How to access a <send-request> reponse variable in azure apim policies
I am trying to add a oauth2 callout to my azure apim policy. I do a <send-request> <send-request mode="new" response-variable-name="tokenResponse" timeout="20" ignore-error="false"> …
User logout from all devices after change/forgot password is not working.
Hi, we are trying to logout user from all the devices after change/forgot password. We are using custom policy for it. We started with this documentation: https://github.com/azure-ad-b2c/samples/tree/master/policies/revoke-sso-sessions And using…
Regulatory compliance reports not accurately affecting security
I have some regulatory compliance reports still showing unhealthy resources 3 days after the problem as been remediated. Any idea why this could be happening?
Azure APIM Developer Portal - Need help with handling CORS errors
Hello, I'm trying to test an API operation, but when I provide an invalid subscription key, the error message returned is related to CORS rather than an invalid subscription error message. However, I receive a success response when using a valid…
How to mask or hide OCP apim subscription key from being displayed in azure portal
Can we hide/mask OCP apim subscription key which is called from KeyVault to display in azure portal apim policies.
VM Extension Tagging
Is it possible to create a policy to tag VM extensions via inherit tags from resource group policy?
Why is Azure DevTest Labs deploying an storage account with TLS 1.0? It is not configureable
DevTest Labs provisions a number of resources on deployment, including a storage account. Aside from not being able to set mandatory tags on any of these resources, the ultimate roadblock is that the storage account is configured with TLS 1.0 by default.…
Authorization error from deploying management group to tenant using az cli with owner/contributor role.
Below is the error I got trying to deploy new management group. I have contributor role on my service principle. {"code": "AuthorizationFailed", "message": "The client '' with object id '' does not have…
Check for multiple tag names in an array instead of individual parameters?
I want to check for the existence of a large quantity of tag names (not values) and I would like to specify the tag names in an array instead of creating a separate parameter for each name. Is that possible? For example, here is the method for checking…
Azure Policy- Remediating Managed Disks to Disable Public Access+Disable Private Endpoint
Hello Microsoft and Community, There is a built in policy for Managed Disks: Managed disks should disable public network access and there is one remediation/configuration called: Configure managed disks to disable public network access But,on closer…
Your subscription and services will be deleted
My subscription was inactive due to a payment problem in my account. Then, when I contacted azure support, they asked me for the following documents. LinkedIn/GitHub/FB profiles (Required) Driver's licence, Voter's ID, Company ID, School ID…
What Permission is required for configuring Azure policy
What IAM permission is required for creating Azure policy over the Subscription.
Getting an syntax error when I want to create a policy definition with Azure CLI in on Windows
I'm quite new in Azure Cloud. I'm getting an syntax error when I want to create a policy definition with Azure CLI in on Windows: az policy definition create --name 'denyCoolTiering' --description ' Deny cool access tiering for storage' --rules…
Is it possible to use Azure Policy to apply CanNotDelete locks at resource level?
I am trying to use Azure Policy to track compliance of resources with or without locks on and if a resource doesn't have a lock on, then apply the lock. I have been able to get Azure Policy to apply CanNotDelete locks at the ResourceGroup level, however…
We have a case where we are trying to fetch the calendar events using the getSchedule api, where we are using the client credentials flow and given the access policy to the mail-enabled security group with the user in the shared maill box
we are trying to use the client credentials flow token to fetch the free busy events of the users so we have given the application access policy to the mail-enabled security group with a single-user email which is a shared email so when we try…
Can we know the region of the Peered Vnet using Azure Polcies
Can we know the region of the Peered Vnet using Azure Polcies for eg there is a vnet named demo_vnet which is peered with another vnet named as shared_vnet present in a different subscription and i want to know the region of the shared_vnet, can i find…
Confused with Module 3 - Policy Management at https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Onboarding/Modules/3-Policy-Management.md#step-3---assign-and-customize-the-mdc-default-policy
Hi, I am reading the onboarding process and reached module 3 at https://github.com/Azure/Microsoft-Defender-for-Cloud/blob/main/Onboarding/Modules/3-Policy-Management.md#step-3---assign-and-customize-the-mdc-default-policy I have already activated all…
Assistance with nsg rule azure policy
Hello, I am having trouble creating an azure policy that adds and modifies default nsg rules if they do not match what is defined in the policy using the deployIfNotExists effect.. I am getting the error that the "deployment definition is…
Custom Azure policy "Logic apps should use the latest TLS version"
Hello, I need to create a custom policy for Logic Apps. There is already a built-in policy in Azure for App service and Function apps. App service (App Service apps should use the latest TLS version) - Definition ID:…
Applying azure PCI DSS4 regulatory complaince policy for passwords
Hi, I am trying to assign PCI DSS4 Defender for cloud regulatory compliance policy for passwords - Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords- where count is 24 Audit Windows machines that…