Azure Resource Manager

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add role assignment of AzureAD roles

    Currenlty, ARM templates ("Microsoft.Authorization/roleAssignments") does not support assigning AzureAD roles like 'Application Administrator', 'Cloud Application Administrator' or 'Directory Readers'.

    Assigning AzureAD roles are needed for "app registration" in AzureAD

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  2. Delete resource with ARM template

    With delivery pipeline it is often needed to create and drop resources for the environments.
    Currently resource manager does not support deprovision deployment mode.
    It means that there is no way to delete exact resources which are specified within the template and were deployed during environment creation.
    Unfortunately Delete Resource Group is not an option because often resources are deployed in different resource groups.
    Actually Delete is part of Complete mode deployment, could you please just make it separate.

    77 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  3. expose the "eventName" property

    We need a property we can use to identify the different events from a deployment, which currently looks completely identical with the only difference not being usable to identify the correct events automatically

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  4. Ability to add functional extensions to templates

    I find myself often writing the same boilerplate code in my templates. Particularly in the functions section (name formatting and such). It would be nice to be able to import functions into templates and maintain common functions in a single place.

    Example in the attachment

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  5. Introduce function to check whether a resource exists

    Currently, the reference() function throws an error at runtime when the resource doesn't exist. I'd like to either have this result a null object instead, or alternatively I'd like a new function such as "exists(resourceName or resourceIdentifier)" returning a boolean. The function should be useable in a "condition" statement.

    I'd like to use this function to work around scenarios where some Azure resources are dependent on each other to be deployed.

    Example: use an ARM template to create a Front Door with a custom domain and an Azure DNS alias record pointing to the Front Door.

    Currently, this is not…

    53 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for bringing this to our attention. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  6. Identity function for Azure Resource Manager Templates to know who submitted the deployment

    It would be good to be able to have a something that returned the user that requested the deployment, either the UPN or the AAD object Id. This can then be used to


    • Tag the resource with the details of who created/last updated.
      This would be great to avoid the masss of resources created without anyone knowing who created them. Thus helping audit and manageability.
      If its a function it could be used in policy and thus enforced tagging.


    • Add permissions based on the user doing the deploy.
      The last one is useful for the developer scenario where the you…

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Application Gateway configuration operations are extremely slow

    I know there is already a post on this, but as it has apparently been resolved (it has not) it seems to be being overlooked.

    https://feedback.azure.com/forums/281804-azure-resource-manager/suggestions/19119910-application-gateway-management-operations-are-agon

    When configuring any resources within the Application Gateway, everything takes such a long time, 5-10+ minutes is not uncommon to add a listener or a rule.

    I have also found that you have to wait for the last request to complete before starting to add any other gateway feature as if you do not it is likely to error the original request.

    Please can you look into this, as it is unbelievably time consuming.

    61 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  8. ARM template parameter validation

    It should be possible to validate and restrict ARM template parameters using a regex.

    This would greatly reduce the change for parameter value errors causing a template deployment to fail.

    This would also make ARM templates a more competitive alternative to AZ CLI and Azure PowerShell.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature

  9. Exported template should be easily deployable in all scenarios

    Exported template should be made deployable even when they include PrincipalID and KeyVault properties. Currently, if we have a resource with SystemManagedKey, we need to remove these from the exported template before deploying: keyvaultproperties, PrincipalID and TenantID. This takes additional time and effort. Thanks.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add DateTime calculation Capabilities with utcnow() in ARM Templates

    Having the possibility to generate SAS Tokens using listaccountsas() is a great step forward in arm template functions as it enables us to generate tokens to make use of linked templates residing on protected storage. However, we still have to provide a static value for token expiration to make use of that function.
    Being able to use datetime calculation functions together with utcnow() would enable us to close a gap and generate SAS tokens dynamically.

    A possible scenario could look like:

    addhours(parameters(utcnow(),1))

    and provide the result as expiration time inside the listaccountsas() function

    51 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

  11. The client with object id does not have authorization to perform action 'Microsoft.Compute/virtualMac

    Error Authorization Failed does not provide enough description for the customer:
    "Message: The client '<identifier>' with object id '<identifier>' does not have authorization to perform action 'Microsoft.Compute/virtualMachines/read' over scope ...

    The error message was not enough to be able for a new user to be able to determine what the case is to resolve the issue. This error occurs for users who have a new Azure Subscription where they have not registered the resource provider for the product when they try to create a new job for that product such as SQL, Azure Stream Analytics, Data Factory...

    Please add verbage…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Complete mode should display / return deletion operations

    When running a deployment in Complete mode, operations for deleting resources in the resource group that do not exist in the current deployment template are not shown in the deployment summary, or in the DeploymentOperations object using the .NET SDK.

    The operations for deleting existing resources when running a deployment in Complete mode should be displayed / retrievable on the new deployment.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow manual / ad-hoc deployment rollback

    When creating or updating a deployment, there are options to rollback on failure to either the last successful deployment, or a specific deployment (OnErrorDeployment).

    There should be a way to rollback to the last successful deployment or a specific deployment without a deployment creation or update failing.

    This would be useful in cases where we want to roll back to the previous successful deployment after a cancelled deployment leaves a resource group in an unwanted state, or if we want to bring a resource group back to a previous state for any reason, but we don't want to export the…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  14. Improve the listkey function to work outside resources and output sections

    Listkeys only works in the resources and output sections of arm templates. Which make the function basically useless. Why even have it usable in the output, it just creates a security vulnerability. If you output secrets in the output section the values gets logged in the deployment logs and now the secret is view-able to anyone with read access on the resource group the arm template happen in.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Increase Keyvault Reference Limit in Parameters from 29 to 60+

    As of right now, the communicated limit for keyvault references in a parameters file is "30", but is actually in practice 29 (appears to be a bug?).

    This limitation is quite low for mature systems. Take, for example, the following potential data points:


    • Multiple SQL ids/passwords, storage account keys, AI instrumentation, Redis cache credentials, etc. for connection strings

    • App to app communication creds/API keys

    • Programmatically created dynamically named/numbered resources

    • References to signing keys for different purposes

    Many of the clients I work with are struggling with this issue, which seems easily fixable by increasing the limit to a larger number.…

    32 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog. Since this request came out of an escalation, I’ve engaged the feature owner to take a look and suggest next best step to validate and resolve the reported bug.

  16. Add a retry mechnanism when parallel deployments fail due to any kind of "Conflict" error

    Scenario:
    - multiple ARM deployments running in parallel
    - all contain a deployment task targeting the same resource group / resource e.g. add a KeyVault access policy/a secret
    - all except one deployment fail with a "Conflict" error and need to be restarted manually

    Expected behaviour:
    Azure retries automatically when such a "Conflict" occurs

    Analysis from the KeyVault team:
    "Based on the investigation performed, we were able to conclude the existing conflicts (409) when trying to run parallel deployments where due to the fact that the deployments were trying to write new access policies to the Key Vault.

    Since Key…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add the ability to deploy On-Premise Data Gateways via automated deployment

    We're trying to fully automate our deployments via ARM templates with Azure DevOps, but have been unable to deploy On-Premise Data Gateways with a service principle connection. Investigating the situation with Microsoft revealed that you must use a personal or service account with Azure CLI.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  18. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. default region for creating new resources

    Allow the user to set a default Azure Region for creating new resources. I always have to change the "random default" to my own Region (West Europe). Let me set a default, that is selected during every new "create" but still allow me to change during creation. Would be awesome and very helpfull!!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. Specify CostCenter when creating Subscription from API

    It would be realy helpfull If I could specify the costcenter during the creating of a subscription.

    Currently there is no way to do this when creating an subscription
    https://docs.microsoft.com/en-us/azure/azure-resource-manager/programmatically-create-subscription?tabs=rest

    Without this i have to sign in to the EA Portal and specify the cost center manually

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.

← Previous 1 3 4 5 25 26
  • Don't see your idea?

Azure Resource Manager

Categories

Feedback and Knowledge Base