Create VM issue with Not allowed resource types - virtualNetwork

Walker Chong 41 Reputation points

If I apply a new Azure policy to the management group which has been associate to the subscription.
There is a configuration for "Not allowed resource types" with virtualNetwork.

Could I create the new VM to existing VNet? Because we have to associate the new created VM into a new VNet or existing VNet.
I don't know the effect for the creation of virtual machine if we apply the policy to block the virtual network.

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
782 questions
{count} votes

1 answer

Sort by: Most helpful
  1. SwathiDhanwada-MSFT 17,161 Reputation points

    @Walker Chong Kindly note that "Not allowed resource types" built-in policy enables you to specify the resource types that your organization cannot deploy. When creating or updating a matched resource in a Resource Manager mode, deny prevents the request before being sent to the Resource Provider. The request is returned as a 403 (Forbidden). In the portal, the Forbidden can be viewed as a status on the deployment that was prevented by the policy assignment. For a Resource Provider mode, the resource provider manages the evaluation of the resource.

    During evaluation of existing resources, resources that match a deny policy definition are marked as non-compliant.

    For your requirement, you will be able to create new virtual machine with existing virtual network.However, you will be able to create a new virtual network within the scope mentioned in the Azure Policy.