How do I govern subresources in ResourceProviders?

Gregory Suvalian 176 Reputation points

There is AuditIfNotExists policy like below

"policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.DBforPostgreSQL/servers"
      "then": {
        "effect": "[parameters('effect')]",
        "details": {
          "type": "Microsoft.DBforPostgreSQL/servers/configurations",
          "name": "log_checkpoints",
          "existenceCondition": {
            "field": "Microsoft.DBforPostgreSQL/servers/configurations/value",
            "equals": "ON"

How do I makes sure that log_checkpoints is always ON and nobody can deploy resource with this value being OFF or change existing resource from ON to OFF?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
601 questions
{count} votes

Accepted answer
  1. Kenieva-MSFT 161 Reputation points Microsoft Employee

    Unfortunately, we do not support "deny" for data plane level resources at the moment. I would suggest adding this to our UserVoice. Thanks.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful