Azure Custom Policy shows Non-compliant even after remediation task is successful

Rajesh Swarnkar 911 Reputation points
2023-09-14T03:07:38.2633333+00:00

Hello,

I have applied this custom policy to apply Azure Monitor agent agent on windows hosts and create association with Data collection rule

A remediation task is run as well which shows up the host performance details being collected in LAW.

However, the policy still complaints about non-compliance.

How do I determine the cause and troubleshoot this?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,665 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
1,019 questions
{count} votes

Accepted answer
  1. AnuragSingh-MSFT 21,551 Reputation points Moderator
    2023-09-20T07:32:28.1733333+00:00

    Rajesh Swarnkar, thank you for posting this question.

    In addition to the replies shared above, please find the following information that should help you in this regards:

    1. To understand the exact reason of non-compliance, you can click on the "Details" option in the "Resource Compliance" section for the specific non-compliance policy. This will open a blade with the evaluation causing the failure in compliance -

    User's image

    1. For your other question to understand a way to fix the policy definition, for absent "existenceCondition" would actually depend on the end goal. For example, should it be present or not? An easy way to understand the expected state of a resource for which the policy is defined is to export its ARM template from portal and review the fields and values available. For details see - Use Azure portal to export a template. Based on its state, you may choose to apply the correct existence condition. The VS Code extension for Azure Policy comes in very handy during the development/debugging phase as you would be able to evaluate the policy locally before assigning it.

    Hope this helps.

    If the answer did not help, please add more context/follow-up question for it, and we will help you out. Else, if the answer helped, please click Accept answer so that it can help others in the community looking for help on similar topics.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Tushar Kumar 3,371 Reputation points MVP
    2023-09-18T13:05:58.3633333+00:00

    Hi Rajesh Swarnkar

    Policy evalutaion takes 24hrs to run refresh, If you want to run an on demand evalution you can follow the below link to trigger on-demand using powershell/API.

    https://learn.microsoft.com/en-gb/azure/governance/policy/how-to/get-compliance-data#on-demand-evaluation-scan---azure-powershell

    Please Click "Accept as answer" if this helps.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.