Hi, Yes you can achieve this by create a custom Azure policy
Exemption Policy (for Automation Account):
{
"properties": {
"policyAssignmentId": "/subscriptions/{subId}/providers/Microsoft.Authorization/policyAssignments/YourPolicyAssignmentName",
"policyDefinitionReferenceIds": [
"yourPolicyDefinitionId"
],
"exemptionCategory": "Waiver",
"resourceSelectors": [
{
"name": "AutomationAccountResourceCreationExemption",
"selectors": [
{
"kind": "resourceType",
"matches": [
"Microsoft.Automation/automationAccounts"
]
}
]
}
]
},
"systemData": { },
"id": "/subscriptions/{subId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Authorization/policyExemptions/AutomationAccountCreationExemption",
"type": "Microsoft.Authorization/policyExemptions",
"name": "AutomationAccountCreationExemption"
}
This policy allows resources with a "CreatedBy" tag set to "AutomationAccount" to bypass the default denial.
-
"policyAssignmentId"
: Replace this with the ID of your policy assignment where the policy is applied. -
"policyDefinitionReferenceIds"
: Replace this with the ID of your policy definition. -
"resourceSelectors"
: This section specifies the resources to which the exemption applies. In this case, it targets resources of typeMicrosoft.Automation/automationAccounts
, which corresponds to Azure Automation accounts.
Make sure to replace placeholders such as {subId}
, {resourceGroupName}
, YourPolicyAssignmentName
, and yourPolicyDefinitionId
with your actual values.
Please find ref doc --> https://learn.microsoft.com/en-us/azure/governance/policy/concepts/exemption-structure
Kindly accept answer if it helps , Thanks!