@Matthew Dowst I have tested your scenario with one of the built-in policy set "Enable Azure Monitor for VMs" by assigning this to subscription using below ARM template. However, I couldn't reproduce the issue you were facing. Kindly revert if you are still facing the issue.
{
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"policyAssignmentName": {
"type": "string",
"defaultValue": "[guid(parameters('policyDefinitionID'), resourceGroup().name)]",
"metadata": {
"description": "Specifies the name of the policy assignment, can be used defined or an idempotent name as the defaultValue provides."
}
},
"policyDefinitionID": {
"type": "string",
"metadata": {
"description": "Specifies the ID of the policy definition or policy set definition being assigned."
}
},
"logAnalytics_1": {
"type": "string"
},
"location": {
"type": "string"
}
},
"resources": [
{
"type": "Microsoft.Authorization/policyAssignments",
"name": "[parameters('policyAssignmentName')]",
"apiVersion": "2019-09-01",
"properties": {
"scope": "[subscription().id]",
"policyDefinitionId": "[parameters('policyDefinitionID')]",
"parameters": {
"logAnalytics_1": {
"value": "[parameters('logAnalytics_1')]"
}
}
},
"identity": {
"type": "SystemAssigned"
},
"location": "[parameters('location')]"
}
]
}