Troubleshoot the RequestDisallowedByPolicy error code (for cluster deletions)

This article discusses how to identify and resolve the RequestDisallowedByPolicy error that occurs when you try to delete a Microsoft Azure Kubernetes Service (AKS) cluster.


When you try to delete an AKS cluster, you receive the following error message:

internalErrorCode: "RequestDisallowedByPolicy"

StatusCode=403 (forbidden)



Message: "Resource 'aks-agentpool-test-routetable' was disallowed by policy. Policy identifiers: 'policyAssignment: "name: ....Microsoft.Management/managementGroups/test/providers/Microsoft.Authorization/policyAssignments/test"



The RequestDisallowedByPolicyerror can have many policy-related causes. Only customers (not Microsoft) can manage the policies in their environment. Microsoft can't disable or bypass those policies.


Verify that you have permission to make any changes to policy services. If you don't have permission, find someone who has access so that they can make the necessary changes. Also, check the policy name that's causing the problem, and then temporarily deny that rule so that you (or someone who has permission) can do the delete operation.

