Azure Resource Manager

How can we improve the Azure Resource Manager?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. When re-running an ARM template that copies a database, don't fail but skip the db deployment

    When I run an ARM template that deploys a database by making a copy of an existing database it works perfectly. When I re-run that same ARM template it will fail the database deployment as the database already exists. I expect that as the database already exists it will leave it and skip this deployment.

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
    • reference cosmosdb from ARM template, similar to keyvault

      reference cosmosdb from ARM template, similar to keyvault
      This would be helpful for deploying parameters like IP lists on storage accounts, sql server. If I can reference a json array. current work around is convert to base64 and store in keyvault

      "reference": {
      "cosmosdb": {
      "id": "/subscriptions/<subscription>/resourceGroups/<resourcegroup>/providers/Microsoft.DocumentDB/database"
      },
      "collection": "myjsonobject"
      }

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        0 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
      • Allow unlimited Key Vault references in template parameters

        Currently Key Vault references is limited to 30. This seems like a very arbitrary limit. We currently have deployments that require more than that amount.

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
        • Introducing Azure Deployment Manager

          Check out session BRK3390 at Ignite 2018 for more info!

          1 vote
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            0 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
          • Make certificate deployment idempotent

            When including a Microsoft.Web/certificates resource in an ARM template, the deployment will fail with "Another certificate exists with same thumbprint XXXXXXXXXXXXXXXXXXXX at location xxxx in the Resource Group xxxxxx." if the certificate already exists.

            The deployment should be idempotent like all of the other resource types and not fail if the resource already exists.

            Otherwise, the certificate has to be deployed manually and cannot be included in an ARM template used for CI/CD deployments (ie: from VSTS)

            3 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
            • lkumar

              app

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Flag idea as inappropriate…  ·  Admin →
              • Improve access to Key Vault from ARM templates

                Accessing secrets from KV in an ARM templates is super important, especially from VSTS release management pipelines yet the support is limited.

                The way you get at key vaults secrets from templates currently has very limited application. You use "reference" but this can only be applied to a parameter. Why not a variable or inline? However the real limitation is using a dynamic key vault id. Firstly nobody is going to use a static key vault id. It will nearly always be derived from other parameters or functions e.g. subscription() or resourceGroup(). So to do that you must use nested…

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                • Add custom roles and RGs to management groups

                  I would like to see the ability to using management groups as the central management part for RBAC. This means that custom roles should be added to management groups because then I would not need to add custom roles to every underlying subscription.
                  If RG management would also be part of the management groups this would lead to a centralized point for RBAC.

                  0 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                  • With locks at resource group it get inherited to deployment resource as well which can't be deleted and the deployments have a hard limit of

                    The locks are fine however the lock is also applied/inherited on deployment resource which doesn't allow deletion of just deployments.

                    Deployments have a hard limit of 800. Because of the hard limit, we need to delete deployment resource regularly to make room for daily deployments.

                    We are finding a way to have lock applied on prod resource group and but then lets us allow to delete the deployment resource

                    6 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Flag idea as inappropriate…  ·  Admin →
                    • FREE TRIAL CANCELLATION????

                      WHY DO YOUR SERVERS ALL GET DISABLED AFTER THE FREE TRIAL????? I HAVE BEEN DOING WORK ON THOSE FOR WEEKS!!!!!! I HAVE NO PROBLEM PAYING BUT I THOUGHT IT WOULD BE SEAMLESS!!!!!

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                      • Add 'Select All' ability under Activity Log -> Operation

                        If I just wanted to search for Activity Log actions relating to 'Peer' I have to then hand select all '36' individual operations since there isn't a Select All feature. See screenshot

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                        • use local variables within property copy loop

                          Using property copy in resources or variables can become complicated as the only value that can really change in each iteration is copyIndex().

                          It would be great if local variables could be used within these sections to simplify and make it more readable.

                          I have a couple of example files based on multiple webApps deployed into multiple location. The first works in the current schema, the second would be nicer if supported!

                          It would be great of these locals could also pull in reference(), parameter() and variables().

                          3 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                          • Preview ARM template before deployment

                            It would be useful to see what will be deployed after the parameters, variables, conditions, linked templates, etc...are processed.

                            5 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                            • Use secret from keyvault in parameter defaultValue

                              Now the only way to get a secret is to pass it in each parameters file, it would be very useful to get a secret from keyvault in parameter default value. We are heavily rely on keyvault for our parameters.

                              6 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                              • Custom RBAC role to only allow the assignment of TAGS on resources.

                                Would be nice to have a custom RBAC role in the Azure portal created that allows a user to ONLY be able to set TAGS on resources, resource groups and/or subscriptions for billing purposes.

                                4 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                • httpsOnly web app settings deployed using ARM not visible in portal but resource manager shows its set

                                  httpsOnly web app settings deployed using ARM not visible in portal but resource manager shows its set?

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                  • IAM Access Control integration

                                    Since IAM Access Control is available per resources and can be combined with MSI now, it would be great to make use of these features inside ARM template.

                                    Take this use-case: I create a new VM and someResource. The VM runs a daemon, which is supposed to modify someResource whenever needed. It's easy to click this setup in the portal and make VM a Contributor for someResource, but impossible to deploy using arm template. Technically, I'm aware that privileges live elsewhere (in AAD), but from user perspective, intuitively they are an attribute of arm resource.

                                    BTW, this one is linked…

                                    3 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Key Vault in ARM Template

                                      As an solution engineer, i would like to manage and pass security credential through key vault only but what i have noticed in custom arm template deployment, it is not accepting key vault information from parameter.jason file.
                                      Can this feature enable?

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Ad make us mon

                                        Open source software applications, I love money it motivates the other hand. Love free, but earning is so much more.

                                        1 vote
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                        • ARM Template Builder GUI

                                          As a User, it would be nice to build ARM Templates in a visual way. This would allow me to connect resources together, whether they exist or will need to be created at the time of building the template.

                                          Example:
                                          Create an Azure Function App that has HTTP Trigger, with Queue Storage as ingress and Table Storage as egress. Managed by APIM.

                                          This would create a template for me and deploy the resources as well. I could then define specifics within the interface I am creating the template visually.

                                          3 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1 3 4 5 17 18
                                          • Don't see your idea?

                                          Azure Resource Manager

                                          Feedback and Knowledge Base