Azure Resource Manager

How can we improve the Azure Resource Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Increase RBAC Role assignment limit or allow Resource Group nesting

    With the limit for RBAC Role assignment at 2000, the number of role per resource groups can be attained relatively quickly with larger deployments. I was thinking of 2 ways to bypass the issue, either allow us to increase the limit to Role Assignments in a subscriptions or allow us to do resource group nesting. That way we could apply the roles to the main resource group to use inheritance instead of using multiple role assignments for all the similar resources.

    20 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • Restrict ARM template policy to a user or a group

      It is not possible today to filter the application of an ARM policy based on Azure AD user/group. It would useful to apply policies to a certain subset of users, especially in a CSP scenario.

      The only way to accomplish this currently is to first disassociate the offending policy, make the change, then reassign the policy. The challenge with this solution is the possibility that another user with sufficient rights might also be attempting a deployment at the exact moment you disassociate the policy. If that deployment would have been prevented by the policy, then the control would be bypassed.

      15 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
      • Support tags for individual machines in a Scaleset.

        In AWS for example, an instance in an auto scaling group is exactly the same as any other instance and can be referenced individually by it's instance ID. Additionally, Azure itself has a unique "name" identifier for each instance in a Scaleset, why not just add this as it's resource identifier as well? It seems that It's impossible to individually tag instance in Azure VMSS as there is no resource type for VMSS instance, just for the type of Microsoft.Compute/virtualMachineScaleSets.

        11 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Support ARM Template Deployments on Management Group Scope

          Azure Resources can be deployed on subscription or resource group level, but not on management group level.
          My particular use case is the deployment of Policy Definitions & Assignments using ARM Templates. While the deployment succeeds, it's not possible to define a management group as the deployment scope. As a result, the policy definition has the subscription assigned as scope and cannot be assigned on a management group level.
          The API version 2018-05-01 supports the argument "managementGroupId". https://docs.microsoft.com/en-us/rest/api/resources/policydefinitions/createorupdateatmanagementgroup

          4 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Flag idea as inappropriate…  ·  Admin →
          • Test-AzureRmResourceGroupDeployment Report Syntax Error (Check for valid JSON)

            If a template doesn't have a closing } bracket I've had Test-AzureRmResourceGroupDeployment report that a parameter passed to it was not found even though it was defined properly in the template.

            This misleading error message leads to wasted time. Perhaps we could have Test-AzureRmResourceGroupDeployment test for valid JSON first and report back if it's invalid.

            4 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • Improve access to Key Vault from ARM templates

              Accessing secrets from KV in an ARM templates is super important, especially from VSTS release management pipelines yet the support is limited.

              The way you get at key vaults secrets from templates currently has very limited application. You use "reference" but this can only be applied to a parameter. Why not a variable or inline? However the real limitation is using a dynamic key vault id. Firstly nobody is going to use a static key vault id. It will nearly always be derived from other parameters or functions e.g. subscription() or resourceGroup(). So to do that you must use nested…

              17 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Flag idea as inappropriate…  ·  Admin →
              • ARM Template "Dry Run" command

                It would be really useful if the PS/CLI commands to interact with ARM Templates had a 'Dry Run" command that would build out a resource list that could be used to verify the execution of the provided ARM Template.

                An example of this concept would be the AngularCLI dryrun flag that illustrates the created/modified files for when it executes.

                The benefit of this would be to verify that the resources are created as expected without having to generate all the resources which is time consuming and could be costly for some resource types. This would also be helpful when testing…

                11 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Case sensitive parameters

                  I am getting the error "The deployment parameters are using case sensitive names."

                  Parameter names being changed to all lower case has not rectified the problem.

                  3 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • Azure monitor ARM template - Ability to create alerts from custom metrics

                    The ability to create alerts, based on custom metrics would be very useful.
                    In my use case I'd like to create alerts from Telegraf metrics and apply it to all VMs in my subscription.

                    I've been looking at the template documentation, but can't seem to find any reference to custom metrics.

                    https://docs.microsoft.com/en-gb/azure/azure-monitor/platform/alerts-metric-create-templates

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                    • Please provide a way to programmatically delete a subscription, ofcourse this should have all the necessary warnings/checks like for RGs.

                      We have a way to programmatically create a sub, also provide one for deleting programmatically, ofcourse after warning in no uncertain terms that this is going to be destructive and all resources will be lost forever irrevevocably and verifying that is indeed the customer wants, before the actual deletion.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Track who submitted a deployment, and allow viewing of this on the Resource Group

                        Being able to see who submitted a deployment would be HIGHLY useful. Both for tracking from a security point of view, but also from a costing point of view. If someone isn't putting in required costing tags, we need to be able to go back and ask them, but if we don't know who it was...

                        I remember there being a way to see who submitted a deployment in a Resource Group, under deployments. However this doesn't appear to be there any longer, or it never was and I am imagining it.

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • Custom RBAC role to only allow the assignment of TAGS on resources.

                          Would be nice to have a custom RBAC role in the Azure portal created that allows a user to ONLY be able to set TAGS on resources, resource groups and/or subscriptions for billing purposes.

                          22 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Certificate Manager on Azure like AWS Certificate Manager

                            AWS has a Certificate Manager service that can easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services.

                            https://aws.amazon.com/certificate-manager/

                            It would be great if Azure can provide similar service so that customers don't have to buy and bring their own ssl certificates when using Azure services.

                            I am aware that Azure CDN supports custom domains and it can automatically provision a custom ssl certificate for that domain for free. But you can't do similar things on Application Gateway, or Azure Web Apps, etc.

                            1 vote
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • ARM Template - Automate Azure Function Event Grid Subscription

                              Presently using ARM I can automate the creation of an Azure Function Subscriber that has a HTTP trigger.

                              "properties": {
                              "destination": {
                              "endpointType": "WebHook",
                              "properties": {
                              "endpointUrl": "[listsecrets(resourceId('Microsoft.Web/sites/functions', parameters('azurefunctions_name'), parameters('azurefunctions_loadTcsItemSubscription')),'2015-08-01').trigger_url]"
                              }
                              },
                              "filter": {
                              "includedEventTypes": [
                              "All"
                              ]
                              }
                              },

                              I am however unable to do the same for an Azure Function Event Grid trigger, there seems to be no way of accessing the master key. Can this be added to an upcoming release. please.

                              Many Thanks

                              Paul

                              22 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                3 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • copyindex

                                [functions] Allow copy in user-defined function

                                This would really help reduce the redundant lines of code. Use case, for a given VM, would like to have multiple drives (i.e. each drive would consists of set of data disk, type and size)

                                Example

                                Dive D : 127GiB, premium, 5

                                Drive E : 255GiB, Standard, 10

                                Also, this would enables nested loop indirectly, which would be a huge win

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • copyindex

                                  [functions] Allow copy in user-defined function

                                  This would really help reduce the redundant lines of code. Use case, for a given VM, would like to have multiple drives (i.e. each drive would consists of set of data disk, type and size)

                                  Example

                                  Dive D : 127GiB, premium, 5

                                  Drive E : 255GiB, Standard, 10

                                  Also, this would enables nested loop indirectly, which would be a huge win

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • copyindex

                                    [functions] Allow copy in user-defined function

                                    This would really help reduce the redundant lines of code. Use case, for a given VM, would like to have multiple drives (i.e. each drive would consists of set of data disk, type and size)

                                    Example

                                    Dive D : 127GiB, premium, 5

                                    Drive E : 255GiB, Standard, 10

                                    Also, this would enables nested loop indirectly, which would be a huge win

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • copyindex

                                      [functions] Allow copy in user-defined function

                                      This would really help reduce the redundant lines of code. Use case, for a given VM, would like to have multiple drives (i.e. each drive would consists of set of data disk, type and size)

                                      Example

                                      Dive D : 127GiB, premium, 5

                                      Drive E : 255GiB, Standard, 10

                                      Also, this would enables nested loop indirectly, which would be a huge win

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • use JSON instead of XML or a custom file like .bot

                                        I think that JSON is just the most standard way of sending data to the server, and not XML. Also using a custom .bot file for the bot framework does not allow intellisense in VS Code, while a JSON file can (package.json and tsconfig.json being great examples)

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Monthly report Azure Advisor

                                          It would be nice if there is an option to send the recommendation PDF/CSV every week or month by mail.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 17 18
                                          • Don't see your idea?

                                          Azure Resource Manager

                                          Feedback and Knowledge Base