built in or custom role for a storage account.
{ "mode": "All", "policyType": "Custom", "displayName": "Audit Blob Data Action Role Permissions Assignments", "description": "Audits when roles with Azure Blob data…
Enabling periodic assessment automatically for the VM
After creating the VM, I should see that periodic assesment option to be enabled a when I navigate to update section. how it can be achieved?
How deny policy or rule inherits from Root Tenant to resource level
I am trying to understand how deny policy/rule works in terms of inheritance. If I create a deny policy of - "not able to create resources" at Root Tenant. Under the root tenant I have a management group IT and a Dev subscription under this…
How to lock the Vnet peerings like we lock the the resources in resource group once after we create them?
To prevent unauthorized peerings to other Vnets after creation, it's essential to lock the peerings to restrict access for other users from creating unnecessary peerings. How to do that? Can anyone help me out with this? Thanks.
Azure policy is not working on App services
I have created azure policy for app service that do not assign any public IP and set default TLS 1.3 but still I can be able to create app services with default settings.
Exempt Azure policy for Users in specific AD group?
Hello, Is it possible to bypass Azure policy for specific AD users or AD groups while creating objects in AKS
![](https://techprofile.blob.core.windows.net/images/KhnRGP5_AwAAAAAAAAAAAA.png?8DBA61)
Why ceating private endpoint in existing key vault blocks the public access from all network as well as selected network fails?
In Key Vault, Customer firewall is set to public and some to selected network with list of IPs. As soon as we create private endpoint, all other previous connection with pubic/selected network fails. But based on below documentation, I would like…
MicrosoftDNSAgent extension
Hello Team, I am planning install/deploy MicrosoftDNSAgent extension. I have already applied AMA policy with DCRs. now planning to choose unified method to deploy and configure MicrosoftDNSAgent extension by policy since AMA and scope specific DCR…
Deny assignment for data plane actions
Can deny assignments be defined to block data plane actions (prevent deletion of blobs inside a storage account for example)? I know that Blueprints or Azure policy can provide some level of denial to delete actions it doesn't look like it covers data…
Azure initiative for ISO 27001:2022
We have to implement ISO 27001:2022 at Azure Switzerlan. Is there an azure initiative for ISO 27001:2022? There is currently one for ISO27001:2013. Does anyone know what should be changed for 27001:2022?
![](https://techprofile.blob.core.windows.net/images/bdEkjwFAAwAAAAAAAAAAAA.png?8DBC4E)
![](https://techprofile.blob.core.windows.net/images/CQy6GKaTtkuf-uymfuwhzA.png?8DBAFA)
While doing remediation in Azure policy assignment getting below error
While doing remediation in Azure policy getting error: Evaluation of DeployIfNotExists policy was unsuccessful. The policy assignment…
Extracting resource compliance states | How to download data for resource compliance states in Azure Policies|
I have several Azure Policies, and from the portal If I go to the assignments and look at the policy I can get the compliance percentage and status of each resource (Compliant or not-compliant), However there is no way for me to download to the data to…
Azure Policy for BlobServices
Hi, community! I'm using this policy in order to audit blob versioning: { "properties": { "displayName": "Custom: Configure your Storage account to enable blob versioning", "policyType":…
Anyone knows for sure if, in Azure Portal, they have controls / policies to implement / be controled by Azure, for the new version of ISO 27001:2022 ?
Hello, i need to know if we can add that kind of controls to be assessed by the Azure portal, instead of the ISO 27001:2013, that already has controls listed; is there a way of add / use the new version of ISO (ISO 27001:2022), within the Policy, inside…
![](https://techprofile.blob.core.windows.net/images/rnwqhQqer0-oefliFOISMA.png?8DC41C)
Unable to run "az deployment mg create" on Tenant Root Group
Trying to deploy a management group structure via Bicep starting 1 level down from "Tenant Root Group". CLI command az deployment mg create needs to target the Tenant Root Group (which has the same ID as the Tenant ID as per…
how to make azure policy definition script that limits the number of resources per resource group? how to make azure policy definition script that limits the number of resources per resource group?
I want to limit the number of resources per resource group. For example, I would like to limit the creation of a maximum of 2 virtual machines and a maximum of 1 DB per resource group. My questions are: Does an Azure Policy Definition that satisfies…
After applying Azure policy for auto update for flagged VM its flagging
created new azure policy for VM automatic update on flagged vm but it still flagging. update name: "Microsoft .NET Core Security Update for January 2024" after update also it still showing old version only. how to auto update this issue using…
Custom azure policy to enable automatic VM guest patching
I would like to enable Automatic VM guest patching using Azure Policy with DeployIfNotExist mode. I drafted a definition but it does not seems to work properly (it shows non compliant VM as compliant). { "mode": "All", …