The 'azure-policy' tag is meant to be used on all questions related to authoring, assigning, and grouping of Azure Policy definitions and initiatives. This will improve the visibility of the questions to both the community and Azure Governance product team.
Questions tagged [azure-policy]
480 questions
2
votes
2 answers
How do I disable response buffering in API Management and force immediate flush?
I have a http triggered Azure Function with a canned response returning a collection of json objects. The response is flushed every 10 objects with a 2 second delay in between.
When calling this endpoint directly to the Function I receive the…
MrPanucci
- 497
- 2
- 11
2
votes
0 answers
Extending the application session token time by configuring Sign-in frequency in Azure AD Condition Access Policy doesn't work
We have tried extending the session token time of an openid application on-boarded in Azure AD by configuring Sign-in frequency in Azure AD Condition Access Policy as suggested in the below MS document…
Rajat
- 57
- 3
- 9
2
votes
1 answer
How do I combine multiple statements in an Azure policy definition?
I want to create a custom Azure Policy JSON that reads through Azure resources and makes sure that it is following our standardized naming convention. For example, I am trying to set it up for virtual machines, cloud services, and Redis…
Jonathan Nguyen
- 21
- 1
- 3
2
votes
1 answer
Azure Policy - CosmoDB Resctriction on RU (Throughout)
I want to deny if someone is creating more than 600 ru/s throughout. Here's my policy rule :
{
"if": {
"allOf": [
{
"field": "type",
"equals":…
hi5ka
- 65
- 2
- 5
2
votes
1 answer
Azure Policy: Delete lock on resource group
I try do use Azure Policy to check if all resource groups in my production subscription have a "CanNotDelete" lock.
I built a policy inspired by this question, the result can be found below.
While testing this, I found out that resource groups…
Alex AIT
- 17,361
- 3
- 36
- 73
2
votes
1 answer
How to enforce naming pattern such as "*-*-asp" using Azure policy?
I am trying to enforce Azure resource naming pattern for prod/dev/uat environments, the suggested pattern is [service name]-[environment]-[resource short name]. Is there a way to enforce this using Azure policy? It appears that Azure policy…
user527614
- 465
- 5
- 19
2
votes
1 answer
Azure (Policy/RBAC/MFA) - how to block user
I do have users assigned as Owners to Subs. I also have MFA forced for set of users, not all from AAD.
I am trying to find a solution (policy?) where I can block Owner of Subscription from adding a user to Sub without MFA solution applied yet. Only…
maras2002
- 193
- 5
2
votes
1 answer
Azure Policy: Deny If Owner Tag Does Not Exist Or Isn't Email Address
How do I write an Azure policy that only allows resources to be created if both of these conditions are met:
The resource has an "Owner" tag assigned to it
The value of the "Owner" tag is a valid email address format
EDIT: I'd only do simple email…
opticyclic
- 7,412
- 12
- 81
- 155
2
votes
1 answer
Appending tag policy isn't working for some resources
I'm creating one azure policy to appending tags to newly created resources, it works well for most components, but I found this policy is not working for some components, for example: logic apps.
{
"mode": "All",
"parameters": {
…
Kevin Xiong
- 153
- 13
1
vote
1 answer
The template deployment failed - Any Mistake in the bicep template code or it's really policy violation
// Creates an Azure Bastion Subnet and host in the specified virtual network
@description('The Azure region where the Bastion should be deployed')
param location string = resourceGroup().location
@description('Virtual network name')
param vnetName…
anon
1
vote
1 answer
Azure Policy - Deny creation of new vnets if the new vnets CIDR exist already in any vnet rource in management group level
I am trying to create an Azure Policy that denies the creation of new VNets if the CIDR of the new VNet matches any existing VNet resources at the management group level. This is to ensure that we do not have any overlapping IP addresses, which can…
Bolaji Yusuf
- 11
- 1
1
vote
0 answers
Prevent rename of Azure Subscriptions without custom RBAC roles (possibly using Azure Policy)
In Azure, users with the 'Owner' or 'Contributor' role assigned to a Subscription are able to rename it via the Portal. In order to enforce a consistent naming scheme, we would like to prevent subscription renames after they have been created.
This…
jamiecon
- 1,770
- 3
- 19
- 32
1
vote
1 answer
Deploy Azure Initiative (set definition) with Azure PowerSHell
My current task is to take all of our azure policy definitions and initiatives and define them as code. then upload them through azure pipelines.
This has gone fine when working with policy definitions. However I run into trouble, when i try to…
SorenDK12
- 39
- 3
1
vote
1 answer
Pathing Issues with paths inside the powershell script
I am trying to create our Azure Policies as code. To do this i have exported all of our Azure policies into json format, and then i which to upload/create the policies with an azure powershell script.
The actual problems arises when i try to execute…
SorenDK12
- 39
- 3
1
vote
1 answer
Azure policy not working on certain resources?
I am trying to set up a naming convention policy on some resources but it is not working.
The resources that don't work :
SQL database : field type = Microsoft.Sql/servers/databases
Function APP : field type = Microsoft.Web/sites
SQL Server : field…
Charline
- 11
- 1