I've spoken to a Microsoft product manager for Azure Stack Hub today and he tells me that Azure Policy is NOT supported/implemented on Azure Stack Hub.
Azure Policy on Azure Stack Hub
Is Azure Policy supported on Azure Stack Hub?
I'm trying to apply a policy using this data:
{
"policies": [
{
"name": "enforceAllowedVMImages",
"description": "Policy to enforce the use of specific VM Images",
"parameters": {
"imageIds": {
"type": "array",
"metadata": {
"description": "The list of allowed VM Images.",
"displayName": "Allowed VM Images"
}
}
},
"rules": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"not": {
"field": "Microsoft.Compute/imageId",
"in": "[parameters('imageIds')]"
}
}
]
},
"then": {
"effect": "audit"
}
}
}
]
}
When using PowerShell (New-AzPolicyDefinition) to create the above policy definition I get the following error:
New-AzPolicyDefinition : InvalidProviderNameInPolicyAlias : The policy definition 'enforceAllowedVMImages' rule is invalid. The provider 'Microsoft.Compute' referenced by the 'field' property 'Microsoft.Compute/imageId' of the policy rule doesn't exist.
The Micosoft.Computer provider clearly exists .... so I don't understand the error. I get similar errors for any other policy definition I try to apply that has a provider in the policy definition. The few policy definitions I have that don't have a provider in them work okay.
The same policy definition works okay against Azure public, so I am wondering if I'm trying to do something that is not supported on Azure Stack Hub?