Azure Policy problems with MAU Licensing and some other ressources

Jörg Lang 60 Reputation points

Hi there,

we have enabled, beside several other Azure Policys, following ones

  • "Allowed locations" & " ... for RG's" with West- & North Europe
  • "Storage accounts should disable public network access"

and we are observice some "fun".

We want to enable MAU Licensing , but it fails because of the "Allowed Locations". The Resource Group was put in West Europe.

Starting "Cloud Shell" is also failing because of "Storage accounts should disable public network access".

What are the best-practices for such things?



Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,315 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
714 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sumarigo-MSFT 41,196 Reputation points Microsoft Employee

    @Jörg Lang Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    Apologies for the delay response!

    Who are new to Azure Policy often look to find common policy definitions to manage and govern their resources. Azure Policy's Recommended policies provides a focused list of common policy definitions to start with. The Recommended policies experience for supported resources is embedded within the portal experience for that resource.

    For more Azure Policy built-ins, see Azure Policy built-in definitions.

    This article provides information on Azure Policy Recommended Practices

    When implementing Azure policies such as "Allowed locations" and "Storage accounts should disable public network access", it is important to consider the impact on other Azure services and features, such as MAU licensing and Cloud Shell.

    Here are some best practices to follow when implementing Azure policies:

    • Plan ahead: Before implementing Azure policies, consider the impact on other Azure services and features. Make sure that the policies do not conflict with other requirements or constraints.
    • Test thoroughly: Before enforcing Azure policies, test them thoroughly in a non-production environment to ensure that they work as expected and do not cause any unintended consequences.
    • Use exceptions: If a policy conflicts with a specific requirement or constraint, consider using exceptions to allow certain resources or services to bypass the policy.
    • Monitor and adjust: Monitor the impact of Azure policies on other Azure services and features, and adjust the policies as needed to optimize performance and functionality.
    • In your specific case, you may need to adjust the "Allowed locations" policy to include the regions where MAU licensing and Cloud Shell are available. You may also need to adjust the "Storage accounts should disable public network access" policy to allow public network access for certain resources or services that require it.

    Additional information:

    Azure Policy is a powerful tool for managing and governing your Azure resources. However, it can also cause some issues if not configured properly. Here are some best practices that might help you avoid or resolve some of the problems you are facing:

    I hope this helps. Let me know if you have any further questions or concerns.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.