Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
677 questions
1 answer
Convert my Powershell script to JSON
Hi Team, I have a PowerShell script with few "foreach" loops "if statements". Sample script : https://learn.microsoft.com/en-us/answers/questions/151254/can-we-inherit-the-tags-from-azure-vm-and-then-ass.html I would want…
asked 2020-11-26T07:23:41.273+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 57.99999999999999%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Girish Prajwal
706
Reputation points
commented 2020-12-03T08:49:05.617+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SwathiDhanwada-MSFT
17,801
Reputation points
1 answer
Built in Policy is Not working as expected. Policy Name is 'Require encryption on Data Lake Store accounts' with Deny effect
Policy is not working as expected because if we already creates a data lake storage accounts but the resource showing in compliant state even the encryption and firewall properties are not enabled. even i created and tried with Audit and AINE effect but…
asked 2020-11-12T06:24:40.873+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 26%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Manikanta
1
Reputation point
answered 2020-11-26T13:00:36.003+00:00
SwathiDhanwada-MSFT
17,801
Reputation points
1 answer
Modify setting of VM extension
Hi. I have a policy for deployment antimalware extension on VM. VMs are filtered by tags { "type": "Microsoft.Authorization/policyDefinitions", "name": "[variables('policyName')]", …
asked 2020-10-22T10:31:25.29+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 28.999999999999996%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Andrii Sydorenko
21
Reputation points
commented 2020-11-04T07:10:59.62+00:00
SwathiDhanwada-MSFT
17,801
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Tags
Hi Team, We already have Tags assigned to our resources. WE need to find the below and then assign the tags accordingly. We have Tag names with Business Owner, Technical Owner, Environment, WBS Tag Values as BO - it is with Project Manager'e…
asked 2020-10-27T14:36:00.383+00:00
Girish Prajwal
706
Reputation points
accepted 2020-11-03T09:53:52.07+00:00
Girish Prajwal
706
Reputation points
0 answers
Prevent buying custom domains in Azure
Hi, we would like to prevent that our employees with authorised Azure access can buy any new domains in App Service Domains. Is there a policy which would prevent it? Many Thanks
asked 2020-10-26T10:02:57.497+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 4%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
Jean Döscher
1
Reputation point
commented 2020-10-28T05:07:12.287+00:00
bharathn-msft
5,086
Reputation points Microsoft Employee
1 answer
Does Azure policy supports external data?
Hi, I need to implement a policy that depends on external data available via RP, in other worlds, the decision whether the resource is compliant or not, depends on the relevant data in the RP(Azure Resource Graph for example) is this model possible…
asked 2020-10-25T17:49:23.973+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 87%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
Lana Salameh
1
Reputation point
answered 2020-10-27T18:32:26.833+00:00
olufemia-MSFT
2,861
Reputation points
0 answers
Azure Policy VS Code extension auth error
When trying to get my deployed policies in the explorer to the left of VS Code I get this error. Strange. No setting I know of that I need to update. I can access my resources in the top part of the explorer.
asked 2020-10-09T15:46:16.033+00:00
Mikael Sand
26
Reputation points
commented 2020-10-22T14:10:00.433+00:00
Mikael Sand
26
Reputation points
1 answer
How do I specify integer as requirement for Azure Policy?
I have Azure policy which refuses to evaluate expression of with error below. I assume the problem is that when you provide tag values in portal they passed as a string { "field": "tags['Longevity']", "less": 1 } Error…
asked 2020-10-21T18:44:25.097+00:00
Gregory Suvalian
186
Reputation points
answered 2020-10-22T12:40:00.93+00:00
tbgangav-MSFT
10,386
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure command not working
Hi guys, Not sure if I'm in the right section. I'm trying to run a very simple command to get policy definitions using where-object on it but for some reason nothing is coming out of that. I'm using PS 7 but I also tried in the built in…
asked 2020-10-22T11:08:28.05+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 78%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
Jonny Moura
21
Reputation points
commented 2020-10-22T11:28:21.647+00:00
Jonny Moura
21
Reputation points
2 answers
One of the answers was accepted by the question author.
Azure Security Assessment
Hi there, It is required to assess the Security (CSPM) for all our Azure PaaS & SaaS services across a number of Management Groups. Not just the security score. An in-depth Security Assessment to be carried out across:- Identity and…
asked 2020-09-29T10:26:25.71+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 76%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Raju Golla
41
Reputation points
accepted 2020-10-15T11:29:18.33+00:00
Raju Golla
41
Reputation points
1 answer
One of the answers was accepted by the question author.
Does the Leaked credentials Alert in Azure AD premim look at current user credentials and report on it or does it also report on previously used passwords?
Investigating an alert I received on Leaked Credentials, I wanted to know if this alert is looking at the current user passwords only or if it checks the old passwords set by the user also. Does the alert look for valid usernames or does it just check…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 5%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
1 answer
VM back with deny effect
Trying to implement a policy while creating a VM backup should be enabled , else deny After publish this it is not allowing to create any new VM. Like to check if we can have this policy with deny effect . Apppreciate your response.
asked 2020-10-02T14:15:51.543+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 79%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Manickam
1
Reputation point
commented 2020-10-09T05:49:03.4+00:00
tbgangav-MSFT
10,386
Reputation points
1 answer
Azure - Can not allow inbound traffic, denied by Policy
so I am learning Azure now, I created a Linux VM. When I tried to connect using SSH, the connection timed out. so I checked on Inbound Rules, and it appears that I need to allow port 22. I know this is not recommended. However, when i tried to create the…
asked 2020-09-30T10:28:46.3+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETW%3C/text%3E%3C/svg%3E)
Teguh Wilidarma (SE-ID)
21
Reputation points
commented 2020-10-05T18:34:30.87+00:00
prmanhas-MSFT
17,891
Reputation points Microsoft Employee
1 answer
Azure Load Balancer - Read Access using Azure Policy
Hi Team, I have created a policy today for Azure load balancer having read access. However, I was unsure on the parameters binding for "READ" access. Request you to validate and add the missing lines if any for the below template. { …
asked 2020-09-22T08:19:33.64+00:00
Girish Prajwal
706
Reputation points
commented 2020-09-30T14:19:23.367+00:00
Girish Prajwal
706
Reputation points
2 answers
One of the answers was accepted by the question author.
Unable to access Azure portal
Hi Team, I'm unable to login to http://azure.portal.com for any of my microsoft accounts. It throws the below error. Request Id: ee1c2284-3a4f-4c9f-8485-3e6f154dbd00 Correlation Id: d612518e-c9ce-4945-9c97-adb14077e518 Timestamp:…
asked 2020-09-28T22:57:48.633+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 43%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDV%3C/text%3E%3C/svg%3E)
Deviprasad Vukkalkar
21
Reputation points
accepted 2020-09-29T10:40:58.96+00:00
Deviprasad Vukkalkar
21
Reputation points
0 answers
While trying to re-use custom policy it is failing
Created custom policy. It is assigned successfuly without any issue for the first time. While trying to re-use the same policy and assign to different subscription it is failing with Resource 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' was disallowed by…
asked 2020-09-16T15:16:47.98+00:00
Manickam
1
Reputation point
commented 2020-09-25T00:44:51.753+00:00
olufemia-MSFT
2,861
Reputation points
0 answers
A way to extend backup monitoring for app services using policy?
There are azure policies for monitoring whether virtual machines have backups or not. Most of the online documentations point towards the two built-in policies which deal with backups. I want to extend/tweak the built-in policy definition to cover App…
asked 2020-09-11T05:57:46.717+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 38%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAN%3C/text%3E%3C/svg%3E)
Aditya Nath
1
Reputation point
commented 2020-09-18T17:36:16.943+00:00
SwathiDhanwada-MSFT
17,801
Reputation points
1 answer
Not able to enforce azure policy for for keyvault
I am trying to implement azure custom policy for key vault where I want to enforce user to enable nbf and exp, without that it shouldn't be allowed. It directly comes as compliance without showing any resource validation. There is also no reference of…
asked 2020-09-12T09:40:26.45+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 28.000000000000004%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
nimishmehta8779
1
Reputation point
answered 2020-09-17T16:55:50.263+00:00
Kenieva-MSFT
161
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How can i resolve this issue when create a resource in Azue?
Hi there, i tried to create a website hosted in Azue but there is problem, pls help to advise: from this step: Thank so much.
asked 2020-09-15T02:47:27.257+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 8%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
Nguyen Huu
101
Reputation points
accepted 2020-09-15T14:28:55.293+00:00
Nguyen Huu
101
Reputation points
1 answer
Need help to build az policy to audit/deny that has data disks aren't encrypted in a virtual machine scale (vmss)
As I know vmss disks can be encrypted/de as show bellow https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/disk-encryption-cli I want to create an to audit/deny that has data disks are not encrypted in a virtual machine scale …
asked 2020-08-27T17:44:15.987+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 59%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHN%3C/text%3E%3C/svg%3E)
Hoang Nguyen
1
Reputation point
commented 2020-09-09T04:21:07.37+00:00
SwathiDhanwada-MSFT
17,801
Reputation points