Standard Azure Naming policy creation

Question

Microsoft support team is unable to solve the problem.

{

"properties": {

"displayName": "Virtual Machine Naming Policy",

"policyType": "Custom",

"mode": "All",

"metadata": {

  "createdBy": "user@example.com",

  "createdOn": "2024-09-18T04:27:23.1187877Z",

  "updatedBy": "user@example.com",

  "updatedOn": "2024-09-18T04:42:36.4218944Z",

  "category": "Naming Convention"

},

"policyRule": {

  "if": {

    "allOf": [

      {

        "field": "type",

        "equals": "Microsoft.Compute/virtualMachines"

      },

      {

        "field": "name",

        "notMatch": "^vm-[a-z0-9]+-(dev|prod|uat)-(uks|ukw)-[0-9]{3}$"

      }

    ]

  },

  "then": {

    "effect": "deny"

  }

}

}

}

Problem - Policy is enforing but policy exit is not happing even correct name. Looking for some guidence.

Key Updates:

1. Regex Simplified: The regex ^vm-[a-z0-9]+-(dev|prod|uat)-(uks|ukw)-[0-9]{3}$ allows more flexibility in naming conventions while still enforcing basic structure.
   • vm-: VM name must start with "vm-".
     • [a-z0-9]+: Project name or identifier (alphanumeric).
       • (dev|prod|uat): Environment.
         • (uks|ukw): Region.
           • [0-9]{3}: A 3-digit number for uniqueness.

Example Names that Pass:

• vm-project123-dev-uks-001
• vm-app45-prod-ukw-100

Answer 1

Hi,

You cannot achieve that. You are using notMatch condition. That condition does not support regex, it only supports: "a hashtag (#) to match a digit, question mark (?) for a letter, and a dot (.) to match any character, and any other character to match that actual character.". There isn't a policy condition that supports regex. In such case either do not create such policy or create policy that does not meets all your needs but it uses values that are applicable for the conditions.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.