Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
796 questions
2 answers
One of the answers was accepted by the question author.
Custom azure policy for vm selection using notlike for tags
Hello, I am debugging azure policy and still get wrong compliance status. For example I have two azure arc VM with tags: ClientCode: ggg and Environment: dev ClientCode: hhh and Environment: acc My policy should pick up that servers as compliant,…
asked 2023-01-22T19:16:21.0666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Kestutis Murauskas
20
Reputation points
edited an answer 2024-03-01T16:36:56.86+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 65%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EON%3C/text%3E%3C/svg%3E)
oui nbvbert
0
Reputation points
2 answers
How to Implement Network Policy to Restrict Network Access to Azure Resources Based on IP Addresses?
Hello, I’m looking for guidance on how to automatically restrict network inbound and outbound traffic to all Azure resources. Specifically, I want to ensure that only users with certain IP addresses can access the endpoints. The challenge is that I’m not…
asked 2024-02-05T13:23:16.5266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 79%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERI%3C/text%3E%3C/svg%3E)
Radu Ifrim
20
Reputation points
edited the question 2024-03-01T05:05:11.5066667+00:00
KapilAnanth-MSFT
35,086
Reputation points Microsoft Employee
3 answers
Azure Policy DeployIfNotExists is not adding diagnostic setting configuration for event hub automatically
Two initiatives with multiple policies have been assigned at the management group level for every type of resource that can have a diagnostic setting to send log to the event hub. One initiative is for custom policies and the other is for built-in…
asked 2024-02-15T17:12:21.8766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 75%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Narayan, Ram
5
Reputation points
answered 2024-02-29T09:49:29.6966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AnuragSingh-MSFT
20,016
Reputation points
2 answers
How can I find Azure Policy or Blueprints to apply for HITRUST
I am having a difficult time finding the pre-built set of Azure Policy or Azure Blueprints that correspond to HITRUST? There are a lot of articles in MS Learn but none that give instructions on how to actually deploy. Could anyone advise on where to…
asked 2024-02-25T16:52:38.6366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 61%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
rocketfish2000
0
Reputation points
commented 2024-02-29T03:45:30.86+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SwathiDhanwada-MSFT
17,556
Reputation points
2 answers
MS Azure - Grant permission to assign Reader role
I need the following set up: Owners of a resource group (who might not be owners of the subscription) should have the ability to assign any role to any user. A custom role should be created. Members assigned to this custom role should only have the…
asked 2023-06-02T07:38:20.43+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 0%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Moritz Sohns
0
Reputation points
answered 2024-02-28T05:11:59.8866667+00:00
Mahmoud A. ATALLAH
191
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
How to create remediation tasks ( with deploy if not exists) effect . I have contributor ,resource policy contributor . requirement is to create remediation task to push Kubernetes events to eventhub. facing permissions issue
resource identity does not have the necessary permissions to create deployment - Policy deployment fails when I run remediation task
asked 2024-02-15T12:06:21.6066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 79%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Vignesh Kumar R
20
Reputation points
commented 2024-02-27T04:07:18.55+00:00
SwathiDhanwada-MSFT
17,556
Reputation points
1 answer
Azure policy how to remove/define the other category
We have assigned a policy to our subscription, at the moment the chart states 3 categories compliant non-compliant other The other category is somewhat confusing, is it possible to change this such that a policy control is either compliant,…
asked 2024-01-08T12:30:49.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 39%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MrFlinstone
481
Reputation points
commented 2024-02-26T14:39:58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 43%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Monalla-MSFT
11,641
Reputation points
1 answer
Reporting Azure VM with Extensions + Applications running?
Using PowerShell or any built-in Azure Policy reporting, How can I get the report for any newly deployed Azure Virtual Machine with no specific software running from Virtual Machine | Settings | Extensions + Applications | VM Applications ? Thank you,
asked 2024-02-13T04:00:58.02+00:00
EnterpriseArchitect
4,741
Reputation points
edited the question 2024-02-23T19:31:57.6833333+00:00
JamesTran-MSFT
36,376
Reputation points Microsoft Employee
1 answer
creating policy for VMs
I want to apply perodic assement enabled using azure policy which option I should choose in resource type to select virtual machines. microsfot.classic.compute virtual machines OR microsoft.compute.virtual machine? which one? 2. and after applying…
asked 2024-02-21T11:26:51.41+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 37%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Varma
1,140
Reputation points
commented 2024-02-23T11:23:57.15+00:00
AnuragSingh-MSFT
20,016
Reputation points
1 answer
One of the answers was accepted by the question author.
How to exclude the untaggable resources from the enforcement tag policy
We have current tag policy to enforce certain tags on the management group level. however, we would like to create exemption policy to exclude any untaggable Azure resource, eg Solution, Azure DevOps Organization, etc. How can we add it in the…
asked 2024-02-20T03:06:24.72+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 23%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sun, Scott
20
Reputation points
commented 2024-02-23T02:59:17.77+00:00
SwathiDhanwada-MSFT
17,556
Reputation points
3 answers
One of the answers was accepted by the question author.
How to enforce a Tag value on an optional Tag
hello, I want to create an Azure Policy to define the value of a tag, but the tag itself should be optional and not mandatory. Does anybody know if this is possible?
asked 2024-02-12T15:37:04.9466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 5%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Andreas Tratter
20
Reputation points
accepted 2024-02-20T08:17:03.3266667+00:00
Andreas Tratter
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Using a VM applications and Azure Policy to deploy applications
I have setup a Storage account, AZ Computer Gallery, VM application version and VM application definition without issue. I have uploaded the software and was able to test the install. My issue is when trying to use the deployIfNotExists(DINE) it will…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 63%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
2 answers
Creating Policies in Azure
How to create a Policy to Inherit the tags from Resource Group to Resources? How to create a Policy to allow only listed tag values?
asked 2024-02-17T17:32:31.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 66%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Dhanalakshmi
20
Reputation points
edited an answer 2024-02-17T22:38:17.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sina Salam
3,801
Reputation points
2 answers
One of the answers was accepted by the question author.
what happen if i upgrade to pay as you go?
what happen if i upgrade to pay as you go but i also have 200$ free credit. im still able to use 200$ free credit after i upgrade to pay as you go, or it will charge to my bank?
asked 2022-08-31T22:56:56.83+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 21%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
chy
26
Reputation points
commented 2024-02-16T22:40:54.1166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 55.00000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBG%3C/text%3E%3C/svg%3E)
Bhalaji Gunasekaran
0
Reputation points
2 answers
How can we setup azure alert if deny action is recorded on azure policy? Is that possible only using log analytics?
How can we setup azure alert if deny action is recorded on azure policy? Is that possible only using log analytics? Do we have easy way to setup those alerts so that we can get email instantly if any deny action performed
asked 2024-02-07T02:35:40.59+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 73%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Techtester
0
Reputation points
commented 2024-02-16T06:11:35.89+00:00
SwathiDhanwada-MSFT
17,556
Reputation points
1 answer
Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action 'Microsoft.Polic
Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action…
asked 2024-02-09T19:11:58.8566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 97%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVN%3C/text%3E%3C/svg%3E)
Venkataramana Nagarajan
0
Reputation points Microsoft Employee
commented 2024-02-15T07:04:55.64+00:00
SwathiDhanwada-MSFT
17,556
Reputation points
1 answer
Azure Policy Tag add tag if missing
I set a new policy for existing resources to add required tag if missing. scenario1: Resource1 have the following tags and value Tag name = Project Value = ProjSSO Tag name = Purpose Value = app login however if the the policy trigger I received an…
asked 2024-02-07T01:45:43.2433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 40%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Reygie Prieto
0
Reputation points
answered 2024-02-12T07:51:54.2966667+00:00
Sumarigo-MSFT
43,801
Reputation points Microsoft Employee
1 answer
How to modify SecurityContact details through Azure Policy
I am unable to modify the SecurityContact details for a subscription in Azure Policy. I get the following error when saving the policy definition: Editing policy definition 'Email notification to subscription owner' in 'Tenant Root' failed. The policy…
asked 2024-01-24T23:54:11.1766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 28.999999999999996%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWM%3C/text%3E%3C/svg%3E)
WELCH, Matthew
0
Reputation points
commented 2024-02-12T04:38:47.9466667+00:00
SwathiDhanwada-MSFT
17,556
Reputation points
1 answer
How do I enforce using Azure policy a set of NSG rules every time NSG resource is getting deployed in our tenant?
I will need to define and assign a custom Azure policy that would deny creation of NSG resources if the NSG resource doesn't have a set of NSG rules in it (custom NSG rules). These rules will need to be identified using the NSG rule name and priority…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 72%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
1 answer
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy ?? Has anyone done this??
asked 2024-02-08T13:21:35.9633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 49%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
vaibhavshete
0
Reputation points
answered 2024-02-08T21:27:53.0466667+00:00
Luis Arias
4,796
Reputation points