Azure Resource Manager
-
Add role assignment of AzureAD roles
Currenlty, ARM templates ("Microsoft.Authorization/roleAssignments") does not support assigning AzureAD roles like 'Application Administrator', 'Cloud Application Administrator' or 'Directory Readers'.
Assigning AzureAD roles are needed for "app registration" in AzureAD
13 votes -
Create a "Tag Administrator" role
As a person responsible for maintaining tags on resources, I need a "Tag Administrator" role which allows me to create, modify, and delete tags WITHOUT allowing me to make other configuration changes to the associated resource.
I had hoped that the "Microsoft.Resources/tags/*" RBAC action would allow the setting of tags on any resource but sadly it does not -- perhaps it could? Otherwise, a ".../tags/write" action will be needed on each resource that supports tags.
In order to edit tags at present, I basically have to be granted "Contributor" access to the resource, which is not ideal and does not…
13 votesThank you for the feedback. We have released the Tag Contributor role (https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#tag-contributor).
However, we would appreciate further feedback about what this role is missing and how we can make it more usable for your scenarios.
-
Support condition on DataDisk in ARM templates
Add support for the condition element on DataDisks. At the moment I get this error:
Could not find member 'condition' on object of type 'DataDisk'. Path 'properties.storageProfile.dataDisks[0].condition'If I try to do this:
"dataDisks": [{
"condition": "[equals(parameters('CreateDataDisk'), 'Yes')]",
"name": "[concat(parameters('VMName'),'-E')]",
"diskSizeGB": "[parameters('DataDisk1Size')]",
"lun": 0,
"createOption": "Empty",
"managedDisk": {
"storageAccountType": "[parameters('DataDisk1SKU')]"
}
}
],13 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature.
-
Make "moving resources" actually work
Having moved a lot of resources to a new subscription, I can tell you:
(1) Sometimes it works
(2) Sometimes it fails, and if you do it again it works
(3) Sometimes it works, but your resources are missing, and you have a heart attack for 10-15 minutes until they magically reappear
(4) Sometimes it works, but stays in stuck in "Moving resources" for hours, and Google says maybe it will time out eventually (this is where I'm at now)
All this in a small business account in afternoon. Is anything tested at Azure?
13 votes -
Allow us to change the location of resources
It is inconvenient and outage-prone to migrate a resource to a new location at present.
13 votes -
Support functions within the definition of parameters...
For example, instead of this...
"locations": {
"type": "array",
"minLength": 1,
"allowedValues": [
"westus",
"eastus",
...
]
}... I'd prefer to write something like this:
"locations": {
"type": "array",
"minLength": 1,
"allowedValues": "[providers('Microsoft.Web', 'serverfarms').Locations]"
}13 votesThanks for the feedback, we’re interested in other scenarios you might have for this…
-
resource group rename
The possibility to rename an Azure Resource Group.
When you create a resource group you cannot rename it. You need to create a new one and move all resources to the new group.
If you decide to apply naming conventions and want to change your resource group names it's currently not doable if you have many groups.
12 votesThanks for bringing this to our attention. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
restoring a deleted Resource group as building the resources from activity log takes much time if the RG is deleted by mistake
A feature for restoring a deleted Resource group would be great as building the resources from activity log (preview) takes much time if the RG is deleted by mistake which leaves many resources deleted.
12 votesThanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
-
Freeze (archive) resources by group
For developer scenarios, it would be useful to have the ability to "freeze" a resource group -- retain the configuration information and any file/data storage, but eliminate all runtime/processing overhead (and access). I realize this implies adding this capability all the way down the resource stack.
Storage charges are often fairly minimal, so this would allow us to avoid lengthy or complex export/store/upload/restore scenarios for archiving experiments, POCs, or even when we just need to switch gears and focus on some other resource group.
Not to turn this into a rant, but I preface this with "for developer scenarios" because…
12 votes -
Automation script should copy storage account settings
Azure Portal can export its Automation script in order to deploy from ARM template, of course in case of Azure Functions on dynamic hosting plan.
However, the Portal currently never generates appSettings in ARM template.
Functions saves the connection string of the storage account in appSettings, so if we recover from the template, it always fails because of the lack of storage account information.
(Deployment would be successful, but newly created Functions never works well.)Do you have a plan to fix this?
I know some template samples in Github can create Dynamic Functions successfully, but Azure Portal can't generate…12 votes -
Full Power BI Embedded Workspace ARM Template support
I need the ability of creating Azure Power BI Embedded workspace resources using ARM Templates. Both flat and nested templates must be supported. I need the ability of setting Web App/API App/ Functions App Application Settings during deployment using the nested Power BI Embedded ARM template output parameters.
12 votes -
Change the location
Change the location for example change App service from western Europe to north Europe.
12 votes -
Ability to use a naming convention pattern in Azure
It could be useful to define per subscription/per resource group/ or per object level a naming convention pattern in order to facilitate the naming and coherency of objects in Azure.
Using a prefix / suffix / incremental / regexp patterns12 votes -
Use a DSL rather than JSON for authoring templates
Scrap the JSON thing and use a DSL with real language features for declaring the templates.
The syntax itself can be compressed and much easier to use. (for example defining a parameters or a variables without unnecessary syntactic sugar or properties in properties)
Replace concat with full expressions (and partly numeric ones for easier construction of names) and skip all the variable('xx') and parameter('ccc') and just use the names (xx, ccc) directly in expressions.
Replace the copy/copyIndex thing with a flexible iterator definition that allows you to use any sequence of values as input (custom number sequences, custom arrays etc)
…
12 votes -
expose the "eventName" property
We need a property we can use to identify the different events from a deployment, which currently looks completely identical with the only difference not being usable to identify the correct events automatically
11 votes -
Allow Azure ARM template to accept Resource Type Property as an Expression
I am Trying to automate my ARM template deployment using Copy index which have pairs of Resource Name and Resource Type Whenever i run a new Azure ARM deployment im getting the error that the Type property in the Resources section of the ARM template cannot be an expression !!!!!
for example
"resources": [{
"apiVersion": "[variables('API')]",
"name": "foobar",
"type": "[concat('Microsoft.Web/','sites')",
"properties": {}
]
},this is a bit Weird since it's just a simple string placement and it doesn't require any external interaction. would this be considered ?
11 votes -
Stop generating random resource names
Azure needs an overarching policy when developing new features to ensure when resources are being created that all names can be managed or templated according to sane conventions.
Spinning up a new container service (AKS, ACS, whatever) generates many unpredictable resources and resource groups. There are many things in Azure that cause this to happen.
Stop doing this! Please, adopt a policy across all your development teams that enforces a little more care and caution with naming and structure when automatically provisioning resources!
11 votes -
Improve provisioning of Power BI workspace collection through ARM template
Right now we can provision a Power BI workspace collection through ARM template. But once the collection is there we get an error if we execute the template again. In general this is not the behavior for the other resources and probably needs to be changed. You can see here more for info. https://stackoverflow.com/questions/42209695/error-when-updating-a-powerbi-workspace-collection-from-an-arm-template
11 votes -
Allow a securestring parameter to be returned inside an object in the outputs section and remain as a securestring
Imagine a scenario where you have a template parameter (let's call it assetsSasToken) of type securestring. You want assetsSasToken to be included into a complex object and be returned in the outputs section while remaining a securestring. Right now if you attempt this, the value of assetsSasToken returned as part of the complex object is not secured anymore.
Here is now to reproduce the problematic scenario:
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {"assetsSasToken": {
"type": "securestring",
"defaultValue": "?someSasToken",
"metadata": {
"description": "SAS Token associated with parameters artifactsLocation"
}
}},
"variables": { },
"resources": [ ],
"outputs":…11 votes -
Ability to add, edit and save custom JSON templates in portal with RBAC for reuse and self-service
Ability to add, edit and save custom JSON templates in portal for reuse. Currently we can do this in Visual Studio, and you can even paste those templates in to https://portal.azure.com/#create/Microsoft.Template to deploy, but it would be nice to be able to save them for repeat use in a self-service kind of scenario for developers to use by giving them RBAC access.
Also, deploying machine this way provides no way to join them to the domain, and I've had mixed results with DSC for various reasons. Need a way to join the domain at machine creation time, preferably with credentials…
11 votesThe first part of your request is under discussion – it’s something we hear frequently and are thinking about quite a bit!
For domain join, please see https://github.com/Azure/azure-quickstart-templates/tree/master/201-vm-domain-join
If you’re having issues with DSC or custom script extensions working as expected, please open an item in the Virtual Machines section – the right folks will see it there :)
- Don't see your idea?