How to remove the expired Azure Policy Exemption. Do we need to remove from Portal or Github first?

To remove an expired Azure Policy Exemption, you can delete the exemption resource from the Azure portal. You do not need to remove it from GitHub. Deleting the exemption resource will remove the exemption from the policy evaluation. It is a best practice to regularly revisit your exemptions to ensure that all eligible items are appropriately exempted and promptly remove any no longer qualifying for exemption. At that time, exemption resources that have expired could be deleted as well.

References:

• Azure Policy exemption structure

@Madhusudhana Rao Dasari I understand you have some questions regarding Azure Policy. I would be happy to assist you. If you find the below content helpful, please consider accepting it as an answer. If you have further questions, please reply here and I would be happy to assist you further.

You can use either the Azure Portal or GitHub, depending on how your policies are managed. Here are the steps for both methods:

Azure Portal

1. Navigate to Azure Policy: Go to the Azure Portal and search for “Azure Policy.”
2. Select Exemptions: In the Azure Policy dashboard, select “Exemptions” under the “Authoring” section.
3. Find the Expired Exemption: Locate the expired exemption you want to remove.
4. Delete the Exemption: Click on the exemption and select “Delete.”

GitHub

If your Azure policies are managed as code in a GitHub repository:

1. Locate the Exemption File: Find the JSON file that defines the policy exemption in your repository.
2. Remove or Update the File: Delete the file or update it to remove the exemption.
3. Commit and Push Changes: Commit your changes and push them to the repository.

Best Practices

The best practice depends on your organization’s workflow:

• Azure Portal: Ideal for quick, manual changes.
• GitHub: Preferred for organizations using Infrastructure as Code (IaC) practices, ensuring changes are tracked and version controlled.