Hi
So i have deployed this azure policy azurepolicy.json and got quite a few questions.
deployifnotexist works finde BUT, after i switch the settings to off via portal - the policy is not turning them back on as i expected. Why is this, or how can i evaluate "enabled". If somebody turns off the switch, i want this to be turned on automatically again.
If you disable the Auto-shutdown settings, compliance Dashboard still thinks the vm is compliant, why?
To test the policy i did the following:
Create a VM "VM01"
Assign the policy to the scope
Check Compliance Dashboard
Dashboards says surprisingly "Compliant" to the new Assignemnt
Click refresh, Dashboard says "Not started"Wait 15 minutes
Dashboard says "Non-compliant" to VM01
Create new remediation task
Remediation task runs through and the vm is now configured with Aut-shutdown enabled, cool
Check compliance dashboard
This is still Non-compliant. I run Start-AzPolicyComplinaceScan for my RG and wait until it endsCheck compliance Dashboard and it says "Compliant"
On vm01 i set Auto-shutdown to off
Run again Start-AzPolicyComplinceScan and wait until it ends
Comliance Dashboard still says its compliant
Create a 2nd VM in the same RG as vm02
Check the dashboard
Compliance State is still compliant.Run again Start-AzPolicyComplinceScan and wait until it ends
Check the dashboard
VM02 is not in the dashboard, even the settings are now there. Auto-Shutdown vor vm02 is enabled
VM01 has still the settings Auto-Shutdown disabled
Im quite confused how slow and inaccurate Azure Policy service is. How do you guys test and evaluate new policies? Also, i understand that this is a part of the security framework. How can this be so clumsy, slow and inaccurate - this seems to be always out of sync...?