Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
992 questions
0 answers
Unable to Redeem Azure for Students Subscription with GitHub Student Developer Pack
Hello, I am a verified member of the GitHub Student Developer Pack and trying to activate the Azure for Students offer. However, I am unable to redeem the subscription through the GitHub flow. I’ve already ensured that: My GitHub account is verified for…
asked 2025-04-26T04:19:53.42+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 16%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
Vijay Maru
0
Reputation points
commented 2025-04-29T05:28:08.05+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 77%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Srinivasa Reddy Jaggavarapu
625
Reputation points Microsoft External Staff
0 answers
Troubleshooting Azure B2C MFA Integration with Application
I am setting up Azure B2C integration with our application. I want to enable two-factor authentication (MFA) where the user can choose between phone or email for the verification process. When I select MFA via phone and enter the code I receive, I am…
asked 2025-04-21T14:21:23.0866667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 2%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
Paulina Romanova
0
Reputation points
commented 2025-04-28T18:12:22.15+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 82%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVD%3C/text%3E%3C/svg%3E)
Vigneshwar Duvva
330
Reputation points Microsoft External Staff
0 answers
Allow deployments only from Terraform using Azure Policy
Hi Team, Is it possible to block all deployments and allow it only from Terraform? I tried this but it didn't work. { "not": { "anyOf": [ { "field":…
asked 2025-03-26T14:00:40.9233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 53%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Logan
0
Reputation points
commented 2025-04-28T07:22:47.2866667+00:00
SadiqhAhmed-MSFT
48,706
Reputation points Microsoft Employee
1 answer
Extract all the initiative (definition type) along with all the policy inside that initiative
Is there a way to extract all the initiative (definition type) along with all the policy inside that initiative? This could either be a separate script that outputs initiative and policies mapped against it or, if possible, integrated into the existing…
asked 2025-04-14T15:26:42.4566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 68%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ankit Sharma
20
Reputation points
commented 2025-04-25T07:24:53.0566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 63%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Ashok Gandhi Kotnana
6,040
Reputation points Microsoft External Staff
1 answer
how to fix "You must be in good standing" issue for azure
i can't sign in to my azure account. i have already given my student account for verification and it was verified successfully without any issue, but when i then get redirected to make the account on azure (sign up) , it asks for mobile number…
asked 2025-04-19T04:22:36.8766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 68%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMK%3C/text%3E%3C/svg%3E)
Mohit Kumar
0
Reputation points
edited an answer 2025-04-24T01:30:34.57+00:00
Srinivasa Reddy Jaggavarapu
625
Reputation points Microsoft External Staff
1 answer
list of the custom Permission is required to implement the Azure policy at management group level
i would like to create the custom role to implement the azure policy at management group level please let me know the required permissions to add in the custom IAM Role
asked 2025-04-19T14:51:07.7266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 57.00000000000001%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERS%3C/text%3E%3C/svg%3E)
Rajesh S
36
Reputation points
commented 2025-04-23T07:39:07.2633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 31%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
Vinod Pittala
1,600
Reputation points Microsoft External Staff
1 answer
One of the answers was accepted by the question author.
How do I rectify a disabled Azure Subscription?
My Azure Subscription 1 was disabled due to suspicious activity. To me, this was an error. How do I rectify this? Also, I can not access Support to create a Ticket to submit to the Security Team. Can you assist?
asked 2025-04-22T14:37:22.69+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 39%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Simba Bryn Mahaja
80
Reputation points
commented 2025-04-22T16:08:12.7566667+00:00
Simba Bryn Mahaja
80
Reputation points
1 answer
One of the answers was accepted by the question author.
Issue with Policy Enforcement on Storage Account Encryption
hello! I have an issue with the policy titled "Storage account encryption scopes should use customer-managed keys to encrypt data at rest" that I have enabled with "DENY" effect on my management group scope. Despite this policy…
asked 2025-04-21T22:43:20.0733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 44%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDO%3C/text%3E%3C/svg%3E)
Daniel Omonemu
20
Reputation points
accepted 2025-04-22T07:31:21.7866667+00:00
Daniel Omonemu
20
Reputation points
8 answers
Exempt Azure policy for Users in specific AD group?
Hello, Is it possible to bypass Azure policy for specific AD users or AD groups while creating objects in AKS
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 68%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
1 answer
Access Denied / Locked out by Policy
I am the owner of subscription 4021f9f5-930c-4b71-a9b9-3b594634f5d3 and I accidentally applied an Azure Policy or access restriction that has revoked my own permissions, including access to create or view resource groups, policies, or role assignments. I…
asked 2025-04-12T08:22:30.6+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 48%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sajith M
0
Reputation points
commented 2025-04-16T09:44:18.11+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 72%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENP%3C/text%3E%3C/svg%3E)
Naveena Patlolla
1,720
Reputation points Microsoft External Staff
1 answer
One of the answers was accepted by the question author.
Generate Azure Policy Compliance Report with Display Name and Description Mapped for Policy Definitions
I am able to export Azure Policy compliance data using the Get-AzPolicyState command, but the resulting CSV only includes Policy ID or Policy Definition ID, not the associated Policy Display Name or Policy Description. For ease of use and to better…
asked 2025-04-08T04:47:13.3933333+00:00
Ankit Sharma
20
Reputation points
accepted 2025-04-14T15:27:06.1966667+00:00
Ankit Sharma
20
Reputation points
1 answer
Autho failure after delete scope from assignment
Accidentally deleted the scope from the assignment table, which has deleted the admin access from the account. Unable to create a service request within azure portal. Posting here for any luck
asked 2025-03-03T01:47:56.86+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 13%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Joshua P
0
Reputation points
answered 2025-04-11T09:54:16.8066667+00:00
Ashok Gandhi Kotnana
6,040
Reputation points Microsoft External Staff
2 answers
Azure policy rule with condition of contains from a params array
Is it possible to create a policy rule that use the contains function but receive an array? for example: block ip 1.1.1.1/32 from the security rule if the array of the params is ["1.1.1.1", "2.2.22"]
asked 2025-04-08T13:37:31.4766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 73%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
DanaR
0
Reputation points
answered 2025-04-10T12:15:23.0933333+00:00
Alex Burlachenko
4,385
Reputation points
1 answer
One of the answers was accepted by the question author.
Azure policy - IP Addresses range
Hi. I want to create an Azure Policy Definition that denies any NSG rule allowing inbound traffic from the source IP 1.2.3.4. Specifically, I want to block any NSG rule that permits traffic to any address range containing 1.2.3.4 using CIDR notation,…
asked 2025-04-01T13:13:19.42+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 85%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECD%3C/text%3E%3C/svg%3E)
chen dgani
60
Reputation points
commented 2025-04-03T12:57:07.39+00:00
Naveena Patlolla
1,720
Reputation points Microsoft External Staff
1 answer
One of the answers was accepted by the question author.
Azure policy for role assignments
Hi @Stanislav Zhelyazkov , i have a question: { "mode": "All", "policyRule": { TypeScriptCopy "if" Report a concern
asked 2025-03-31T07:49:24.88+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 75%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Ananya Shrivastava
20
Reputation points
edited a comment 2025-04-02T06:40:43.6766667+00:00
Vinod Pittala
1,600
Reputation points Microsoft External Staff
2 answers
Best Approach for Denying Public Network Access on Managed Disks
An Azure policy has been implemented to disable public network access in audit mode. After remediating non-compliant resources, guidance is needed on the best approach to transition to deny mode, especially considering there are hundreds of new disks…
asked 2025-03-21T17:37:56.3566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 89%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEA%3C/text%3E%3C/svg%3E)
Ernest Aduboffour
20
Reputation points
commented 2025-04-02T03:32:15.49+00:00
Naveena Patlolla
1,720
Reputation points Microsoft External Staff
1 answer
One of the answers was accepted by the question author.
azure policy - port range
Hi, I am working on creating an Azure policy rule to deny a specific port range. I came across this example policy: example And I would like to ask: In lines 55+56, how does the function that checks if false equals true ensure that the port range,…
asked 2025-04-01T01:26:00+00:00
chen dgani
60
Reputation points
commented 2025-04-01T09:54:35.4733333+00:00
chen dgani
60
Reputation points
1 answer
One of the answers was accepted by the question author.
azure policy
I am attempting to create an Azure policy rule that denies inbound network traffic from the IP address 1.2.3.4 using the following JSON payload: However, when I try to create a new NSG rule that allows inbound traffic from the same IP address, the rule…
asked 2025-03-31T10:07:07.1533333+00:00
chen dgani
60
Reputation points
commented 2025-03-31T10:38:11.0166667+00:00
Tomica Kaniski
25
Reputation points MVP
2 answers
One of the answers was accepted by the question author.
DORA Regulations and Azure CSP (Reseller)
Hi team - we have customers asking us for DORA addendums in their Azure contracts - as they are in our CSP model, that would fall under the MCA framework - what is the guidance from Microsoft on that, has the MCA been updated so that it is fit for…
asked 2025-01-17T17:25:08.6266667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 74%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECN%3C/text%3E%3C/svg%3E)
Cristian Nedelcu
20
Reputation points
commented 2025-03-31T09:23:10.6766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 15%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETY%3C/text%3E%3C/svg%3E)
Tristan Ybert
0
Reputation points Microsoft Employee
1 answer
Azure ARM policy to deny role assignments only for resource group owners not for admins and Sub owners
I have a requirement where I need to deny only owners of the resource group to do new role assignments or changes to existing role assignments. Resource group contributors and readers anyways cannot do any role assignments/modifications. Role…
asked 2022-05-20T12:13:45.427+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 7.000000000000001%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Nazeer Basha
6
Reputation points
edited a comment 2025-03-31T07:46:00.6266667+00:00
Ananya Shrivastava
20
Reputation points