Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
799 questions
1 answer
Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action 'Microsoft.Polic
Failed to register the assignments scopes to Microsoft.PolicyInsights provider with the following failure: The client 'VNAGARAJAN@ame.gbl' with object id '512febd4-7fa6-4c8b-be98-df79ea2ccc58' does not have authorization to perform action…
asked 2024-02-09T19:11:58.8566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 97%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVN%3C/text%3E%3C/svg%3E)
Venkataramana Nagarajan
0
Reputation points Microsoft Employee
commented 2024-02-15T07:04:55.64+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SwathiDhanwada-MSFT
17,726
Reputation points
1 answer
Azure Policy Tag add tag if missing
I set a new policy for existing resources to add required tag if missing. scenario1: Resource1 have the following tags and value Tag name = Project Value = ProjSSO Tag name = Purpose Value = app login however if the the policy trigger I received an…
asked 2024-02-07T01:45:43.2433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 40%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Reygie Prieto
0
Reputation points
answered 2024-02-12T07:51:54.2966667+00:00
Sumarigo-MSFT
43,806
Reputation points Microsoft Employee
1 answer
How to modify SecurityContact details through Azure Policy
I am unable to modify the SecurityContact details for a subscription in Azure Policy. I get the following error when saving the policy definition: Editing policy definition 'Email notification to subscription owner' in 'Tenant Root' failed. The policy…
asked 2024-01-24T23:54:11.1766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 28.999999999999996%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWM%3C/text%3E%3C/svg%3E)
WELCH, Matthew
0
Reputation points
commented 2024-02-12T04:38:47.9466667+00:00
SwathiDhanwada-MSFT
17,726
Reputation points
1 answer
How do I enforce using Azure policy a set of NSG rules every time NSG resource is getting deployed in our tenant?
I will need to define and assign a custom Azure policy that would deny creation of NSG resources if the NSG resource doesn't have a set of NSG rules in it (custom NSG rules). These rules will need to be identified using the NSG rule name and priority…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 72%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EG%3C/text%3E%3C/svg%3E)
1 answer
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy
How can I change just the name of Azure TAG by not touching the value. can this be achieved by Policy ?? Has anyone done this??
asked 2024-02-08T13:21:35.9633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 49%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
vaibhavshete
0
Reputation points
answered 2024-02-08T21:27:53.0466667+00:00
Luis Arias
5,046
Reputation points
2 answers
Enforcing Azure Policy for Convert Tags either being all lowercase or all uppercase
"parameters": { "toLowerOrToUpper": { "type": "String", "metadata": { "displayName": "Enforce Lowercase or Uppercase", "description": "If set to Lowercase then…
asked 2022-01-12T15:06:36.143+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 30%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Madhur Asati
1
Reputation point
answered 2024-02-08T13:28:51.5733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 5%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAT%3C/text%3E%3C/svg%3E)
Andreas Tratter
20
Reputation points
1 answer
How to exclude VM auto-shutdown from Tag policy
I recently created policies to enforce the creation of certain tags on new Azure resources. Now when I try to enable auto-shutdown on an existing VM that is otherwise compliant with the tag policy I get an error: Schedule failed to update…
asked 2023-09-18T20:30:28.51+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 89%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEK%3C/text%3E%3C/svg%3E)
Elliott Kurtz
5
Reputation points
commented 2024-02-06T17:49:01.7433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 90%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETF%3C/text%3E%3C/svg%3E)
Tylan Fowler
0
Reputation points
1 answer
Tags creation and limiting to certain tags only
How to set azure environment to use only specific tags and not allow to create any new tags. Also remove specific existing tag directly from all the VM. Any suggestions?
asked 2023-01-10T12:53:55.66+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 0%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESY%3C/text%3E%3C/svg%3E)
Shekar Yenagandula
116
Reputation points
commented 2024-02-06T05:03:28.7766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 36%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELS%3C/text%3E%3C/svg%3E)
Lucy S
0
Reputation points
1 answer
Azure policy exemption creation using powershell
Trying to create policy exemptions using code as opposed to manually creating them. According to the MS link I have a policy initiative which consists of multiple sub policies. The first issue is that I cannot seem to get the correct -Name passed to…
asked 2024-01-15T17:25:59.07+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 39%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MrFlinstone
481
Reputation points
commented 2024-02-05T23:33:27.5433333+00:00
MrFlinstone
481
Reputation points
1 answer
One of the answers was accepted by the question author.
How to Enforce a Tag With a Predefined Value
I want an Azure policy in place that requires all new resources to have an "Environment" tag. With that tag I only want there to be three acceptable values: Test, Prod and Dev. If the value doesn't meet the predefined value, it fails…
asked 2024-02-02T18:31:12.1933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 40%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
PhrygianMode
20
Reputation points
accepted 2024-02-05T16:32:42.21+00:00
PhrygianMode
20
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure Policy and App Services TLS
Hello, I'm puzzled on an Azure Policy to restrict TLS version on App Services. I set a new Azure Policy to deny deployment if minTlsVersion doesn't equal 1.2. For new deployment, it works fine. However, going back to the App Services General settings, if…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 69%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
1 answer
Policy Compliance error - Current value must not be equal to the target value.
Hello All, I am deploying a policy to create an NSG rule. The policy does create a new rule, and there are no errors once assigned. But compliance fails with the error below. I am using the policy from the below…
asked 2024-01-30T01:55:47.7666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 79%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Madhu Rao
40
Reputation points
commented 2024-02-05T08:07:15.9066667+00:00
SwathiDhanwada-MSFT
17,726
Reputation points
1 answer
One of the answers was accepted by the question author.
Can i create an Azure Policy definition that checks which Virtual Machines have Inventory enabled
Hello, I am looking to create an Azure Policy Definition that will check which Virtual Machines have Inventory enabled. Is this possible?? In the definition JSON, i have attempted the below... But cannot find what I should enter in place of the…
asked 2024-01-11T17:55:40.0133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 63%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Peter Casey
20
Reputation points
accepted 2024-02-01T16:02:07.03+00:00
Peter Casey
20
Reputation points
2 answers
Deny public access policy not working in Azure
I have used the built in Azure policy which stops public network access for sql server and sql database, the option for sql server doesnt give you the option to deny, however public access for SQL database has an option to deny. I assigned these 2…
asked 2024-01-25T23:25:15.5766667+00:00
MrFlinstone
481
Reputation points
commented 2024-01-31T18:52:33.24+00:00
Oury Ba-MSFT
16,636
Reputation points Microsoft Employee
2 answers
Multiple Single-factor authentication failures from what seems to be a compromised users
I have noticed in the past month about 900 failed sign in's from what I guess are compromised usernames. They are all reporting as failed, Password in the cloud, password incorrect. So I guess these are all brute force attempts, they are recorded as…
asked 2022-11-29T16:54:45.093+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 34%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDE%3C/text%3E%3C/svg%3E)
Daoust, Eric
6
Reputation points
answered 2024-01-30T23:01:24.2966667+00:00
David Broggy
5,681
Reputation points MVP
1 answer
One of the answers was accepted by the question author.
Azure Policy Compliance error - Failed to register the assignments scopes to Microsoft.PolicyInsights provider
Hello, I can assign Azure policy without any issues. But when I click "Compliance," I get the error below. Thanks, in advance.
2 answers
One of the answers was accepted by the question author.
How to create a custom policy to disable Azure Storage Account firewall option?
I want to disable the Azure Storage Account firewall option. Forcing traffic to use Private EndPoint. I have found a few policies, but it is not disabling the feature. I would like to disable the option that is underlined in red. Thanks in advance.
7 answers
Is there a way to exclude resource groups that contain the word databricks from policy assignment ?
Hi - We have a number of policies that check if diagnostic settings are created for resources. Since databricks uses a managed resource group, these policies always show non-compliant. Is there a way i could use a '*' in the policy definition to…
asked 2022-01-25T18:55:43.17+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 0%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Pookat, Sanal (MBHC 21)
26
Reputation points
edited the question 2024-01-29T10:33:25.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
AnuragSingh-MSFT
20,431
Reputation points
1 answer
Creating a custom Azure Policy definition
Hi everyone, I'm working on creating a custom Azure Policy. I need to allow a small group of users, let’s call them user A, B and C, to access a few specific Blob containers (in a storage account). I don't want to allow the users directly. I want to…
asked 2024-01-17T17:11:41.73+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 85%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Marco
45
Reputation points
commented 2024-01-25T21:17:27.4366667+00:00
JamesTran-MSFT
36,461
Reputation points Microsoft Employee
0 answers
During VM creation, why is the RDP open to Internet rule bypassing NSG policy to deny inbound rule for 3389 for Source Addresses outside of our whitelist?
3389 is successfully blocked by policy on an NSG when a user tries to create an inbound allow rule outside of our whitelist of sourceAddressPrefix for 3389, or any range that includes it (including '*'). The problem is when deploying a VM, if the RDP…
asked 2024-01-22T17:08:15.6333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 76%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
NN
0
Reputation points
commented 2024-01-24T04:17:30.4966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 27%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
v-vvellanki-MSFT
4,055
Reputation points Microsoft Vendor