How to deploy an Azure Data Explorer Cluster resource with the ALZ policies activated

Hi @Pavan Minukuri ,

Thanks for your reply. However, your reply is wrong on more than one level and I will clarify why.

First of all, built-in policy definitions cannot be edited (refer to https://video2.skills-academy.com/en-us/answers/questions/245260/how-can-i-edit-the-built-in-azure-policy-definitio , despite old post, still accurate).

You might want to duplicate it and therefore have a copy of the built-in policy as a custom policy. Yes, then you can edit it... which leads to the second faulty statement. There is no such thing as adding an exception in the edit view of a custom policy. I also followed both the links you provided and didn't find anything backing that up.

BUT the moral of this issue isn't something that should be solved through exemptions (yes, I said exemptions, not exceptions). I managed to temporarily solve the issue with an exemption while I am hopefully waiting for Microsoft to correct their built-in policy, or even better, to have the GUI set that particular value explicitly to Disabled whenever you choose to go for the Private endpoint option.

Although selecting the private endpoint connectivity method, once the Azure Data Explorer Cluster resource has been deployed, navigating to Networking provides the following:

Hence, solution is pretty much known but up to Microsoft to solve. I wonder where you should submit such requests if not through this forum/community. Any ideas?

Hi REZAI Arash,.
Thank you for the detailed feedback and providing the correct information. I apologize for any confusion caused by my previous response.

Regarding your question about submitting requests to Microsoft for policy changes, you can submit feedback and feature requests through the Azure Feedback Forum. This forum allows you to submit feedback, vote on existing feedback, and engage with other users and Microsoft product teams. Here is the link to the Azure Feedback Forum:

https://feedback.azure.com/forums/34192--general-feedback

You can also submit support requests to Microsoft through the Azure portal or by contacting Azure support directly. They can help you troubleshoot issues and provide guidance on how to resolve them.

If you have any further queries, do let us know. If the comment is helpful, please click "Accept comment".

Hi again @Pavan Minukuri ,
Okay, so in essence, I have posted this issue in the wrong forum you mean? I doubt it is a "General feedback" but rather "Reporting an issue", but I'll take it as I created the same post following your suggestion and posting it here. Hopefully, someone will pick it up and resolve the issue on MS side soon. In case you know anybody that can take a quick look at it at MS side, please bring them in and I am happy to share any more information with whomever is authorized to solve the issue. Thanks!

Hi REZAI Arash

Thank You for Replying back.

I hope you got the things from my side we will support online Q&A only. Regarding the submit forum support request u can reach over there only we don't have contact I will check with my internal team. If in case, I get any update from my internal team will update you