RequestDisallowedByPolicy error with Azure resource policy

This article describes the cause of the RequestDisallowedByPolicy error and provides a solution for the error. The error can occur when you deploy resources with an Azure Resource Manager template (ARM template) or Bicep file.


During a deployment, you might receive a RequestDisallowedByPolicy error that prevents you from creating a resource. Azure CLI, Azure PowerShell, and the Azure portal's activity log show similar information about the error. The key elements are the error code, policy assignment, and policy definition.

"statusMessage": "{"error":{"code":"RequestDisallowedByPolicy", "target":"examplenic1207",
  "message":"Resource `examplenic1207` was disallowed by policy. Policy identifiers:

"policyAssignment":{"name":"Network interfaces should not have public IPs",

"policyDefinition":{"name":"Network interfaces should not have public IPs",

The name of a policyAssignment or policyDefinition is the last segment of the id string. The {guid} placeholder represents an Azure subscription ID.


In this example, the error occurred when an administrator attempted to create a network interface with a public IP address. A policy assignment enables enforcement of a built-in policy definition that prevents public IPs on network interfaces.

You can use the name of a policy assignment or policy definition to get more details about a policy that caused the error. The example commands use placeholders for input. For example, replace <policy definition name> including the angle brackets, with the definition name from your error message.

To get more information about a policy definition, use az policy definition show.

defname=<policy definition name>
az policy definition show --name $defname

To get more information about a policy assignment, use az policy assignment show.

rg=<resource group name>
assignmentname=<policy assignment name>
az policy assignment show --name $assignmentname --resource-group $rg


For security or compliance, your subscription administrators might assign policies that limit how resources are deployed. For example, policies that prevent creating public IP addresses, network security groups, user-defined routes, or route tables.

To resolve RequestDisallowedByPolicy errors, review the resource policies and determine how to deploy resources that comply with those policies. The error message displays the names of the policy definition and policy assignment.

For more information, see the following articles: