Subscription Management/ Governance
I have some questions. Are we able to prevent users within our organization from creating Subscriptions using the Visual Studio/Dev or other means in our Azure tenant? If now, what is the recommended way to appropriately govern existing/new…
Policy to prevent creation of app services without authentication
I wish to create a policy that will prevent the creation of app services without authentication enabled (just auditing them is not enough). The following policy can correctly identify existing resources that do not have authentication enabled: { …
At what internal azure policy of effect type "audit" re-evaualte the azure resource?
I am using a built-in azure policy which checks whether storage account is using customer-managed keys or Microsoft managed key. This is of effect type as "Audit". It has detected 4 of my storage account. I enabled customer-managed keys in…
Date and Time of registration of each Service Providers in Azure
Dear All, Is there a way to see the Date and Time of registration of each Service Providers ?
Policy to tag Azure Resources with Creator email Id
Is there any way to assign Azure policy on subscription level to Add a tag to resources with email id of creator (who creates the resource whether its from portal, ARM template or PowerShell.)
Is there a way to force the naming of resources that automatically gets setup within Azure?
Good Day At times there are resources that gets automatically created from within ARM. That are dependencies to other resources you create. Or at times you cannot set the name of a particular service. For example the Gateway subnet will always be…
Duplicate built-in Azure Policy and change parameter
hello everyone, I am trying to duplicate some of the existing built-in Azure Policies so that I can edit them and change their parameters. For example, I'd like to change the value in the "A maximum of 3 owners should be designated for your…
Is there a way to configure an alert for a user sigining from multiple ip address
We want to configure an alert if a user logs in from multiple ip address. Please advise if there is any such policy in azure portal.
Limiting Specific Selections of Azure VM for non Global Admins ?
Hi All, I wonder if it is possible to limit specific VM that the User or Developers can deploy across the multiple Subscriptions. Only the Global Administrator can deploy any type of VMs, but other than that, enforce the Azure Policy to show only few…
Azure Policy behaviour with first party apps
Team, We are designing policies for some of our scenarios. We have a basic policy which checks apart from the resourceType if certain property of the resource matches with some value then trigger the “deployifnotexists” effect. 1)When end users…
Azure Policy for NSG Security Rules
I have following policy rules: "policyRule": { "if": { "allOf": [ { "allOf": [ { "field": "type", "equals":…
Need to hide certain details in Azure Administrative Units
Hello Team, I have created an Azure Administrative unit to reset MFA of certain group of users(as a part of Authenticator Administrator), I need to hide contact information of all users(kindly take the reference from given screenshot highlighted…
Azure Introductory Demo video
I just signed on to Azure and was watching an introductory video by Eric Boyd. The video was supposed to be 48 minutes long. Unfortunately I had to log out and can't find the video after logging back in! Can someone send me a link on the platform or…
Azure Policy to deny creation of specific NSG priority rule
Hello, I am looking for some suggestion with below implementation. We have plan to reserve of the NSG Inbound & Outbound priorities ranges (eg. 100-200 ) and policy should deny the creation of NSG & NSG update rules within these ranges. …
Azure Portal Desktop "stay logged in" issue
Hello, There is not that match to explain - "stay signed in" doesn't work anymore, at all! Even if my laptop was slept (not hibernated) - Azure Portal Desktop app requires login from scratch. U may explain that as security reason - but…
How do you switch from PAYG to BYOS for existing Red Hat servers
I started with RHEL from Marketplace on Azure and worked on it for a while. Now, I would like to switch to bring-your-own-subscription. I have added Azure Subscription ID to Red hat, which gives me a new resource to create VM with BYOS. However, what I…
Get list of NonCompliant resources for a management group
I am trying to get list of all non-compliant resources from Azure for a certain management group. For that I am using below Powershell query, but it seems the result is getting limited to 1000 records, so I am not getting all the records. In the…
How to check Azure policy audit logs
Hi, I need to enable logging for all the activities perform related to Azure policy and forward the log to log analytics. Like when a policy was created, modified, deleted and by which user. Other details about the policies. Also want to log/track when…
How to apply azure policies as per AKS RBAC managed by Active Directory?
Team, We have 3 level of AD roles in Azure kubernetes. Admin --> created while making the cluster SRE --> Have almost 85 to 90% control on AKS. DEV user-> Have less control and only able to work in their specific namespace. Now…
Not able to create resources in new PAYG subscription
[88748-my-subscription.pdf][1] I have upgraded from my free trial subscription to Pay-as-you-go subscription, the subscription name is dp-subscription, but it is not coming as valid subscription name when I am trying to create new resources. Please let…