Azure Resource Manager

How can we improve the Azure Resource Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Simplify Enabling Diagnostics In Web Apps

    I'd like to be able to enable diagnostics on a web/api app in an ARM template like this:

    properties:{
    "DIAGNOSTICS_ENABLED": true,
    "DIAGNOSTIC_BLOB_CONTAINER": "foo"
    }

    As it stands, I am required to create the storage account before running the ARM template, use powershell to create a container and generate a SAS token then feed that in to the ARM template.

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Support using count to deny resource creation in Azure Resource Policies

      Please add support to deny the creation of a resource in a resource group if the number of items of that resource type is greater than or equal to a certain value.

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        2 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Make "moving resources" actually work

        Having moved a lot of resources to a new subscription, I can tell you:

        (1) Sometimes it works

        (2) Sometimes it fails, and if you do it again it works

        (3) Sometimes it works, but your resources are missing, and you have a heart attack for 10-15 minutes until they magically reappear

        (4) Sometimes it works, but stays in stuck in "Moving resources" for hours, and Google says maybe it will time out eventually (this is where I'm at now)

        All this in a small business account in afternoon. Is anything tested at Azure?

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Moving a resource group to a new subscription should be easier

          When I started playing around with Azure, I didn't fully understand subscriptions and realized late in the process that my MSDN subscription didn't allow production use, and this needed to be a Pay-As-You-Go subscription.

          Moving resources to a new subscription seems to require some substantial rummaging around behind the scenes, and the Move-AzureRmResource functionality (and exposed via the portal) is fantastically buggy. Like "maybe it'll all move on the third try, and be ready to nuke it all redeploy" buggy.

          Shouldn't it be as simple as UPDATE SubscriptionId = B WHERE SubscriptionId = A when someone wants to pay you…

          3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • String array function Join

            in some cases, I need to concatenate several references (variables) which have rather long names (or complex object structures).

            The standard approach (Concat(...)) makes for a very long lines.

            Since multi-line values aren't supported (another area for improvement), the current approach I use is to create an array of each segment, since each member of the array can be its own line.

            Ideally I'd like to take that array and just Join(string[], "_")... but currently I can't, so I'm forced to concat(var[0], "_", var[1], "_", var[2]).

            The inclusion of a JOIN function would SIGNIFICANTLY simplify the variable's definition.

            2 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Provide option to execute ARM template in preview mode ("This is what I plan to do")

              I would love to be able to run an ARM template with an optional PowerShell parameter that tells the deployment not to make any changes, but instead to report back with the changes it intends to make.

              19 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
              • Enable the enforcement of Transparent Data Encryption on databases using Resource Policies

                Please provide an alias to enable the enforcement of Transparent Data Encryption on databases using resource policies.

                3 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Application Gateway management operations are agonizingly slow

                  [Originally posted to Azure Portal forum - however should have been submitted here]

                  Most creates and updates for application gateway configuration (back-end pools, rules, listeners, certificates, etc.) take 5-10 minutes to apply. This is not a portal issue as it takes just as long via the API / CLI. (This is with even a single instance App Gateway)

                  Applying these same settings on Windows Server ARR directly takes only a minute or less, so I'm not sure where the performance issue lies, but there is tremendous room for improvement.

                  As it is currently, it provides waaaay too much time while…

                  4 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • Enforce Resource Naming convention using ARM Policies

                    Enforce Resource Naming convention using ARM Policies using for example Regular Expressions.
                    The challenge we are facing is figure out a way to enforce a naming convention on the azure environment of our customers. We have detected for example that we are not allowed to use two “*” on a “like” condition. We also tried to use regular expressions (REGEX) but apparently doesn’t work also. We would like to know if there is any solution for this or any code/example that you could share with us that could help our customers enforcing a naming convention on their environments, because right…

                    3 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Shrink Managed disk

                      I'd like the ability to shrink a managed disk.

                      I'm creating a managed image from a marketplace windows server base, installing a bunch of third party software and using DevTest labs and VSTS to automate the build of a base image that I use for a large number of VM deployments.

                      The managed disks created from my image are 128gb of which I use about 40gb. I'd like to shrink the managed disk used in the image to 64gb so the VMs I deploy from my image fit in the S6 managed disk pricing bracket.

                      6 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • createOption: attachIfExists

                        I had a hard time to switch a VM template from 'createOption: fromImage/empty' to 'attach'
                        (VM re-create to change its availability set assignment.):

                        - remove the 'imageReference' block
                        - remove the 'osProfile' block
                        - losing VM metadata as described here
                        https://support.microsoft.com/en-ie/help/4018140/computer-names-of-specialized-virtual-machines-are-missing-or-blank-in

                        Imagine the following:

                        - 'createOption: attachIfExists', leading to use an existing .vhd or to create a new one when needed
                        - 'imageReference' allowed and just unused when it effectively attaches a disk
                        - 'osProfile' allowed and only setting the VM metadata when it effectively attaches a disk

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add support for optimistic concurrency

                          Resources often have an e-tag. It would be nice if you could pass the e-tag and have the ARM API call fail if the e-tag doesn't match.

                          My scenario is that I would like to support concurrently executing requests to modify an NSG. If I could first GET the NSG, modify it, and PUT the changes with the e-tag returned by the GET and have it fail if another change was applied in the middle, I could then easily add retry logic with an exponential backoff to compensate.

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • More object pre-checks when policies are enabled

                            For policies, there needs to be pre-checks before objects are created. For example, I created a policy restricting VM's. But the NIC was created and left orphaned because the NIC was created before the VM object, which failed due to the policy. I used managed disks, otherwise I'm sure a new storage account would also have been orphaned.

                            3 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Add REPLACE option to Policy effects

                              Please provide a "replace" effect. For example, I want a policy which sets Microsoft.Storage/storageAccounts/enableBlobEncryption to "true" if it is "false". If you attempt to replace an existing value using "append", it will fail.

                              Yes, there is a danger of specifying one value in a template and not being aware the resource was deployed with another value. But some fields (like enable service encryption) are either true or false -- there is no "unspecified" state. Hence, the need for "replace". Also, I still want the ability to replace a field even if a different value was specified (you can always log…

                              2 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Subscription Budget spend limit

                                Please add the option to have a budget limit for subscription and option to automatically stop all VM's \ Resources when limit reached

                                10 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                • Make ARM template syntax universal

                                  There appears to be inconsistencies with respect to where you can use parameter/variable substitution in an ARM template.

                                  For example, I have been unsuccessful in creating a template that has conditional nested resources based on the typical tricks. It appears as if the ARM template engine doesn't expect the resources array to contain variables or itself point to a variable that is an array.

                                  This makes it hard/more difficult to understand how ARM templates are put together. It also makes it difficult to have ARM templates that vary depending on deployment circumstances.

                                  You can get more specific details from this…

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Resource Manager Policies UI

                                    Add a UI to support Resource Manager Policies in the portal.

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Improve provisioning of Power BI workspace collection through ARM template

                                      Right now we can provision a Power BI workspace collection through ARM template. But once the collection is there we get an error if we execute the template again. In general this is not the behavior for the other resources and probably needs to be changed. You can see here more for info. https://stackoverflow.com/questions/42209695/error-when-updating-a-powerbi-workspace-collection-from-an-arm-template

                                      17 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Allow for Comments within JSON templates

                                        While comments were purposely removed from the JSON standard it causes significant issues when using JSON templates in Azure. Something as simple as a _Comment attribute on all resources which is accepted but ignored by Azure would allow for some basic documentation to be kept with JSON templates and as such would make their learning curve less steep and complicated templates easier to handover to others.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Set Read-Only RBAC Permissions to specific Resource Groups in a Subscription

                                          We're developing a centralized Subscription management strategy and need the ability to place resources (such as VNets and NSGs) in a restricted/read-only Resource Group, but still allow individual teams to create, own and manage their Resource Groups within the same Subscription, including assigning permissions.

                                          Ideally, we'd like to be able to block inheritance on the IT managed RGs and assign read permissions to the owners of other RGs to it.

                                          The Lock function doesn't work, because it's an all or nothing type of rule that's not assignable to a Role.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 9 10
                                          • Don't see your idea?

                                          Azure Resource Manager

                                          Feedback and Knowledge Base