Delete builtin Azure policies

bematrix2023 1 Reputation point
2023-01-06T19:22:26.243+00:00

Hi,

I would like to delete all builtin Azure policies.
We don't use the builtin Azure policies, we create our own policies definitions & initiatives with assignments.
Removal of the builtin Azure policies we don't use will allow us to get a better view of our compliance state.

Additionally, the Azure portal is very slow loading all builtin policies.

I've tried to delete all policies with the following PowerShell script:

$counter = 0  
$policies = Get-AzPolicyDefinition | Where-Object {$_.Properties.PolicyType -eq "BuiltIn"}  
foreach ($policy in $policies) {  
    $policy.resourceName  
    Remove-AzPolicyDefinition -Name $policy.Name -force  
    $counter++  
    Write-Output $counter  
}  

As a result I don't get an error but the policies don't get deleted.
I've also tried it with a single policy using Azure CLI:

az policy definition list --query "[?displayName=='Audit VMs that do not use managed disks']"  
az policy definition delete --name 06a78e20-9358-41c9-923c-fb736d382a4d  
az policy definition list --query "[?displayName=='Audit VMs that do not use managed disks']"  

The query result of the last line still outputs the details of the builtin Azure policy even if the second line is executed without output/error.

Thx,

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
511 questions
{count} votes

1 answer

Sort by: Most helpful
  1. lukemurraynz 3,231 Reputation points MVP
    2023-01-07T04:09:17.533+00:00

    I don't believe you can delete built-in policies out of the box; they are delivered and deployed across the Azure fabric for use by Microsoft, including the versions (from here: https://github.com/Azure/azure-policy). You are unable to delete built-in definitions.

    Some of the definitions will come from Defender for Cloud etc. as well.

    No comments