OneDrive -storage is full, can't delete old file versions because a retenetion policy prevents it
Hello I want to delete a retention policy in Microsoft Purview / Data lifecycle management. Theoretically when I click the checkbox on the policy, Edit option should show up. And although I am the Global Administrator - that doesn't happen. Any idea…
How to create a overview over all VMs and his CIS compliance status?
Is there any way to generate an overview to see the CIS compliance coverage over all virtual maschines? Me problem is, we need to use CIS Images vor VMs but some applications need the possibility to deactivate some of the CIS rules to work correctly. So…
Azure Policy Deployifnotexist Nested Templates and Parameters
Hello, I have a policy to deploy an alert on all subs not having it (as you can not create alert with MG group scope for now)...And I was not able to have parameters bein taken into account from the Policy down to the two nested templates for the…
Azure Policy & VM JIT - Do not allow Any as source
I am currently trying to prevent users from requesting Azure JIT VM access coming from the Source IP addresses "Any". According to this thread, https://learn.microsoft.com/en-us/answers/questions/846584/azure-vm-jit-do-not-allow-any-as-source ,…
Bug in built-in activity log alert should exist policies
We use the following built-in policies to ensure activity log alerts are created for certain…
Unable to add application access policy: The remote name could not be resolved 'webdir.online.lync.com'
I am unable to add an application access policy to my organization due to the following error: I need an application access policy as my organization would like to use Microsoft Graph API and application access policy is needed for some of the APIs.
azure policy to check managedby property of resource group
hi, i m trying to create azure policy to make sure the mangedby property is set when creating resources group using terraform. { "field": "type", "equals": "Microsoft.Resources/resourceGroups/managedBy" } but…
Azure VM JIT - Do not allow Any as source
Hello gents, I'm having some issues with JIT for Azure VMs. We want to use JIT to allow externals (Third-parties or contractors) to access specifics VMs remotely. As we have an huge list of externals (big enterprise, long list of applications…
Azure Policy target only windows
Hello! :) I am fairly new to Azure Policy, I am trying to create a policy to target windows servers that doesn't have AHUB enabled, however this policy keeps getting Linux machines in aswell. Why is that, when I state it should be windowsserver or…
Azure Policy- Remediating Managed Disks to Disable Public Access+Disable Private Endpoint
Hello Microsoft and Community, There is a built in policy for Managed Disks: Managed disks should disable public network access and there is one remediation/configuration called: Configure managed disks to disable public network access But,on closer…
I am using the azure policy to whitelist the domain for outbound connectivity from Azure Data Factory to other services. But facing issues in connectivity due to throttling applied on policy.
I am using the azure policy (https://learn.microsoft.com/en-us/azure/data-factory/configure-outbound-allow-list-azure-policy) which is applied at resource group level. This policy is working as expected and is only allowing outbound connectivity to the…
How to automate turning off or suspending some Azure services to save money?
What Azure objects can we suspend or turn off outside business hours to save running costs? App Service: The app service implements the message compose experience in the team tab and the messaging endpoint for the bot. Service Bus: The individual…
Implement exemption in Azure Policies via using Tags and its value.
We have different sets of resources in our environment and need to implement some policies for audit and deny. However, we are not able to figure out how to exclude resources based on their tags and its value. We cannot just exclude whole RGs or subs.…
How to access a <send-request> reponse variable in azure apim policies
I am trying to add a oauth2 callout to my azure apim policy. I do a <send-request> <send-request mode="new" response-variable-name="tokenResponse" timeout="20" ignore-error="false"> …
Azure APIM Developer Portal - Need help with handling CORS errors
Hello, I'm trying to test an API operation, but when I provide an invalid subscription key, the error message returned is related to CORS rather than an invalid subscription error message. However, I receive a success response when using a valid…
VM Extension Tagging
Is it possible to create a policy to tag VM extensions via inherit tags from resource group policy?
Why is Azure DevTest Labs deploying an storage account with TLS 1.0? It is not configureable
DevTest Labs provisions a number of resources on deployment, including a storage account. Aside from not being able to set mandatory tags on any of these resources, the ultimate roadblock is that the storage account is configured with TLS 1.0 by default.…
Authorization error from deploying management group to tenant using az cli with owner/contributor role.
Below is the error I got trying to deploy new management group. I have contributor role on my service principle. {"code": "AuthorizationFailed", "message": "The client '' with object id '' does not have…
Check for multiple tag names in an array instead of individual parameters?
I want to check for the existence of a large quantity of tag names (not values) and I would like to specify the tag names in an array instead of creating a separate parameter for each name. Is that possible? For example, here is the method for checking…
Your subscription and services will be deleted
My subscription was inactive due to a payment problem in my account. Then, when I contacted azure support, they asked me for the following documents. LinkedIn/GitHub/FB profiles (Required) Driver's licence, Voter's ID, Company ID, School ID…