I have enabled the periodic assessment of this VM through azure policy but still periodic assessment is not enabled.
I have enabled the periodic assessment of this VM through azure policy but still periodic assessment is not enabled.
Policy definition "Windows machines should be configured to use secure communication protocols" is being wrongly applied to Windows11 machines.
I have some windows 11 machines and they are being flagged by Microsoft Defender for Cloud saying "Windows machines should be configured to use secure communication protocols". But when I research this issue I found out that Windows 11 has…
Need to create a policy which allows specific users for cluster creation in azure databricks
Need help to create a policy which allows specific users for cluster creation in azure databricks
Azure Defender for cloud Settings | Security policies
Guideline to create Azure Defender for cloud Settings | Security policies
Dynamic 'kid' Usage in Azure APIM Validate-JWT Policy
We currently use hardcoded exponent and modulus values within the
Create alert if somebody creates application registration with not single tenant
Hi all, I am looking for a way to prevent/notify creating application registration with not a single tenant. I have checked many articles about it and summarized for myself next: Direct enforcement of "Single Tenant" for App Registrations via…
How to convert existing API Management named values from Secret type to Key Vault reference
I have received Azure Advisor recommendations regarding API Management security enhancement, specifically stating that 'API Management secret named values should be stored in Azure Key Vault.' In our organization, we have multiple API Management…
Can you link a log analytic workspace to a dedicated cluster by a policy?
We want to deploy a dedicated cluster and enforce people to be linked to this cluster with their LAW automatically. Is this possible to be done by a policy? Or is there a better "best practise" way of (automatically) linking workspaces to a…
How to create a custom policy to disable Azure Storage Account firewall option?
I want to disable the Azure Storage Account firewall option. Forcing traffic to use Private EndPoint. I have found a few policies, but it is not disabling the feature. I would like to disable the option that is underlined in red. Thanks in advance.
Manage Azure policy using github
Dear community, I'm looking for guidance on how to export azure policy into github and use the git hub actions to deploy the same. I've tried to searching for relevant documentation. However, its not properly available. With github export no longer an…
Problems with Microsoft Defender for Cloud identity recommendations V2
The new set of identity related recommendations when GA on 2023-05-01: https://github.com/MicrosoftDocs/azure-docs/commit/aba0c46fdabe84065951c96a7df75333a0493cac#diff-dbd404e58cedaa40736d88385d006caf82189af9cac95af849538aab5c5b57d8L70-L78 As a result…
Azure built-in compliance standard for ISO 27001:2022
Is it planned to offer the compliance standard for ISO 27001:2022 y Azure regulation compliance initiatives?
Azure initiative for ISO 27001:2022
We have to implement ISO 27001:2022 at Azure Switzerlan. Is there an azure initiative for ISO 27001:2022? There is currently one for ISO27001:2013. Does anyone know what should be changed for 27001:2022?
Creating a Dashboard for Azure Policy Initiatives in Audit Mode
I have a policy initiative set to Audit mode in Azure and would like to create a dashboard for it. Additionally, I want to provide access to other team members for better visibility. What is the best approach to achieve this?
Feature Request: Enable Granular Exemptions for Azure Policy on Key Vault Secrets
We require a mechanism to exempt specific secrets from the Azure Policy assignment: "Secrets should have the specified maximum validity period." However, we have encountered several limitations in achieving this. Below is a summary of our…
Policy to deny VM & VMSS creation with installing the Entra ID (formerly AAD) extension on them
Can we have a custom policy to deny VM & VMSS creation with installing the Entra ID (formerly AAD) extension on them, Also I there a way to auto remediate and install VM extention for Entra ID (formerly AAD) extension on linux and windows VMs
Set up notifications for Root Tenant Group assigments
Set up notifications for Root Tenant Group assigments azurerm_role_management_policy I am trying to enable notification(email to slack channel) whenever someone requests for PIM role activiation. The slack channel contains the admins who can approve the…
Need help in creating a custom policy which will auto remediate MySQL Flexible servers to TLS Version 1.2
I need help in creating a azure policy which will auto remediate MySQL Flexible Server from Older TLS Versions to Newer TLS Version (Version 1.2).
'Microsoft.Network/networkManagers/networkGroups/join/action' permission
When I try to create a policy on an Azure policy on a Network Manager managed group, I get the following error (both in bicep code and also when using the Azure UI). Anybody has run into this? Specifically is…
Is it possible to deny vnet peering between subscriptions that are in different management groups with azure policy ?
Hi, We are in the process of setting up sandbox subscriptions in a dedicated management group and we would like to deny vnet peerings between these subscriptions and production subscriptions which are also in their dedicated management group. Vnet…