I have policy which is using
modify effect. I use user assigned identity during assignment which lives in different subscription but under the same tenant. Assignment completes successfully but policy enforcement fails with error below. Identity itself works fine for various other tasks (like logic apps etc)
Failed to remediate resource: '/subscriptions/032702ff-a599-4aeb-b906-41f6e8f8dd28/resourceGroups/test-rg/providers/Microsoft.Compute/virtualMachines/test'. The 'PATCH' request failed with status code: 'BadRequest'. Inner Error: 'The resource identity associated with policy assignment '/providers/Microsoft.Management/managementGroups/thc-sandbox-mg/providers/Microsoft.Authorization/policyAssignments/ea197105e4a947c6b2a87d6f' can not be found. It may have been manually removed in Azure Active Directory. Please see https://aka.ms/arm-policy-identity for managed identity usage details.', Correlation Id: '<null>'.