Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
961 questions
1 answer
how can i re -enable my disabled azure subscription?
To protect the security and privacy of your account, we perform routine audits of all Azure subscriptions. During one of these audits, we identified suspicious activity in your subscription that violates the Microsoft Acceptable Use Policy. We’ve…
asked 2025-02-10T07:58:29.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 11%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ajay Singh
0
Reputation points
commented 2025-02-18T16:45:15.6233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 32%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pavan Minukuri
1,215
Reputation points Microsoft Vendor
1 answer
Configure Azure Activity logs to stream to specified Storage account from all subscriptions
I want to Configure Azure Activity logs to stream to specified Storage account from all subscriptions, is there any Built In policy available which can be leveraged to send activity logs from all subscription to a pre-defined storage account.
asked 2025-01-21T15:16:39.2166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 46%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Kaushik Ray
0
Reputation points
commented 2025-02-18T16:36:28.15+00:00
Pavan Minukuri
1,215
Reputation points Microsoft Vendor
2 answers
One of the answers was accepted by the question author.
DORA Regulations and Azure CSP (Reseller)
Hi team - we have customers asking us for DORA addendums in their Azure contracts - as they are in our CSP model, that would fall under the MCA framework - what is the guidance from Microsoft on that, has the MCA been updated so that it is fit for…
asked 2025-01-17T17:25:08.6266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 74%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
Cristian Nedelcu
20
Reputation points
answered 2025-02-18T16:07:52.77+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 24%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
Carl Vanden Eynde
0
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
ISO27001:2013
Hello, I have noticed that my VMs running Linux Ubuntu 24.04 LTS are not compliant with the following policies: 7f89b1eb-583c-429a-8828-af049802c1d9 (Audit diagnostic setting for selected resource types) 32133ab0-ee4b-4b44-98d6-042180979d50 ([Preview]:…
asked 2025-02-17T14:08:59.2933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 57.99999999999999%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVL%3C/text%3E%3C/svg%3E)
Vondál Matouš
20
Reputation points
commented 2025-02-18T15:02:54.3633333+00:00
Vondál Matouš
20
Reputation points
0 answers
Azure Resource Graph (ARG) Query to List All Failed Policy Deployments
When using Azure Policy, in particular a policy with Deploy If Not Exist (DINE), naturally the policy will try to remediate anything that doesn't align to the policy definition. However, if there is something that prevents the Policy Deployment from…
asked 2025-02-07T17:18:21.59+00:00
Adin Ermie
0
Reputation points
commented 2025-02-18T05:43:44.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 47%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Rahul Podila
1,825
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Private DNS zone with virtual network link on creation.
We currently have a hub and spoke setup with our Custom DNS on a single Subscription. what we want to do is if new DNS zones are created they get linked to the Custome DNS Vnet. Could this be done by azure policy
asked 2022-05-26T15:07:37.027+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 80%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM5%3C/text%3E%3C/svg%3E)
Matthew-5454
21
Reputation points
accepted 2025-02-17T17:46:56.69+00:00
Matthew-5454
21
Reputation points
1 answer
One of the answers was accepted by the question author.
I am facing an issue with Azure Policy.
I am trying to enforce a tag on all my VMs. I have created a policy definition with a modify effect that adds the tag env with a value of prod if its missing. The policy assignment is at the subscription level. New VMs are getting tagged correctly, which…
asked 2025-02-17T06:21:43.3033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 45%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
SirishSinghania
20
Reputation points
accepted 2025-02-17T06:34:32.8+00:00
SirishSinghania
20
Reputation points
1 answer
Geo-fencing on complete azure solution
Hi Team, I want my azure subscription and its resource to be only accessible from specific countries like US, India, Canada & Austrailai
asked 2025-01-27T05:32:10.2366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 11%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Sagar Verma
0
Reputation points
commented 2025-02-17T03:54:39.5366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 63%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Ashok Gandhi Kotnana
3,455
Reputation points Microsoft Vendor
2 answers
One of the answers was accepted by the question author.
Generate Azure Policy compliance report with resource list
I am looking for a way to generate a report for Azure Policy compliance, which contains azure policies under a targeted Initiative, compliance against each azure policy under this initiative, including compliant and non-compliant resource list. At the…
asked 2025-02-12T16:28:45.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rakesh Singh
330
Reputation points
answered 2025-02-17T03:09:26.6266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 72%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Naveena Patlolla
320
Reputation points Microsoft Vendor
1 answer
How can I discover all necessary permissions to use a Azure Policy with least privileges
The Problem Hey I working for a project that will implement azure policies to secure the platform. We have to follow the policies of our customer. One of this policies is, to use always the concept of least privileges. If we take a look in the Policy…
asked 2024-09-04T12:37:55.9266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 17%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
Rust, Christopher
0
Reputation points
commented 2025-02-14T07:38:24.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 10%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYD%3C/text%3E%3C/svg%3E)
Yordan Dimov
45
Reputation points
2 answers
One of the answers was accepted by the question author.
How can I limit an application access to view only a subset of the users in Microsoft Graph API, MS Teams endpints?
What are the methods to restrict an application, that is using the Microsoft Graph API to fetch users conversations, access so that it can only view data of Microsoft Teams endpoints for a specific subset of users, ?
Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,890 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,068 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
961 questions
asked 2025-02-13T12:55:02.2133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 54%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Noga Malach
20
Reputation points
accepted 2025-02-13T18:01:44.01+00:00
Noga Malach
20
Reputation points
1 answer
Policy to deny VM & VMSS creation with installing the Entra ID (formerly AAD) extension on them
Can we have a custom policy to deny VM & VMSS creation with installing the Entra ID (formerly AAD) extension on them, Also I there a way to auto remediate and install VM extention for Entra ID (formerly AAD) extension on linux and windows VMs
asked 2024-10-24T10:38:28.84+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 64%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
Virender Rathore
0
Reputation points
commented 2025-02-12T23:54:21.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 57.99999999999999%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC5%3C/text%3E%3C/svg%3E)
coffeebreak-5773
5
Reputation points
3 answers
One of the answers was accepted by the question author.
Use Azure Policy to manage Extensions Allow- and Blocklist on Azure Arc Connected Machines
Is there a way to manage Extensions Allow- and Blocklist for Azure Arc Connected Machines? As mentioned in this KB-Article, it should be possible. But it is not precisely stated, if this works only for Azure VMs, or if this also applies for Arc…
asked 2025-01-17T06:39:32.7166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 15%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
Lukas Berger
20
Reputation points
accepted 2025-02-11T09:26:56.29+00:00
Lukas Berger
20
Reputation points
1 answer
Azure Policy Definition false match against null value triggering non-compliance
I'm confused about the compliance result I'm getting against a test NSG of mine. I've tried the policy rule with "equals" and "match" with the same result. Basically, the policy rule says the current value must not match the target…
asked 2025-01-28T17:06:07.12+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 40%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDJ%3C/text%3E%3C/svg%3E)
DICKENS Jesse * DAS
0
Reputation points
commented 2025-02-11T01:40:56.71+00:00
DICKENS Jesse * DAS
0
Reputation points
3 answers
One of the answers was accepted by the question author.
Restrict Savings Plan creation outside specified subscription in Mgmt group via Azure Policy
Using Terraform/Azure Policies, I want to restrict the creation of savings plans only to one of our subscriptions i.e Prod. We have more than 10 subscriptions in the tenant in different management groups. Since Savings Plans don't have a straightforward…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 39%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
1 answer
I needed assistance on my KQL query with regards to Policy | Compliance data
Hi, I needed help for my Defender for Cloud workbook. The following KQL allows me to show the selected custom policies or initiatives (from Control parameter) in a table. Unfortunately, I am unable to figure out how to improve the KQL to show the data…
asked 2025-01-26T17:52:37.5233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 33%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEY%3C/text%3E%3C/svg%3E)
Eric Yong Sze Guan
0
Reputation points
edited a comment 2025-02-05T03:17:15.78+00:00
Eric Yong Sze Guan
0
Reputation points
1 answer
AD B2C Custom Policies auto-account-linking
I am currently trying to replicate the following custom policy sample: https://github.com/azure-ad-b2c/samples/tree/master/policies/auto-account-linking I generated all the needed things with the setup tool from the documentation, everything seems to…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 39%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETC%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 13%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
2 answers
Azure initiative for ISO 27001:2022
We have to implement ISO 27001:2022 at Azure Switzerlan. Is there an azure initiative for ISO 27001:2022? There is currently one for ISO27001:2013. Does anyone know what should be changed for 27001:2022?
asked 2023-11-03T06:41:04.88+00:00
Martin Egli
120
Reputation points
commented 2025-01-30T22:03:32.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 77%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Steve Burkett
1
Reputation point
1 answer
One of the answers was accepted by the question author.
Need help on azure policy for Virtual network Subnet Creation
I want to create a policy where is the Virtual Network subnet prefix is less then /24 then the policy should block the subnet creation. I have below sample policy but it is not working. Can you please help. { …
asked 2025-01-29T11:19:35.4333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 17%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rajnish Soni
40
Reputation points
accepted 2025-01-30T05:06:49.51+00:00
Rajnish Soni
40
Reputation points
1 answer
One of the answers was accepted by the question author.
Enforcement Mode Enabled
Hello, In the diagram below: In best practice framework - the1st aspect is assign with enforcement mode disabled. Ok. Is it correct to say that the 2nd aspect is assign with enforcement mode…
asked 2025-01-28T12:22:37.4666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 33%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Marouf Ali
680
Reputation points
accepted 2025-01-28T13:03:44.2233333+00:00
Marouf Ali
680
Reputation points