question

subbart-8948 avatar image
0 Votes"
subbart-8948 asked subbart-8948 answered

Azure Policy behaviour with first party apps

Team,

We are designing policies for some of our scenarios. We have a basic policy which checks apart from the resourceType if certain property of the resource matches with some value then trigger the “deployifnotexists” effect.


1)When end users update the resource with “PATCH” calls on that property and if it matches the trigger condition then DeployIfExists triggering automatically, putting the resource into compliance state without any user intervention.

2)When the same operation “PATCH” is done by our first party app then “DeployIfExists” not triggering automatically, users need to manually create remediate task to fix the compliance.


Is the difference in behavior expected if the caller is USER vs first party app? Is there a way we can make our first part party service updates same as end user updates from the policy behavior perspective?


Thanks,

Subba

azure-policy
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@subbart-8948 Welcome to Microsoft Q & A Community Forum. Apologies for late response. For a Create/Update (PUT/PATCH) request, DeployIfNotExists triggers on non-compliant resources post request to make them compliant. For existing resources, a DINE assignment can be run through a Remediation Task. For non-compliant resources, this runs the ARM template to make them compliant.

As you mentioned the first party app, can you please share what you meant by first party app ?

0 Votes 0 ·

@subbart-8948 Did you get chance to check my previous comment ? Kindly revert with requested information.

0 Votes 0 ·

1 Answer

subbart-8948 avatar image
1 Vote"
subbart-8948 answered

@SwathiDhanwada-MSFT , I followed up internally, for RPaaS based first party RPs policy is bypassing all the put/patch calls and explains the behavior. Thanks for the follow-up.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.