Convert my Powershell script to JSON
Hi Team, I have a PowerShell script with few "foreach" loops "if statements". Sample script : https://learn.microsoft.com/en-us/answers/questions/151254/can-we-inherit-the-tags-from-azure-vm-and-then-ass.html I would want…
Built in Policy is Not working as expected. Policy Name is 'Require encryption on Data Lake Store accounts' with Deny effect
Policy is not working as expected because if we already creates a data lake storage accounts but the resource showing in compliant state even the encryption and firewall properties are not enabled. even i created and tried with Audit and AINE effect but…
Modify setting of VM extension
Hi. I have a policy for deployment antimalware extension on VM. VMs are filtered by tags { "type": "Microsoft.Authorization/policyDefinitions", "name": "[variables('policyName')]", …
Azure Tags
Hi Team, We already have Tags assigned to our resources. WE need to find the below and then assign the tags accordingly. We have Tag names with Business Owner, Technical Owner, Environment, WBS Tag Values as BO - it is with Project Manager'e…
Prevent buying custom domains in Azure
Hi, we would like to prevent that our employees with authorised Azure access can buy any new domains in App Service Domains. Is there a policy which would prevent it? Many Thanks
Does Azure policy supports external data?
Hi, I need to implement a policy that depends on external data available via RP, in other worlds, the decision whether the resource is compliant or not, depends on the relevant data in the RP(Azure Resource Graph for example) is this model possible…
Azure Policy VS Code extension auth error
When trying to get my deployed policies in the explorer to the left of VS Code I get this error. Strange. No setting I know of that I need to update. I can access my resources in the top part of the explorer.
How do I specify integer as requirement for Azure Policy?
I have Azure policy which refuses to evaluate expression of with error below. I assume the problem is that when you provide tag values in portal they passed as a string { "field": "tags['Longevity']", "less": 1 } Error…
Azure command not working
Hi guys, Not sure if I'm in the right section. I'm trying to run a very simple command to get policy definitions using where-object on it but for some reason nothing is coming out of that. I'm using PS 7 but I also tried in the built in…
Azure Security Assessment
Hi there, It is required to assess the Security (CSPM) for all our Azure PaaS & SaaS services across a number of Management Groups. Not just the security score. An in-depth Security Assessment to be carried out across:- Identity and…
Does the Leaked credentials Alert in Azure AD premim look at current user credentials and report on it or does it also report on previously used passwords?
Investigating an alert I received on Leaked Credentials, I wanted to know if this alert is looking at the current user passwords only or if it checks the old passwords set by the user also. Does the alert look for valid usernames or does it just check…
VM back with deny effect
Trying to implement a policy while creating a VM backup should be enabled , else deny After publish this it is not allowing to create any new VM. Like to check if we can have this policy with deny effect . Apppreciate your response.
Azure - Can not allow inbound traffic, denied by Policy
so I am learning Azure now, I created a Linux VM. When I tried to connect using SSH, the connection timed out. so I checked on Inbound Rules, and it appears that I need to allow port 22. I know this is not recommended. However, when i tried to create the…
Azure Load Balancer - Read Access using Azure Policy
Hi Team, I have created a policy today for Azure load balancer having read access. However, I was unsure on the parameters binding for "READ" access. Request you to validate and add the missing lines if any for the below template. { …
Unable to access Azure portal
Hi Team, I'm unable to login to http://azure.portal.com for any of my microsoft accounts. It throws the below error. Request Id: ee1c2284-3a4f-4c9f-8485-3e6f154dbd00 Correlation Id: d612518e-c9ce-4945-9c97-adb14077e518 Timestamp:…
While trying to re-use custom policy it is failing
Created custom policy. It is assigned successfuly without any issue for the first time. While trying to re-use the same policy and assign to different subscription it is failing with Resource 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' was disallowed by…
A way to extend backup monitoring for app services using policy?
There are azure policies for monitoring whether virtual machines have backups or not. Most of the online documentations point towards the two built-in policies which deal with backups. I want to extend/tweak the built-in policy definition to cover App…
Not able to enforce azure policy for for keyvault
I am trying to implement azure custom policy for key vault where I want to enforce user to enable nbf and exp, without that it shouldn't be allowed. It directly comes as compliance without showing any resource validation. There is also no reference of…
How can i resolve this issue when create a resource in Azue?
Hi there, i tried to create a website hosted in Azue but there is problem, pls help to advise: from this step: Thank so much.
Need help to build az policy to audit/deny that has data disks aren't encrypted in a virtual machine scale (vmss)
As I know vmss disks can be encrypted/de as show bellow https://learn.microsoft.com/en-us/azure/virtual-machine-scale-sets/disk-encryption-cli I want to create an to audit/deny that has data disks are not encrypted in a virtual machine scale …