how can i re -enable my disabled azure subscription?
To protect the security and privacy of your account, we perform routine audits of all Azure subscriptions. During one of these audits, we identified suspicious activity in your subscription that violates the Microsoft Acceptable Use Policy. We’ve…
Configure Azure Activity logs to stream to specified Storage account from all subscriptions
I want to Configure Azure Activity logs to stream to specified Storage account from all subscriptions, is there any Built In policy available which can be leveraged to send activity logs from all subscription to a pre-defined storage account.
DORA Regulations and Azure CSP (Reseller)
Hi team - we have customers asking us for DORA addendums in their Azure contracts - as they are in our CSP model, that would fall under the MCA framework - what is the guidance from Microsoft on that, has the MCA been updated so that it is fit for…
ISO27001:2013
Hello, I have noticed that my VMs running Linux Ubuntu 24.04 LTS are not compliant with the following policies: 7f89b1eb-583c-429a-8828-af049802c1d9 (Audit diagnostic setting for selected resource types) 32133ab0-ee4b-4b44-98d6-042180979d50 ([Preview]:…
Azure Resource Graph (ARG) Query to List All Failed Policy Deployments
When using Azure Policy, in particular a policy with Deploy If Not Exist (DINE), naturally the policy will try to remediate anything that doesn't align to the policy definition. However, if there is something that prevents the Policy Deployment from…
![](https://techprofile.blob.core.windows.net/images/e3b24b33a24b479ab16c1883dc177240.png)
Private DNS zone with virtual network link on creation.
We currently have a hub and spoke setup with our Custom DNS on a single Subscription. what we want to do is if new DNS zones are created they get linked to the Custome DNS Vnet. Could this be done by azure policy
I am facing an issue with Azure Policy.
I am trying to enforce a tag on all my VMs. I have created a policy definition with a modify effect that adds the tag env with a value of prod if its missing. The policy assignment is at the subscription level. New VMs are getting tagged correctly, which…
Geo-fencing on complete azure solution
Hi Team, I want my azure subscription and its resource to be only accessible from specific countries like US, India, Canada & Austrailai
Generate Azure Policy compliance report with resource list
I am looking for a way to generate a report for Azure Policy compliance, which contains azure policies under a targeted Initiative, compliance against each azure policy under this initiative, including compliant and non-compliant resource list. At the…
How can I discover all necessary permissions to use a Azure Policy with least privileges
The Problem Hey I working for a project that will implement azure policies to secure the platform. We have to follow the policies of our customer. One of this policies is, to use always the concept of least privileges. If we take a look in the Policy…
How can I limit an application access to view only a subset of the users in Microsoft Graph API, MS Teams endpints?
What are the methods to restrict an application, that is using the Microsoft Graph API to fetch users conversations, access so that it can only view data of Microsoft Teams endpoints for a specific subset of users, ?
Policy to deny VM & VMSS creation with installing the Entra ID (formerly AAD) extension on them
Can we have a custom policy to deny VM & VMSS creation with installing the Entra ID (formerly AAD) extension on them, Also I there a way to auto remediate and install VM extention for Entra ID (formerly AAD) extension on linux and windows VMs
Use Azure Policy to manage Extensions Allow- and Blocklist on Azure Arc Connected Machines
Is there a way to manage Extensions Allow- and Blocklist for Azure Arc Connected Machines? As mentioned in this KB-Article, it should be possible. But it is not precisely stated, if this works only for Azure VMs, or if this also applies for Arc…
Azure Policy Definition false match against null value triggering non-compliance
I'm confused about the compliance result I'm getting against a test NSG of mine. I've tried the policy rule with "equals" and "match" with the same result. Basically, the policy rule says the current value must not match the target…
Restrict Savings Plan creation outside specified subscription in Mgmt group via Azure Policy
Using Terraform/Azure Policies, I want to restrict the creation of savings plans only to one of our subscriptions i.e Prod. We have more than 10 subscriptions in the tenant in different management groups. Since Savings Plans don't have a straightforward…
I needed assistance on my KQL query with regards to Policy | Compliance data
Hi, I needed help for my Defender for Cloud workbook. The following KQL allows me to show the selected custom policies or initiatives (from Control parameter) in a table. Unfortunately, I am unable to figure out how to improve the KQL to show the data…
AD B2C Custom Policies auto-account-linking
I am currently trying to replicate the following custom policy sample: https://github.com/azure-ad-b2c/samples/tree/master/policies/auto-account-linking I generated all the needed things with the setup tool from the documentation, everything seems to…
Azure initiative for ISO 27001:2022
We have to implement ISO 27001:2022 at Azure Switzerlan. Is there an azure initiative for ISO 27001:2022? There is currently one for ISO27001:2013. Does anyone know what should be changed for 27001:2022?
![](https://techprofile.blob.core.windows.net/images/bdEkjwFAAwAAAAAAAAAAAA.png?8DBC4E)
Need help on azure policy for Virtual network Subnet Creation
I want to create a policy where is the Virtual Network subnet prefix is less then /24 then the policy should block the subnet creation. I have below sample policy but it is not working. Can you please help. { …
Enforcement Mode Enabled
Hello, In the diagram below: In best practice framework - the1st aspect is assign with enforcement mode disabled. Ok. Is it correct to say that the 2nd aspect is assign with enforcement mode…