MS Azure - Grant permission to assign Reader role
I need the following set up: Owners of a resource group (who might not be owners of the subscription) should have the ability to assign any role to any user. A custom role should be created. Members assigned to this custom role should only have the…
How to create remediation tasks ( with deploy if not exists) effect . I have contributor ,resource policy contributor . requirement is to create remediation task to push Kubernetes events to eventhub. facing permissions issue
resource identity does not have the necessary permissions to create deployment - Policy deployment fails when I run remediation task
Azure policy how to remove/define the other category
We have assigned a policy to our subscription, at the moment the chart states 3 categories compliant non-compliant other The other category is somewhat confusing, is it possible to change this such that a policy control is either compliant,…
Reporting Azure VM with Extensions + Applications running?
Using PowerShell or any built-in Azure Policy reporting, How can I get the report for any newly deployed Azure Virtual Machine with no specific software running from Virtual Machine | Settings | Extensions + Applications | VM Applications ? Thank you,
creating policy for VMs
I want to apply perodic assement enabled using azure policy which option I should choose in resource type to select virtual machines. microsfot.classic.compute virtual machines OR microsoft.compute.virtual machine? which one? 2. and after applying…
How to exclude the untaggable resources from the enforcement tag policy
We have current tag policy to enforce certain tags on the management group level. however, we would like to create exemption policy to exclude any untaggable Azure resource, eg Solution, Azure DevOps Organization, etc. How can we add it in the…
How to enforce a Tag value on an optional Tag
hello, I want to create an Azure Policy to define the value of a tag, but the tag itself should be optional and not mandatory. Does anybody know if this is possible?
Using a VM applications and Azure Policy to deploy applications
I have setup a Storage account, AZ Computer Gallery, VM application version and VM application definition without issue. I have uploaded the software and was able to test the install. My issue is when trying to use the deployIfNotExists(DINE) it will…
Creating Policies in Azure
How to create a Policy to Inherit the tags from Resource Group to Resources? How to create a Policy to allow only listed tag values?
what happen if i upgrade to pay as you go?
what happen if i upgrade to pay as you go but i also have 200$ free credit. im still able to use 200$ free credit after i upgrade to pay as you go, or it will charge to my bank?
How can we setup azure alert if deny action is recorded on azure policy? Is that possible only using log analytics?
How can we setup azure alert if deny action is recorded on azure policy? Is that possible only using log analytics? Do we have easy way to setup those alerts so that we can get email instantly if any deny action performed
Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action 'Microsoft.Polic
Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action…
Azure Policy Tag add tag if missing
I set a new policy for existing resources to add required tag if missing. scenario1: Resource1 have the following tags and value Tag name = Project Value = ProjSSO Tag name = Purpose Value = app login however if the the policy trigger I received an…
How to modify SecurityContact details through Azure Policy
I am unable to modify the SecurityContact details for a subscription in Azure Policy. I get the following error when saving the policy definition: Editing policy definition 'Email notification to subscription owner' in 'Tenant Root' failed. The policy…
How do I enforce using Azure policy a set of NSG rules every time NSG resource is getting deployed in our tenant?
I will need to define and assign a custom Azure policy that would deny creation of NSG resources if the NSG resource doesn't have a set of NSG rules in it (custom NSG rules). These rules will need to be identified using the NSG rule name and priority…
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy ?? Has anyone done this??
Enforcing Azure Policy for Convert Tags either being all lowercase or all uppercase
"parameters": { "toLowerOrToUpper": { "type": "String", "metadata": { "displayName": "Enforce Lowercase or Uppercase", "description": "If set to Lowercase then…
How to exclude VM auto-shutdown from Tag policy
I recently created policies to enforce the creation of certain tags on new Azure resources. Now when I try to enable auto-shutdown on an existing VM that is otherwise compliant with the tag policy I get an error: Schedule failed to update…
Tags creation and limiting to certain tags only
How to set azure environment to use only specific tags and not allow to create any new tags. Also remove specific existing tag directly from all the VM. Any suggestions?
Azure policy exemption creation using powershell
Trying to create policy exemptions using code as opposed to manually creating them. According to the MS link I have a policy initiative which consists of multiple sub policies. The first issue is that I cannot seem to get the correct -Name passed to…