Azure Policy Naming Convention

Question

Hello,

I have this JSON script, which allows me to force the addition of "bi" or "dfy" followed by 3 letters for the name of a resource group.

And I would like to add the possibility of adding several characters afterwards. I have tested with the character * but it does not work.

"policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions/resourceGroups"
          },
          {
            "field": "name",
            "notMatchInsensitively": "bi..."
          },
          {
            "field": "name",
            "notMatchInsensitively": "dfy..."
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }

Answer 1

Hi @BONIER Charline

Instead of using *, use ? or . instead.

When using the match and notMatch conditions, provide # to match a digit, ? for a letter, . to match any character, and any other character to match that actual character. While match and notMatch are case-sensitive, all other conditions that evaluate a stringValue are case-insensitive. Case-insensitive alternatives are available in matchInsensitively and notMatchInsensitively.

{
    "policyRule": {
        "if": {
            "allOf": [{
                    "not": {
                        "field": "name",
                        "notMatchInsensitively": "bi-????-rg"
                    }
                },
                {
                    "not": {
                        "field": "name",
                        "notMatchInsensitively": "dfy-???-rg"
                    }
                }
            ]
        },
        "then": {
            "effect": "deny"
        }
    }
}