Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action 'Microsoft.Polic
Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action…
Azure Policy Tag add tag if missing
I set a new policy for existing resources to add required tag if missing. scenario1: Resource1 have the following tags and value Tag name = Project Value = ProjSSO Tag name = Purpose Value = app login however if the the policy trigger I received an…
How to modify SecurityContact details through Azure Policy
I am unable to modify the SecurityContact details for a subscription in Azure Policy. I get the following error when saving the policy definition: Editing policy definition 'Email notification to subscription owner' in 'Tenant Root' failed. The policy…
How do I enforce using Azure policy a set of NSG rules every time NSG resource is getting deployed in our tenant?
I will need to define and assign a custom Azure policy that would deny creation of NSG resources if the NSG resource doesn't have a set of NSG rules in it (custom NSG rules). These rules will need to be identified using the NSG rule name and priority…
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy ?? Has anyone done this??
Enforcing Azure Policy for Convert Tags either being all lowercase or all uppercase
"parameters": { "toLowerOrToUpper": { "type": "String", "metadata": { "displayName": "Enforce Lowercase or Uppercase", "description": "If set to Lowercase then…
How to exclude VM auto-shutdown from Tag policy
I recently created policies to enforce the creation of certain tags on new Azure resources. Now when I try to enable auto-shutdown on an existing VM that is otherwise compliant with the tag policy I get an error: Schedule failed to update…
Tags creation and limiting to certain tags only
How to set azure environment to use only specific tags and not allow to create any new tags. Also remove specific existing tag directly from all the VM. Any suggestions?
Azure policy exemption creation using powershell
Trying to create policy exemptions using code as opposed to manually creating them. According to the MS link I have a policy initiative which consists of multiple sub policies. The first issue is that I cannot seem to get the correct -Name passed to…
How to Enforce a Tag With a Predefined Value
I want an Azure policy in place that requires all new resources to have an "Environment" tag. With that tag I only want there to be three acceptable values: Test, Prod and Dev. If the value doesn't meet the predefined value, it fails…
Azure Policy and App Services TLS
Hello, I'm puzzled on an Azure Policy to restrict TLS version on App Services. I set a new Azure Policy to deny deployment if minTlsVersion doesn't equal 1.2. For new deployment, it works fine. However, going back to the App Services General settings, if…
Policy Compliance error - Current value must not be equal to the target value.
Hello All, I am deploying a policy to create an NSG rule. The policy does create a new rule, and there are no errors once assigned. But compliance fails with the error below. I am using the policy from the below…
Can i create an Azure Policy definition that checks which Virtual Machines have Inventory enabled
Hello, I am looking to create an Azure Policy Definition that will check which Virtual Machines have Inventory enabled. Is this possible?? In the definition JSON, i have attempted the below... But cannot find what I should enter in place of the…
Deny public access policy not working in Azure
I have used the built in Azure policy which stops public network access for sql server and sql database, the option for sql server doesnt give you the option to deny, however public access for SQL database has an option to deny. I assigned these 2…
Multiple Single-factor authentication failures from what seems to be a compromised users
I have noticed in the past month about 900 failed sign in's from what I guess are compromised usernames. They are all reporting as failed, Password in the cloud, password incorrect. So I guess these are all brute force attempts, they are recorded as…
Azure Policy Compliance error - Failed to register the assignments scopes to Microsoft.PolicyInsights provider
Hello, I can assign Azure policy without any issues. But when I click "Compliance," I get the error below. Thanks, in advance.
How to create a custom policy to disable Azure Storage Account firewall option?
I want to disable the Azure Storage Account firewall option. Forcing traffic to use Private EndPoint. I have found a few policies, but it is not disabling the feature. I would like to disable the option that is underlined in red. Thanks in advance.
Is there a way to exclude resource groups that contain the word databricks from policy assignment ?
Hi - We have a number of policies that check if diagnostic settings are created for resources. Since databricks uses a managed resource group, these policies always show non-compliant. Is there a way i could use a '*' in the policy definition to…
Creating a custom Azure Policy definition
Hi everyone, I'm working on creating a custom Azure Policy. I need to allow a small group of users, let’s call them user A, B and C, to access a few specific Blob containers (in a storage account). I don't want to allow the users directly. I want to…
During VM creation, why is the RDP open to Internet rule bypassing NSG policy to deny inbound rule for 3389 for Source Addresses outside of our whitelist?
3389 is successfully blocked by policy on an NSG when a user tries to create an inbound allow rule outside of our whitelist of sourceAddressPrefix for 3389, or any range that includes it (including '*'). The problem is when deploying a VM, if the RDP…