Unable to run "az deployment mg create" on Tenant Root Group
Trying to deploy a management group structure via Bicep starting 1 level down from "Tenant Root Group". CLI command az deployment mg create needs to target the Tenant Root Group (which has the same ID as the Tenant ID as per…
how to make azure policy definition script that limits the number of resources per resource group? how to make azure policy definition script that limits the number of resources per resource group?
I want to limit the number of resources per resource group. For example, I would like to limit the creation of a maximum of 2 virtual machines and a maximum of 1 DB per resource group. My questions are: Does an Azure Policy Definition that satisfies…
After applying Azure policy for auto update for flagged VM its flagging
created new azure policy for VM automatic update on flagged vm but it still flagging. update name: "Microsoft .NET Core Security Update for January 2024" after update also it still showing old version only. how to auto update this issue using…
Custom azure policy to enable automatic VM guest patching
I would like to enable Automatic VM guest patching using Azure Policy with DeployIfNotExist mode. I drafted a definition but it does not seems to work properly (it shows non compliant VM as compliant). { "mode": "All", …
Issue on connecting tenant id and subscription id
error fetching tenantID and subscriptionID from Azure CLI (are you logged on using az login?): failed to open file (C:\Users\ADMIN.azure\azureProfile.json) while loading token: open C:\Users\ADMIN.azure\azureProfile.json: The system cannot find the path…
How can an Azure policy assess SQL Azure database capacity?
I have a parameter "maxCores": { "type": "Integer", "metadata": { "displayName": "Max Capacity", "description": "The max cores or DTUs that can…
Azure Policy trigger on Azure Budget alert
We need to assign azure policy to deny the creation of new resources to a subscription whose budget has been reached. And once it is below limit, the policy should be removed from that subscription automatically .So how can we integrate Azure Policy…
Azure arc machine configuration deployment error
Hello I am attempting to deploy sample machine configuration for an Azure arc machine resource following the steps mentioned in https://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/overview except for…
Unable to apply Custom Guest Configuration on Linux VMs using the nxModule
Using Azure Policy, Im (unsuccessfully) applying a Custom Guest Configuration that uses the nxPackage and nxService. Troubleshooting led to me to manually apply the config using the Start-GuestConfigurationPackageRemediation cmdlet with the Verbose flag.…
Azure Policy | How do i configure according to my need?
How can i make azure that i can only access the always free services and dont go beyond the quota. is it possible to make a policy for it and so how do i??? I want to just use the free services of azure that are available for free and dont cost…
What are the Azure policies i can implement to be compliant for European DORA act
As per the new Digital operational resiliency act, any financial services operating in europe need to be compliant by Jan 2025. For more reading please see the…
Create Azure Policy to add role to resource group
Hello. I would like to create Azure Policy on subscription that will ensure, that to all resource groups (new and existing) that starts with 'xyz-' a role 'owner' will be granted to user with ID 'principalId'. Here is my code: { "mode":…
Azure Policy Assignment name discrepancy in powershell output and azure portal
Hello , I am working on a pester test with a policy with some powershell scripts , i have deployed 2 storage accounts in azure and both are compliant with the policy which i have assigned. The powershell output different AssignmentName for one of the…
Azure APIM - CORS policy
Hello, I am currently facing issue with CORS issue in Azure APIM with my API. I added below CORS policy Inbound only to my API on All Operations, where for testing in I have kept all open where I am allowing any Origin, Header and Methods. This is still…
iam creating policy to enable custom script extension through policy but its not working as iam using free trail in free trail it will work or not
{ "mode": "All", "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Compute/virtualMachines" …
Cannot assign a policy to Subscription or Resource Group from console
When I try to assign a policy to Subscription or Resource Group from the console, I get the error message: You cannot perform this action without the following permissions over selected scope (Microsoft.Authorization/PolicyAssignments/write)
Custom azure policy for vm selection using notlike for tags
Hello, I am debugging azure policy and still get wrong compliance status. For example I have two azure arc VM with tags: ClientCode: ggg and Environment: dev ClientCode: hhh and Environment: acc My policy should pick up that servers as compliant,…
How to Implement Network Policy to Restrict Network Access to Azure Resources Based on IP Addresses?
Hello, I’m looking for guidance on how to automatically restrict network inbound and outbound traffic to all Azure resources. Specifically, I want to ensure that only users with certain IP addresses can access the endpoints. The challenge is that I’m not…
Azure Policy DeployIfNotExists is not adding diagnostic setting configuration for event hub automatically
Two initiatives with multiple policies have been assigned at the management group level for every type of resource that can have a diagnostic setting to send log to the event hub. One initiative is for custom policies and the other is for built-in…
How can I find Azure Policy or Blueprints to apply for HITRUST
I am having a difficult time finding the pre-built set of Azure Policy or Azure Blueprints that correspond to HITRUST? There are a lot of articles in MS Learn but none that give instructions on how to actually deploy. Could anyone advise on where to…