Create custom policy for Azure VM snapshot creation to be LRS only
We are taking backup of snapshot of OS and data disk of Azure VMs on need basis. We want the snapshot to be taken only as Full snapshot and storage type as Standard LRS. Could you kindly suggest how we can create a custom policy to have this…
How to reset Owner Account password for old Azure account which does not have password reset policy set
Hi All, I am working on resetting password for Cloud Owner account and while doing that I get message that the account does not have "reset password policy setup". I am not sure who did the setup for this account, but it is setup in a very odd…
What is guest configuration extension in azure
Hi Team, We are geeting Microsoft defender for cloud recommendation for enabling the Guest configuration extension. Can someone explain the precise use of the Guest configuration extension and why we should use it? How to configure from the Azure portal
Custom policy export feature on portal.
Hi , so I am trying find out if the EXPORT POLICY feature that used to be available on the Azure portal was removed? I have use it a while back but I don't see that option on there any more .
Azure arc machine configuration deployment error
Hello I am attempting to deploy sample machine configuration for an Azure arc machine resource following the steps mentioned in https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/overview except for…
MicrosoftDNSAgent extension
Hello Team, I am planning install/deploy MicrosoftDNSAgent extension. I have already applied AMA policy with DCRs. now planning to choose unified method to deploy and configure MicrosoftDNSAgent extension by policy since AMA and scope specific DCR…
![](https://techprofile.blob.core.windows.net/images/wvucs57W60C8OxCfboCnMw.png?8D8090)
MONITOR PIPELINE ACTIVITY
Hi, I'm working on monitoring the success or failure status of AML jobs on Log Analytics. However, I don't know which tables in Log Analytics contain logs of AML jobs. I followed this documentation…
![](https://techprofile.blob.core.windows.net/images/UVyLn-Xlr0apNce5TRX1RA.png?8DBA3B)
How to provide an array value to az policy definition create --metadata
When I create a policy definition using the portal with category "Guest Configuration", the resulting policy definition correctly includes "requiredProviders": ["Microsoft.GuestConfiguration"] in the metadata section. I am…
![](https://techprofile.blob.core.windows.net/images/8e7482a06e664b24a43dfb238c317fe1.png)
can't assign azure policy remediation to arc machines with MDE.Windows extensions i get error PolicyRemediationFailure
Can't deploy azure policy remediation to arc machines with MDE.Windows extensions i get error PolicyRemediationFailure The 'PUT' request failed with status code: 'BadRequest'. Inner Error: 'The resource with name 'HybridWorkerExtension' and type…
Same policy have different behavior in azure apim
I have an Azure API Management policy that displays a warning when saved, but it functions correctly works for my needs. But some clients encounter errors when saving, such as in the policy snippet below. <set-variable name="labels"…
Azure Policy - Remediation task not running on newly deployed resource
Hi. I created new policy that assign data collection EP to VM inside existing data collection rule. I provided this policy to my customer. The policy running on existing VMs in data collection rule, but when customer create new VM, the policy mark the VM…
![](https://techprofile.blob.core.windows.net/images/JdTkuVU2vkiAUNQVBpPS4Q.png?8DA274)
Azure Policy for enabling diagnostic settings for WebApp/Function App - No resources remediated
I am working in an existing Azure environment where there is no governance and I am in the process of creating Azure Policies. Currently I am working on creating Azure Policy to enable Diagnostic settings for Azure Web App, Azure Function App and Web…
Policy to block the creation of NSGs with rules that allow RDP or SSH access from the Internet
I have been creating a policy that should allow the creation of private IP Network Security Groups (NSGs) in the following IP range (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) with the ports SSH and RDP. I have a problem and it is that I do not know how…
Azure Policy: Inheriting a Tag and Its Value from Subscription to Resource Groups
Is it possible to create an Azure policy that can automatically inherit a tag and its value (no matter what the value are) from the subscription to the resource group? The tag is always the same, for instance, Application, but the value can change…
Azure Policy for enabling diagnostic settings for WebApp/Function App - No resources remediated
I am working in an existing Azure environment where there is no governance and I am in the process of creating Azure Policies. Currently I am working on creating Azure Policy to enable Diagnostic settings for Azure Web App, Azure Function App and Web…
![](https://techprofile.blob.core.windows.net/images/ny8DxPvPMky3dIOsQ9_3Dg.png?8DC7C0)
Suspension or cancelation subscriptions policies
Hello team , when a customer has a reserved instances and the partner put the customer in a suspension services, how is the managed for the instances?
![](https://techprofile.blob.core.windows.net/images/84eXqZh4KEGayKJ9OOltlQ.png?8DBCF1)
Azure Policy: check subscription role assignments
Hi everyone We have different types of users in our Azure AD. Only a certain subset of them are allowed to administer Azure resources. Those all start with "ACO" or "ACA". We now wish to create an Azure Policy that checks whether only…
Enabling periodic assessment automatically for the VM
After creating the VM, I should see that periodic assesment option to be enabled a when I navigate to update section. how it can be achieved?
Azure deny policy not working correctly
Hi, Currently I am trying to create various policies. One of those is to allow the creation of a storageAccount but disallow the creation of Queues. The policy is deployed through the use of a Bicep template: resource policyBlockResourceTypes…
How to disable SSPR for specific users?
We have 3 computers that share a Microsoft 365 account. While replacing one of the 3 computers, Microsoft asks for "More information required ... Your organization needs more information to keep your account secure" and then requests that I…