I am uanble to upgrade my account because my billing access was changed automatically by Azure
Recently my account was disabled. I would like to find out how to enable it and upgrade it. Its not letting me upgrade.
Setting up Azure Firewall for network perimeter
How can I set up Azure Firewall for better security and at more of the resource group level? I already have a network security group (NSG) set up with IP whitelisting for an exposed endpoint, but I'm not sure how to connect the filtered traffic to the…
![](https://techprofile.blob.core.windows.net/images/Nd_pi7-IHkuDC3BVgl0RFQ.png?8D81F2)
How to restrict users from deploying the resources in a RG when a specified tag is applied to that RG?
I already know how to deny resource deployment when a specific tag is missing using Azure custom policies. Now, I'm interested in creating a custom policy that prevents users from deploying resources in a resource group if a particular tag exists for…
I am working on azure policy where an alert will be generated if a RBAC role is assigned with a blob data action permissions on a storage account. Can anyone please help in correcting the code I have written.
{ "mode": "All", "policyType": "Custom", "displayName": "Audit Creation of RBAC Roles for Storage Accounts", "description": "This policy audits any new or updated RBAC…
![](https://techprofile.blob.core.windows.net/images/Z1PCM1zxm0SLa41PVP7B7g.png?8DA865)
Create VM issue with Not allowed resource types - virtualNetwork
If I apply a new Azure policy to the management group which has been associate to the subscription. There is a configuration for "Not allowed resource types" with virtualNetwork. Could I create the new VM to existing VNet? Because we have…
Find the resources which are untagged / not having any Tags in a Subscription
How to find all the resources which are Untagged / Not having any tags in a subscription Via PowerShell Script or Policies
How to exempt a particular Service Principal (SPN) / App registration from the denial actions enforced by a Azure custom policy
Hello, I've implemented a deny policy to prevent end users from deploying unauthorized resources. However, this policy is also affecting the automation within the service principal's account. Now, I want to find a way so that it should allow this…
The template deployment failed because of policy violation.
When I attempt to run through Exercise1 - Create a WordPress website hosted in Auzure, I encounter "The template deployment failed because of policy violation." while creating the WordPress Detailed: Information: "galleryItemId":…
How can I create a custom Azure policy to prevent/deny manual resource creation in resource groups while allowing automated creation through GitHub Actions or Azure Automation?
How can I create a custom Azure policy to restrict end users from manually creating resources in resource groups and prevent unauthorized peerings with existing VNets, while also allowing the creation of resources through GitHub action automation or…
Looking for Kusto query or a azure policy where an alert should be generated when azure blob data action role permissions are assigned on a built in or custom role for a storage account.
{ "mode": "All", "policyType": "Custom", "displayName": "Audit Blob Data Action Role Permissions Assignments", "description": "Audits when roles with Azure Blob data…
How deny policy or rule inherits from Root Tenant to resource level
I am trying to understand how deny policy/rule works in terms of inheritance. If I create a deny policy of - "not able to create resources" at Root Tenant. Under the root tenant I have a management group IT and a Dev subscription under this…
How to lock the Vnet peerings like we lock the the resources in resource group once after we create them?
To prevent unauthorized peerings to other Vnets after creation, it's essential to lock the peerings to restrict access for other users from creating unnecessary peerings. How to do that? Can anyone help me out with this? Thanks.
Azure policy is not working on App services
I have created azure policy for app service that do not assign any public IP and set default TLS 1.3 but still I can be able to create app services with default settings.
Exempt Azure policy for Users in specific AD group?
Hello, Is it possible to bypass Azure policy for specific AD users or AD groups while creating objects in AKS
![](https://techprofile.blob.core.windows.net/images/KhnRGP5_AwAAAAAAAAAAAA.png?8DBA61)
Why ceating private endpoint in existing key vault blocks the public access from all network as well as selected network fails?
In Key Vault, Customer firewall is set to public and some to selected network with list of IPs. As soon as we create private endpoint, all other previous connection with pubic/selected network fails. But based on below documentation, I would like…
MicrosoftDNSAgent extension
Hello Team, I am planning install/deploy MicrosoftDNSAgent extension. I have already applied AMA policy with DCRs. now planning to choose unified method to deploy and configure MicrosoftDNSAgent extension by policy since AMA and scope specific DCR…
Deny assignment for data plane actions
Can deny assignments be defined to block data plane actions (prevent deletion of blobs inside a storage account for example)? I know that Blueprints or Azure policy can provide some level of denial to delete actions it doesn't look like it covers data…
Azure initiative for ISO 27001:2022
We have to implement ISO 27001:2022 at Azure Switzerlan. Is there an azure initiative for ISO 27001:2022? There is currently one for ISO27001:2013. Does anyone know what should be changed for 27001:2022?
![](https://techprofile.blob.core.windows.net/images/bdEkjwFAAwAAAAAAAAAAAA.png?8DBC4E)
![](https://techprofile.blob.core.windows.net/images/CQy6GKaTtkuf-uymfuwhzA.png?8DBAFA)
While doing remediation in Azure policy assignment getting below error
While doing remediation in Azure policy getting error: Evaluation of DeployIfNotExists policy was unsuccessful. The policy assignment…
Extracting resource compliance states | How to download data for resource compliance states in Azure Policies|
I have several Azure Policies, and from the portal If I go to the assignments and look at the policy I can get the compliance percentage and status of each resource (Compliant or not-compliant), However there is no way for me to download to the data to…