Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
965 questions
0 answers
Azure policy to allow tags with certain names (value doesn't matter)
Hi everyone, I have a list of allowed tags, I don't mean the value that the tag contains but only the name of the tag. The purpose of this is that all the tenant's resources only have tags that are included in this list. Because of this I need a policy…
asked 2025-02-19T08:57:35.4566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 23%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Javier Garcia Maroto
0
Reputation points
commented 2025-02-21T19:07:27.7233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 31%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
Vinod Pittala
330
Reputation points Microsoft Vendor
0 answers
An activity log alert should exist for specific Security operations : Wrong category in the rules sec
Hello Team, I Have assigned policy CIS Microsoft Azure Foundations Benchmark v2.0.0 to my subscription. I have created alerts for the required policy but still it showing non compliance. Upon further researching it seems there is some bug in the Policy…
asked 2025-02-21T16:30:50.9+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 60%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFT%3C/text%3E%3C/svg%3E)
Fahim Thanawala
0
Reputation points
asked 2025-02-21T16:30:50.9+00:00
Fahim Thanawala
0
Reputation points
3 answers
azure policy to check managedby property of resource group
hi, i m trying to create azure policy to make sure the mangedby property is set when creating resources group using terraform. { "field": "type", "equals": "Microsoft.Resources/resourceGroups/managedBy" } but…
asked 2024-05-06T10:44:22.3766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 83%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
Dharmaraj
0
Reputation points
answered 2025-02-21T15:33:47.67+00:00
Dakir, Imade
20
Reputation points
1 answer
Unable to make the policy "An activity log alert should exist for specific administrative operations" compliance
Hello All, We have applied Azure CIS Azure Foundations v2.1.0 Regulatory Compliance on our subscription. Some of the policy among the initiative is not getting compliance, Below is the initiative for the NSG. I have created alert for the NSG creation…
asked 2025-02-20T18:40:41.2833333+00:00
Fahim Thanawala
0
Reputation points
answered 2025-02-21T06:51:57.94+00:00
Stanislav Zhelyazkov
26,256
Reputation points MVP
0 answers
I want to add a policy using Azure policy that ensures that anonymous users cannot login or see my Azure storage. I'm getting an error.
I want to add a policy using Azure policy that ensures that anonymous users cannot login or see my Azure storage. I'm getting an error when using the JSON script that help tells me to use.
asked 2025-02-20T00:55:41.1+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 16%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Scott Chamberlin
0
Reputation points
edited a comment 2025-02-20T08:36:49.8033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 72%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Naveena Patlolla
400
Reputation points Microsoft Vendor
0 answers
Azure Resource Graph (ARG) Query to List All Failed Policy Deployments
When using Azure Policy, in particular a policy with Deploy If Not Exist (DINE), naturally the policy will try to remediate anything that doesn't align to the policy definition. However, if there is something that prevents the Policy Deployment from…
asked 2025-02-07T17:18:21.59+00:00
Adin Ermie
0
Reputation points
commented 2025-02-20T00:47:29.3333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 47%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Rahul Podila
1,830
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
ISO27001:2013
Hello, I have noticed that my VMs running Linux Ubuntu 24.04 LTS are not compliant with the following policies: 7f89b1eb-583c-429a-8828-af049802c1d9 (Audit diagnostic setting for selected resource types) 32133ab0-ee4b-4b44-98d6-042180979d50 ([Preview]:…
asked 2025-02-17T14:08:59.2933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 57.99999999999999%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVL%3C/text%3E%3C/svg%3E)
Vondál Matouš
25
Reputation points
edited the question 2025-02-19T01:20:04.21+00:00
Rahul Podila
1,830
Reputation points Microsoft Vendor
1 answer
how can i re -enable my disabled azure subscription?
To protect the security and privacy of your account, we perform routine audits of all Azure subscriptions. During one of these audits, we identified suspicious activity in your subscription that violates the Microsoft Acceptable Use Policy. We’ve…
asked 2025-02-10T07:58:29.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 11%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ajay Singh
0
Reputation points
commented 2025-02-18T16:45:15.6233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 32%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pavan Minukuri
1,220
Reputation points Microsoft Vendor
1 answer
Configure Azure Activity logs to stream to specified Storage account from all subscriptions
I want to Configure Azure Activity logs to stream to specified Storage account from all subscriptions, is there any Built In policy available which can be leveraged to send activity logs from all subscription to a pre-defined storage account.
asked 2025-01-21T15:16:39.2166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 46%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKR%3C/text%3E%3C/svg%3E)
Kaushik Ray
0
Reputation points
commented 2025-02-18T16:36:28.15+00:00
Pavan Minukuri
1,220
Reputation points Microsoft Vendor
2 answers
One of the answers was accepted by the question author.
DORA Regulations and Azure CSP (Reseller)
Hi team - we have customers asking us for DORA addendums in their Azure contracts - as they are in our CSP model, that would fall under the MCA framework - what is the guidance from Microsoft on that, has the MCA been updated so that it is fit for…
asked 2025-01-17T17:25:08.6266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 74%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
Cristian Nedelcu
20
Reputation points
answered 2025-02-18T16:07:52.77+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 24%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
Carl Vanden Eynde
0
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Private DNS zone with virtual network link on creation.
We currently have a hub and spoke setup with our Custom DNS on a single Subscription. what we want to do is if new DNS zones are created they get linked to the Custome DNS Vnet. Could this be done by azure policy
asked 2022-05-26T15:07:37.027+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 80%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM5%3C/text%3E%3C/svg%3E)
Matthew-5454
21
Reputation points
accepted 2025-02-17T17:46:56.69+00:00
Matthew-5454
21
Reputation points
1 answer
One of the answers was accepted by the question author.
I am facing an issue with Azure Policy.
I am trying to enforce a tag on all my VMs. I have created a policy definition with a modify effect that adds the tag env with a value of prod if its missing. The policy assignment is at the subscription level. New VMs are getting tagged correctly, which…
asked 2025-02-17T06:21:43.3033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 45%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
SirishSinghania
20
Reputation points
accepted 2025-02-17T06:34:32.8+00:00
SirishSinghania
20
Reputation points
1 answer
Geo-fencing on complete azure solution
Hi Team, I want my azure subscription and its resource to be only accessible from specific countries like US, India, Canada & Austrailai
asked 2025-01-27T05:32:10.2366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 11%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESV%3C/text%3E%3C/svg%3E)
Sagar Verma
0
Reputation points
commented 2025-02-17T03:54:39.5366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 63%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Ashok Gandhi Kotnana
3,540
Reputation points Microsoft Vendor
2 answers
One of the answers was accepted by the question author.
Generate Azure Policy compliance report with resource list
I am looking for a way to generate a report for Azure Policy compliance, which contains azure policies under a targeted Initiative, compliance against each azure policy under this initiative, including compliant and non-compliant resource list. At the…
asked 2025-02-12T16:28:45.67+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 89%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rakesh Singh
350
Reputation points
answered 2025-02-17T03:09:26.6266667+00:00
Naveena Patlolla
400
Reputation points Microsoft Vendor
1 answer
How can I discover all necessary permissions to use a Azure Policy with least privileges
The Problem Hey I working for a project that will implement azure policies to secure the platform. We have to follow the policies of our customer. One of this policies is, to use always the concept of least privileges. If we take a look in the Policy…
asked 2024-09-04T12:37:55.9266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 17%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERC%3C/text%3E%3C/svg%3E)
Rust, Christopher
0
Reputation points
commented 2025-02-14T07:38:24.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 10%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYD%3C/text%3E%3C/svg%3E)
Yordan Dimov
45
Reputation points
2 answers
One of the answers was accepted by the question author.
How can I limit an application access to view only a subset of the users in Microsoft Graph API, MS Teams endpints?
What are the methods to restrict an application, that is using the Microsoft Graph API to fetch users conversations, access so that it can only view data of Microsoft Teams endpoints for a specific subset of users, ?
Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
10,898 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
13,113 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
965 questions
asked 2025-02-13T12:55:02.2133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 54%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENM%3C/text%3E%3C/svg%3E)
Noga Malach
20
Reputation points
accepted 2025-02-13T18:01:44.01+00:00
Noga Malach
20
Reputation points
1 answer
Policy to deny VM & VMSS creation with installing the Entra ID (formerly AAD) extension on them
Can we have a custom policy to deny VM & VMSS creation with installing the Entra ID (formerly AAD) extension on them, Also I there a way to auto remediate and install VM extention for Entra ID (formerly AAD) extension on linux and windows VMs
asked 2024-10-24T10:38:28.84+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 64%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVR%3C/text%3E%3C/svg%3E)
Virender Rathore
0
Reputation points
commented 2025-02-12T23:54:21.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 57.99999999999999%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC5%3C/text%3E%3C/svg%3E)
coffeebreak-5773
5
Reputation points
3 answers
One of the answers was accepted by the question author.
Use Azure Policy to manage Extensions Allow- and Blocklist on Azure Arc Connected Machines
Is there a way to manage Extensions Allow- and Blocklist for Azure Arc Connected Machines? As mentioned in this KB-Article, it should be possible. But it is not precisely stated, if this works only for Azure VMs, or if this also applies for Arc…
asked 2025-01-17T06:39:32.7166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 15%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
Lukas Berger
20
Reputation points
accepted 2025-02-11T09:26:56.29+00:00
Lukas Berger
20
Reputation points
1 answer
Azure Policy Definition false match against null value triggering non-compliance
I'm confused about the compliance result I'm getting against a test NSG of mine. I've tried the policy rule with "equals" and "match" with the same result. Basically, the policy rule says the current value must not match the target…
asked 2025-01-28T17:06:07.12+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 40%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDJ%3C/text%3E%3C/svg%3E)
DICKENS Jesse * DAS
0
Reputation points
commented 2025-02-11T01:40:56.71+00:00
DICKENS Jesse * DAS
0
Reputation points
3 answers
One of the answers was accepted by the question author.
Restrict Savings Plan creation outside specified subscription in Mgmt group via Azure Policy
Using Terraform/Azure Policies, I want to restrict the creation of savings plans only to one of our subscriptions i.e Prod. We have more than 10 subscriptions in the tenant in different management groups. Since Savings Plans don't have a straightforward…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 39%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)