Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
872 questions
0 answers
How to upgrade package github.com/open-policy-agent/opa to version 0.68.0 or above?
Hello! We are using Azure Policy add-on in our AKS cluster and we would like to upgrade package github.com/open-policy-agent/opa to version 0.68.0 or above. The image mcr.microsoft.com/oss/open-policy-agent/gatekeeper. Namespace: gatekeeper-system. How…
asked 2024-09-27T11:59:52.1966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 0%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIU%3C/text%3E%3C/svg%3E)
Igor Ussov (external)
0
Reputation points
asked 2024-09-27T11:59:52.1966667+00:00
Igor Ussov (external)
0
Reputation points
0 answers
Allow-Access-Control-Origin Error on Web App
Hey everyone. I may be missing something simple, but here's one for you guys! Turning on App Gateway WAF Policy with a custom rule for geo location match. Essentially just to deny any traffic outside of select countries. Without this WAF Policy turned…
asked 2024-09-24T19:45:46.7866667+00:00
Joseph Dutton
135
Reputation points
commented 2024-09-27T05:33:25.71+00:00
KapilAnanth-MSFT
44,921
Reputation points Microsoft Employee
1 answer
How to remove WAF policy safely.We have an AKAMAI device before the App GW and do not need WAF capability anymore.What is the safest way to do so.
How to remove WAF policy safely or disassociate WAF policy . We have an AKAMAI device before the App GW in our environment hence we do not need WAF capability anymore. What is the safest way to do so. Also can I do it via portal and if I am doing it via…
asked 2023-03-21T05:27:06.58+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 43%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Samar Masood Khan
20
Reputation points
commented 2024-09-26T11:27:17.2633333+00:00
KapilAnanth-MSFT
44,921
Reputation points Microsoft Employee
0 answers
I cant access my customers tenant because of a conditional acces policy called "phishing resistent mfa for admins"
I called microsoft yeserday, was rerouted 3 times before someone could create a ticket for me and said answer time was just a couple of hours and then the data protection team would call me. this "should" be a simple fix i tought, it is really…
asked 2024-09-24T06:47:35.9933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 9%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Frederik Franklin Klingenberg
0
Reputation points
edited the question 2024-09-24T07:50:05.1133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 86%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AmaranS
6,190
Reputation points Microsoft Vendor
0 answers
Error assigning a policy using Azure powershell and Azure Cli
I'm trying to assign an initiative using Azure Cli or Azure powershell and I'm getting the following error New-AzManagementGroupDeployment -ManagementGroupId $managemenGroupId -Location $location -TemplateFile…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 52%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
0 answers
Azure Policy not working with Def. JIT (- Do not allow Any as source)
I am currently trying to prevent users from requesting Azure JIT VM access coming from the Source IP addresses "Any". According to this thread, https://video2.skills-academy.com/en-us/answers/questions/846584/azure-vm-jit-do-not-allow-any-as-source ,…
asked 2024-09-23T07:36:48.7833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 14.000000000000002%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJE%3C/text%3E%3C/svg%3E)
Jara Entren
25
Reputation points
edited the question 2024-09-23T17:04:04.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 73%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
anashetty
155
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
Azure policies for Azure Functions
I am planning on applying a Azure policy initiative of following policies to Azure Function Apps:- Function app slots should disable public network access Function app slots should have Client Certificates (Incoming client certificates) enabled …
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 34%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Login as federated user via katalon studio
Hi, I have an inquiry if it is possible to perform federated user login via katalon studio? We are working on automating logging in as federated user in katalon studio but am encountering an error when logging in. This error does not happen when logging…
asked 2024-09-11T15:08:21.4833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 97%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Philippe Purugganan
20
Reputation points
accepted 2024-09-19T14:38:09.0833333+00:00
Philippe Purugganan
20
Reputation points
1 answer
Azure built-in compliance standard for ISO 27001:2022
Is it planned to offer the compliance standard for ISO 27001:2022 y Azure regulation compliance initiatives?
asked 2024-05-22T15:08:51.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 41%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
Carlos Villarroel
15
Reputation points
commented 2024-09-19T09:00:03.8333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 92%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
Bjørn Vegard Christensen
0
Reputation points
1 answer
Search Service authorization fails (in environments where policy prohibits private endpoint connections from other subscriptions).
To achieve private sending/receiving between “Storage Account” and “Search Service” currently To use the Search Service's shared private link, you need to create a shared private link between the storage account and the Search Service. To use the Search…
asked 2024-09-05T00:39:58.9633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 65%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E4%3C/text%3E%3C/svg%3E)
443
0
Reputation points
answered 2024-09-18T06:57:15.79+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SnehaAgrawal-MSFT
21,506
Reputation points
0 answers
Is it possible to enable diagnostic settings for express route gateway resource?
Is it possible to enable diagnostic settings for express route gateway resource? if yes, how can we create a deploy if not exist policy to achieve it?
asked 2024-09-09T10:11:34.41+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Ajit Ramachandra Sane
0
Reputation points
commented 2024-09-13T17:07:05.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 81%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
Sai Prasanna Sinde (Quadrant Resource LLC)
100
Reputation points Microsoft Vendor
0 answers
Availability Sets are not supported in Azure Policy for deploying Azure Monitor Agent.
I have created a Initiative for deploying the Azure Monitor agent on a subscription. The agent is deployed on all the Windows vm's except on the machines in a availability set. The policy I'm using is "Configure Windows virtual machines to run Azure…
asked 2024-09-13T14:38:25.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 28.999999999999996%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERG%3C/text%3E%3C/svg%3E)
Radjin Ghisyawan
0
Reputation points
asked 2024-09-13T14:38:25.6466667+00:00
Radjin Ghisyawan
0
Reputation points
0 answers
Azure policy does not back up persistent AVD VMs.
We're running into a weird issue. We have two Azure policies, one which adds a tag for any VM, the tag name is "backup" and it sets the value to [true]. Then a second policy is set to backup VMs with a given tag to an existing vault in the…
asked 2024-09-12T15:11:56.0933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 12%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERD%3C/text%3E%3C/svg%3E)
Richard Duane Wolford Jr
206
Reputation points
edited the question 2024-09-12T23:51:45.65+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 3%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMG%3C/text%3E%3C/svg%3E)
Mahesh Goud Juvvadi
980
Reputation points Microsoft Vendor
0 answers
issue with built-in Azure Policy "Configure Azure Activity logs to stream to specified Log Analytics workspace"
hi, trying to deploy the policy Configure Azure Activity logs to stream to specified Log Analytics workspace https://www.azadvertizer.net/azpolicyadvertizer/2465583e-4e78-4c15-b6be-a36cbc7c8b0f.html Altough, the parametree is configured to use…
asked 2023-12-14T15:14:34.7233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 28.000000000000004%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA0%3C/text%3E%3C/svg%3E)
AdamBudzinskiAZA-0329
91
Reputation points
commented 2024-09-12T13:07:16.6233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 82%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EU%3C/text%3E%3C/svg%3E)
User794653
0
Reputation points
0 answers
How to disable OWA for a set of users using Azure Security group
I need to disable OWA for set of users in our company, and disable OWA for new users as well. Being a Global Admin, can I do so using Azure Security group? If yes , could please help me with the steps to do so? I need to find out who…
asked 2024-09-11T13:52:36.1233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 23%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Ravikiran K
0
Reputation points
asked 2024-09-11T13:52:36.1233333+00:00
Ravikiran K
0
Reputation points
1 answer
One of the answers was accepted by the question author.
I clicked on Access policies on my ley vault, but i was shown this "Access policies not available". How do i make it available?
Access policies not available. The access configuration for this key vault is set to role-based access control. To add or manage your access policies, go to the Access control (IAM) page. How can I resolve this
asked 2024-09-09T11:45:38.9033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 72%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECO%3C/text%3E%3C/svg%3E)
Charles Onyebuchi
20
Reputation points
accepted 2024-09-11T10:05:16.8833333+00:00
Charles Onyebuchi
20
Reputation points
1 answer
Azure initiative for ISO 27001:2022
We have to implement ISO 27001:2022 at Azure Switzerlan. Is there an azure initiative for ISO 27001:2022? There is currently one for ISO27001:2013. Does anyone know what should be changed for 27001:2022?
asked 2023-11-03T06:41:04.88+00:00
Martin Egli
115
Reputation points
commented 2024-09-10T12:16:05.0266667+00:00
Martin Wierenga
0
Reputation points
1 answer
Programmatically trigger Azure policy remediation
I have got azure policy auto remediation in place, however the process is a manual one where the remediation tasks needs to be manually triggered. I was wondering if there is a way to programmatically trigger the running of the remediation job.
asked 2024-09-09T22:14:57.2533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 39%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
MrFlinstone
541
Reputation points
answered 2024-09-09T23:39:41.5133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Marcin Policht
23,160
Reputation points MVP
2 answers
Export the data of Policy Assignments Name, Type (Intiatives or Policy), Scope and then for each Policy Assignments I need the policy definitions Version, category, type associated with it and export in excel file
Hello Team, Can any one help on how I can Export the data of Policy Assignments Name, Type (Intiatives or Policy), Scope and then for each Policy Assignments I need the policy definitions Version, category, type associated with it and export in excel…
asked 2024-09-03T12:53:20.3766667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 90%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJI%3C/text%3E%3C/svg%3E)
J.I. PRASHANDH
0
Reputation points
commented 2024-09-06T10:39:35.13+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 2%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPK%3C/text%3E%3C/svg%3E)
Prashant Kumar
775
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
How to Prevent Users from Removing Resource Group Locks Using Azure Policy?
Hi, I'm currently working on creating a policy definition in Azure to prevent users from removing locks from Resource Groups (RGs). My initial approach was to use the Deny effect within the policy, but I haven't been able to achieve the desired result.…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 69%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)