Share via

Prevent users from Deploying Premium_SSD as os disk and data disk during Deployment in Portal (Validation phase should fail).

Dhawal Patel 20 Reputation points
2023-09-09T04:20:11.88+00:00

Prevent users from Deploying Premium_SSD as os disk and data disk during Deployment in Portal (Validation phase should fail).

The below does not work and passes the Validation Phase:

"parameters": {
      "allowedStorageTypes": {
        "type": "Array",
        "metadata": {
          "displayName": "allowedStorageTypes",
          "description": "Allowed storage types for OS disk"
        },
        "defaultValue": [
          "Premium_LRS"
        ]
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Compute/virtualMachines"
          },
          {
            "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.storageAccountType",
            "in": "[parameters('allowedStorageTypes')]"
          },
          {
            "field": "Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.storageAccountType",
            "in": [
              "Premium_LRS",
              "Premium_ZRS"
            ]
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  },
}


Also the below policy  passes the Validation phase:

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/disks"
        },
        {
          "field": "Microsoft.Compute/disks/sku.name",
          "equals": "Premium_LRS"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {}
}

So i need something that Does not pass the "Validation Phase" in Portal.

Azure Disk Storage
Azure Disk Storage
A high-performance, durable block storage designed to be used with Azure Virtual Machines and Azure VMware Solution.
668 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
1,020 questions
0 comments
Accepted answer
  1. Sumarigo-MSFT 47,471 Reputation points Microsoft Employee Moderator
    2023-09-20T13:21:04.5633333+00:00

    @Dhawal Patel Firstly, Apologies for the delay response!

    Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    Try the below mentioned Custom Policy and let me know the status 

    {
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        {
          "field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.storageAccountType",
          "equals": "Premium_LRS"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {}
}

    Policy to Prevent Premium_SSD as Data Disk:

    Create a separate policy to prevent users from deploying Premium_SSD as data disks:

    {
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        {
          "field": "Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.storageAccountType",
          "equals": "Premium_LRS"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {}
}

    This policy rule denies the deployment of virtual machines with Premium_LRS storage account type for both OS disk and data disks. Please note that this policy rule should be assigned to the appropriate scope and the policy assignment should be in effect before the deployment.

    I wish to engage with you offline for a closer look and provide a quick and specialized assistance, please send an email with subject line “Attn:subm” to AzCommunity[at]Microsoft[dot]com referencing this thread and the Azure subscription ID, I will follow-up with you.  Once again, apologies for any inconvenience with this issue.
    Thanks for your patience and co-operation.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Dhawal Patel 20 Reputation points
    2023-09-21T04:02:38.11+00:00

    Thanks @Sumarigo-MSFT for the answer.

    Looks like the first one is working, but second one(Policy to Prevent Premium_SSD as Data Disk:) is still passing Validation Phase.

    Can you help there.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.