Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
666 questions
2 answers
MS Azure - Grant permission to assign Reader role
I need the following set up: Owners of a resource group (who might not be owners of the subscription) should have the ability to assign any role to any user. A custom role should be created. Members assigned to this custom role should only have the…
asked 2023-06-02T07:38:20.43+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 0%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Moritz Sohns
0
Reputation points
answered 2024-02-28T05:11:59.8866667+00:00
Mahmoud A. ATALLAH
191
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
How to create remediation tasks ( with deploy if not exists) effect . I have contributor ,resource policy contributor . requirement is to create remediation task to push Kubernetes events to eventhub. facing permissions issue
resource identity does not have the necessary permissions to create deployment - Policy deployment fails when I run remediation task
asked 2024-02-15T12:06:21.6066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 79%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Vignesh Kumar R
20
Reputation points
commented 2024-02-27T04:07:18.55+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SwathiDhanwada-MSFT
17,401
Reputation points
1 answer
Azure policy how to remove/define the other category
We have assigned a policy to our subscription, at the moment the chart states 3 categories compliant non-compliant other The other category is somewhat confusing, is it possible to change this such that a policy control is either compliant,…
asked 2024-01-08T12:30:49.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 39%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MrFlinstone
481
Reputation points
commented 2024-02-26T14:39:58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 43%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Monalla-MSFT
11,636
Reputation points
1 answer
Reporting Azure VM with Extensions + Applications running?
Using PowerShell or any built-in Azure Policy reporting, How can I get the report for any newly deployed Azure Virtual Machine with no specific software running from Virtual Machine | Settings | Extensions + Applications | VM Applications ? Thank you,
asked 2024-02-13T04:00:58.02+00:00
EnterpriseArchitect
4,741
Reputation points
edited the question 2024-02-23T19:31:57.6833333+00:00
JamesTran-MSFT
36,371
Reputation points Microsoft Employee
1 answer
creating policy for VMs
I want to apply perodic assement enabled using azure policy which option I should choose in resource type to select virtual machines. microsfot.classic.compute virtual machines OR microsoft.compute.virtual machine? which one? 2. and after applying…
asked 2024-02-21T11:26:51.41+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 37%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Varma
1,120
Reputation points
commented 2024-02-23T11:23:57.15+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AnuragSingh-MSFT
19,936
Reputation points
1 answer
One of the answers was accepted by the question author.
How to exclude the untaggable resources from the enforcement tag policy
We have current tag policy to enforce certain tags on the management group level. however, we would like to create exemption policy to exclude any untaggable Azure resource, eg Solution, Azure DevOps Organization, etc. How can we add it in the…
asked 2024-02-20T03:06:24.72+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 23%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sun, Scott
20
Reputation points
commented 2024-02-23T02:59:17.77+00:00
SwathiDhanwada-MSFT
17,401
Reputation points
3 answers
One of the answers was accepted by the question author.
How to enforce a Tag value on an optional Tag
hello, I want to create an Azure Policy to define the value of a tag, but the tag itself should be optional and not mandatory. Does anybody know if this is possible?
asked 2024-02-12T15:37:04.9466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 5%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Andreas Tratter
20
Reputation points
accepted 2024-02-20T08:17:03.3266667+00:00
Andreas Tratter
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Using a VM applications and Azure Policy to deploy applications
I have setup a Storage account, AZ Computer Gallery, VM application version and VM application definition without issue. I have uploaded the software and was able to test the install. My issue is when trying to use the deployIfNotExists(DINE) it will…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 63%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
2 answers
Creating Policies in Azure
How to create a Policy to Inherit the tags from Resource Group to Resources? How to create a Policy to allow only listed tag values?
asked 2024-02-17T17:32:31.91+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 66%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Dhanalakshmi
20
Reputation points
edited an answer 2024-02-17T22:38:17.2466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Sina Salam
3,561
Reputation points
2 answers
One of the answers was accepted by the question author.
what happen if i upgrade to pay as you go?
what happen if i upgrade to pay as you go but i also have 200$ free credit. im still able to use 200$ free credit after i upgrade to pay as you go, or it will charge to my bank?
asked 2022-08-31T22:56:56.83+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 21%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
chy
26
Reputation points
commented 2024-02-16T22:40:54.1166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 55.00000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBG%3C/text%3E%3C/svg%3E)
Bhalaji Gunasekaran
0
Reputation points
2 answers
How can we setup azure alert if deny action is recorded on azure policy? Is that possible only using log analytics?
How can we setup azure alert if deny action is recorded on azure policy? Is that possible only using log analytics? Do we have easy way to setup those alerts so that we can get email instantly if any deny action performed
asked 2024-02-07T02:35:40.59+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 73%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Techtester
0
Reputation points
commented 2024-02-16T06:11:35.89+00:00
SwathiDhanwada-MSFT
17,401
Reputation points
1 answer
Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action 'Microsoft.Polic
Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action…
asked 2024-02-09T19:11:58.8566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 97%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVN%3C/text%3E%3C/svg%3E)
Venkataramana Nagarajan
0
Reputation points Microsoft Employee
commented 2024-02-15T07:04:55.64+00:00
SwathiDhanwada-MSFT
17,401
Reputation points
1 answer
Azure Policy Tag add tag if missing
I set a new policy for existing resources to add required tag if missing. scenario1: Resource1 have the following tags and value Tag name = Project Value = ProjSSO Tag name = Purpose Value = app login however if the the policy trigger I received an…
asked 2024-02-07T01:45:43.2433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 40%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Reygie Prieto
0
Reputation points
answered 2024-02-12T07:51:54.2966667+00:00
Sumarigo-MSFT
43,721
Reputation points Microsoft Employee
1 answer
How to modify SecurityContact details through Azure Policy
I am unable to modify the SecurityContact details for a subscription in Azure Policy. I get the following error when saving the policy definition: Editing policy definition 'Email notification to subscription owner' in 'Tenant Root' failed. The policy…
asked 2024-01-24T23:54:11.1766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 28.999999999999996%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWM%3C/text%3E%3C/svg%3E)
WELCH, Matthew
0
Reputation points
commented 2024-02-12T04:38:47.9466667+00:00
SwathiDhanwada-MSFT
17,401
Reputation points
1 answer
How do I enforce using Azure policy a set of NSG rules every time NSG resource is getting deployed in our tenant?
I will need to define and assign a custom Azure policy that would deny creation of NSG resources if the NSG resource doesn't have a set of NSG rules in it (custom NSG rules). These rules will need to be identified using the NSG rule name and priority…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 72%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
1 answer
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy ?? Has anyone done this??
asked 2024-02-08T13:21:35.9633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 49%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
vaibhavshete
0
Reputation points
answered 2024-02-08T21:27:53.0466667+00:00
Luis Arias
4,721
Reputation points
2 answers
Enforcing Azure Policy for Convert Tags either being all lowercase or all uppercase
"parameters": { "toLowerOrToUpper": { "type": "String", "metadata": { "displayName": "Enforce Lowercase or Uppercase", "description": "If set to Lowercase then…
asked 2022-01-12T15:06:36.143+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 30%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Madhur Asati
1
Reputation point
answered 2024-02-08T13:28:51.5733333+00:00
Andreas Tratter
20
Reputation points
1 answer
How to exclude VM auto-shutdown from Tag policy
I recently created policies to enforce the creation of certain tags on new Azure resources. Now when I try to enable auto-shutdown on an existing VM that is otherwise compliant with the tag policy I get an error: Schedule failed to update…
asked 2023-09-18T20:30:28.51+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 89%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEK%3C/text%3E%3C/svg%3E)
Elliott Kurtz
5
Reputation points
commented 2024-02-06T17:49:01.7433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 90%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETF%3C/text%3E%3C/svg%3E)
Tylan Fowler
0
Reputation points
1 answer
Tags creation and limiting to certain tags only
How to set azure environment to use only specific tags and not allow to create any new tags. Also remove specific existing tag directly from all the VM. Any suggestions?
asked 2023-01-10T12:53:55.66+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 0%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESY%3C/text%3E%3C/svg%3E)
Shekar Yenagandula
116
Reputation points
commented 2024-02-06T05:03:28.7766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 36%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
Lucy S
0
Reputation points
1 answer
Azure policy exemption creation using powershell
Trying to create policy exemptions using code as opposed to manually creating them. According to the MS link I have a policy initiative which consists of multiple sub policies. The first issue is that I cannot seem to get the correct -Name passed to…
asked 2024-01-15T17:25:59.07+00:00
MrFlinstone
481
Reputation points
commented 2024-02-05T23:33:27.5433333+00:00
MrFlinstone
481
Reputation points