How to exclude VM auto-shutdown from Tag policy

Question

I recently created policies to enforce the creation of certain tags on new Azure resources. Now when I try to enable auto-shutdown on an existing VM that is otherwise compliant with the tag policy I get an error:

 Schedule failed to update {"error":{"code":"RequestDisallowedByPolicy","target":"shutdown-computevm-","message":"Resource 'shutdown-computevm-' was disallowed by policy. 

Is there a way to exclude auto shutdown from the tag policy?

Answer 1

Hello @Elliott Kurtz

Welcome to Microsoft Q&A, Thank you for posting your query here!!

Yes, you can exclude certain resource types or specific resources from Azure Policy enforcement. Policy exemptions allow you to create exceptions for specific resources or resource types, allowing them to bypass the policy enforcement.

Please refer to the document which has CLI commands, to create a policy exemption for your existing VM to exclude it from the tag policy enforcement and enable auto-shutdown.

https://learn.microsoft.com/en-us/cli/azure/policy/exemption?view=azure-cli-latest

Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.

Answer 2

The auto-shutdown function is actually a hidden resource located in the resource group. Its type is "microsoft.devtestlab/schedules".

In my opinion, it would be best to exclude in the policy definition that requires tags for this type of resource (microsoft.devtestlab/schedules) instead of making an exception for the entire VM.