Is there a way to exclude resource groups that contain the word databricks from policy assignment ?

Pookat, Sanal (MBHC 21) 26

Hi - We have a number of policies that check if diagnostic settings are created for resources. Since databricks uses a managed resource group, these policies always show non-compliant.
Is there a way i could use a '*' in the policy definition to exclude the resources groups that have databricks in the name ? This will help me a lot.

7 answers

Pookat, Sanal (MBHC 21) 26 Reputation points

2022-02-07T14:18:39.007+00:00

Yes thats a good point. I agree not a solution for all.

A this is being done mainly for deploying diagnostic settings across all resources and showing compliance primarily, we are not concerned with malicious intents ( at the moment)
But i hadn't thought about and great to see that pointed out.

Thank you very much!
Please sign in to rate this answer.

0 comments No comments
Sign in to comment
Tobias Petter 6 Reputation points

2022-08-30T14:39:26.037+00:00

My policy checks whether field "Microsoft.Compute/virtualMachines/storageProfile.imageReference.sku" equals value "DatabricksWorker". If so, they are excluded from the policy. This works for me, I have no non-compliant resources even though I have 10 Databrick VMs.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Share via

Is there a way to exclude resource groups that contain the word databricks from policy assignment ?

7 answers