Azure Policy Naming Convention

BONIER Charline 0 Reputation points
2023-03-07T10:32:38.8033333+00:00

Hello,

I have this JSON script, which allows me to force the addition of "bi" or "dfy" followed by 3 letters for the name of a resource group.

And I would like to add the possibility of adding several characters afterwards. I have tested with the character * but it does not work.


"policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions/resourceGroups"
          },
          {
            "field": "name",
            "notMatchInsensitively": "bi..."
          },
          {
            "field": "name",
            "notMatchInsensitively": "dfy..."
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
790 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Hill 25,486 Reputation points Microsoft Employee
    2023-03-15T18:58:22.05+00:00

    Hi @BONIER Charline

    Instead of using *, use ? or . instead.

    When using the match and notMatch conditions, provide # to match a digit, ? for a letter, . to match any character, and any other character to match that actual character. While match and notMatch are case-sensitive, all other conditions that evaluate a stringValue are case-insensitive. Case-insensitive alternatives are available in matchInsensitively and notMatchInsensitively.

    {
        "policyRule": {
            "if": {
                "allOf": [{
                        "not": {
                            "field": "name",
                            "notMatchInsensitively": "bi-????-rg"
                        }
                    },
                    {
                        "not": {
                            "field": "name",
                            "notMatchInsensitively": "dfy-???-rg"
                        }
                    }
                ]
            },
            "then": {
                "effect": "deny"
            }
        }
    }