We have disabled the azure policy while creating the aks cluster.
But somehow, it is getting enabled after sometime.
How to check where this is being triggered and disable that setting.

We have disabled the azure policy while creating the aks cluster.
But somehow, it is getting enabled after sometime.
How to check where this is being triggered and disable that setting.

@UdayKiranReddyureddy-2664 , Thank you for your question.
Can you please View change history in Azure Activity Logs for the AKS cluster? Under the JSON section, you can find the category field whose value should indicate category of the event like "Administrative", "Policy" etc. as illustrated below.
If there is a policy that enforced the event, you shall find details of the policy under properties.policies in the JSON object, as shown below:
You shall also find in the JSON, claims.appid and other information on the entity that triggered the event under claims and caller. Example:
This might lead you to what is triggering the addition of the AKS Addon for Azure Policy.
During cluster creation itself, we got this in the activity log.
And the user it is showing as my user account.
Is this the relevant activity log?
What is the fix we need to apply then?

Most likely, Azure policy is enabled in Auto provisioning section of Microsoft Defender for Cloud.
Microsoft Defender for Cloud -> Environment Settings -> (pick relevant subscription) -> Auto provisioning -> Microsoft Defender for Containers components (preview) -> Azure Policy for Kubernetes add-on.

13 people are following this question.