Issue with Azure policy (custom) for enforcing tags on all resources except resource type that doesn't support tags

SujinaSJ-1789 251 Reputation points

We are trying to enforce tags on all resources using a custom policy with mode as indexed (only evaluate resource types that support tags). It is working fine for resources that supports tags, but deny the deployment of resource type that doesn't support tags, for example :-publicIPAddresses

Can someone help us with this issue. Thanks in advance.

@Mohammed Thahif BK

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
815 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. SwathiDhanwada-MSFT 18,131 Reputation points

    @SujinaSJ-1789 Welcome to Microsoft Q & A Community Forum. When mode property is set to indexed, it evaluates all the resource types which supports tags which you are already aware of. Kindly note that publicIPAddresses does support tags. For more information on list of resource types that support tags, refer this document.

    As you mentioned that your azure policy is denying the creation of resource types that doesn't support tags. Can you please share the resource type for which you are facing issue with? Also, if you are unable to deploy publicIPAddresses, I assume that this might be related to another policy within your subscription.

    To troubleshoot the creation of resource being denied by policy, you can check below image for resolution. For more information, refer this document.


    0 comments No comments