how to add custom property in application insight from apim policies
i need to access my variable values of the apim in application insight's custom properties (inside transaction history ) how can i do it i have tried using trace in my apim policy i have added this in my policy how can i access the value of the…
Is it possible to use Azure Policy to apply CanNotDelete locks at resource level?
I am trying to use Azure Policy to track compliance of resources with or without locks on and if a resource doesn't have a lock on, then apply the lock. I have been able to get Azure Policy to apply CanNotDelete locks at the ResourceGroup level, however…
Looking for Kusto query or a azure policy where an alert should be generated when azure blob data action role permissions are assigned on a built in or custom role for a storage account.
{ "mode": "All", "policyType": "Custom", "displayName": "Audit Blob Data Action Role Permissions Assignments", "description": "Audits when roles with Azure Blob data…
Azure policy is not working on App services
I have created azure policy for app service that do not assign any public IP and set default TLS 1.3 but still I can be able to create app services with default settings.
What Permission is required for configuring Azure policy
What IAM permission is required for creating Azure policy over the Subscription.
How to lock the Vnet peerings like we lock the the resources in resource group once after we create them?
To prevent unauthorized peerings to other Vnets after creation, it's essential to lock the peerings to restrict access for other users from creating unnecessary peerings. How to do that? Can anyone help me out with this? Thanks.
Disable trusted launch Azure VM
Hello Everyone, I have an issue with one of my VM's on Azure. This machine was previously created with Trusted Launch enabled on it(Don't know why). Now, I can't backup it up with my default backup policy, only with enhanced one which is…
While doing remediation in Azure policy assignment getting below error
While doing remediation in Azure policy getting error: Evaluation of DeployIfNotExists policy was unsuccessful. The policy assignment…
I am working on azure policy where an alert will be generated if a RBAC role is assigned with a blob data action permissions on a storage account. Can anyone please help in correcting the code I have written.
{ "mode": "All", "policyType": "Custom", "displayName": "Audit Creation of RBAC Roles for Storage Accounts", "description": "This policy audits any new or updated RBAC…
Exempt Azure policy for Users in specific AD group?
Hello, Is it possible to bypass Azure policy for specific AD users or AD groups while creating objects in AKS
Why ceating private endpoint in existing key vault blocks the public access from all network as well as selected network fails?
In Key Vault, Customer firewall is set to public and some to selected network with list of IPs. As soon as we create private endpoint, all other previous connection with pubic/selected network fails. But based on below documentation, I would like…
How to exclude a group of users in an azure policy from deny action
current situation: there is a zure policy with deny action that prohibits the deletion of resource groups and resources. requirement: create a user group in azure in which every member of that group is excluded from the azure policy deny action
MicrosoftDNSAgent extension
Hello Team, I am planning install/deploy MicrosoftDNSAgent extension. I have already applied AMA policy with DCRs. now planning to choose unified method to deploy and configure MicrosoftDNSAgent extension by policy since AMA and scope specific DCR…
How deny policy or rule inherits from Root Tenant to resource level
I am trying to understand how deny policy/rule works in terms of inheritance. If I create a deny policy of - "not able to create resources" at Root Tenant. Under the root tenant I have a management group IT and a Dev subscription under this…
Deny assignment for data plane actions
Can deny assignments be defined to block data plane actions (prevent deletion of blobs inside a storage account for example)? I know that Blueprints or Azure policy can provide some level of denial to delete actions it doesn't look like it covers data…
Azure initiative for ISO 27001:2022
We have to implement ISO 27001:2022 at Azure Switzerlan. Is there an azure initiative for ISO 27001:2022? There is currently one for ISO27001:2013. Does anyone know what should be changed for 27001:2022?
Extracting resource compliance states | How to download data for resource compliance states in Azure Policies|
I have several Azure Policies, and from the portal If I go to the assignments and look at the policy I can get the compliance percentage and status of each resource (Compliant or not-compliant), However there is no way for me to download to the data to…
Azure Policy for BlobServices
Hi, community! I'm using this policy in order to audit blob versioning: { "properties": { "displayName": "Custom: Configure your Storage account to enable blob versioning", "policyType":…
Anyone knows for sure if, in Azure Portal, they have controls / policies to implement / be controled by Azure, for the new version of ISO 27001:2022 ?
Hello, i need to know if we can add that kind of controls to be assessed by the Azure portal, instead of the ISO 27001:2013, that already has controls listed; is there a way of add / use the new version of ISO (ISO 27001:2022), within the Policy, inside…
Unable to run "az deployment mg create" on Tenant Root Group
Trying to deploy a management group structure via Bicep starting 1 level down from "Tenant Root Group". CLI command az deployment mg create needs to target the Tenant Root Group (which has the same ID as the Tenant ID as per…