Azure Resource Manager

How can we improve the Azure Resource Manager?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Support ARM Template Deployments on Management Group Scope

    Azure Resources can be deployed on subscription or resource group level, but not on management group level.
    My particular use case is the deployment of Policy Definitions & Assignments using ARM Templates. While the deployment succeeds, it's not possible to define a management group as the deployment scope. As a result, the policy definition has the subscription assigned as scope and cannot be assigned on a management group level.
    The API version 2018-05-01 supports the argument "managementGroupId". https://docs.microsoft.com/en-us/rest/api/resources/policydefinitions/createorupdateatmanagementgroup

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Increase Keyvault Reference Limit in Parameters from 29 to 60+

    As of right now, the communicated limit for keyvault references in a parameters file is "30", but is actually in practice 29 (appears to be a bug?).

    This limitation is quite low for mature systems. Take, for example, the following potential data points:

    - Multiple SQL ids/passwords, storage account keys, AI instrumentation, Redis cache credentials, etc. for connection strings
    - App to app communication creds/API keys
    - Programmatically created dynamically named/numbered resources
    - References to signing keys for different purposes

    Many of the clients I work with are struggling with this issue, which seems easily fixable by increasing the limit…

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog. Since this request came out of an escalation, I’ve engaged the feature owner to take a look and suggest next best step to validate and resolve the reported bug.

  3. Allow Renaming of Azure Resources

    Allow for the renaming of Azure resources such as VNET, Subnet, Resource Group, Network Security Group, Load Balancer, etc..

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support HashTables in Azure Resource Manager (ARM) JSON Templates

    It would be really great if Azure Resource Manager (ARM) JSON Templates supported HashTable variables, in addition to the other primitive types.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support tags for individual machines in a Scaleset.

    In AWS for example, an instance in an auto scaling group is exactly the same as any other instance and can be referenced individually by it's instance ID. Additionally, Azure itself has a unique "name" identifier for each instance in a Scaleset, why not just add this as it's resource identifier as well? It seems that It's impossible to individually tag instance in Azure VMSS as there is no resource type for VMSS instance, just for the type of Microsoft.Compute/virtualMachineScaleSets.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Set schedule to delete deployments history

    Currently, The deployment history limits are 800 per resource group so if we will use many resources for long term, we might be upper limit.
    I hope we can use a feature that setting schedule to delete the history.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Deployment Manager  ·  Flag idea as inappropriate…  ·  Admin →
  7. Ability to retrieve Principal ID

    In my ARM template I am provisioning Key Vault and I need the user that is deploying the ARM template to be added as a Principal.

    Since there is currently no way to retrieve the Principal ID from the ARM template we currently have to add the Principal manually.

    I would rather automate this step by getting the Principal Id similar to how we can get the subscription ID (subscription().subscriptionId). Something like principal().principalId

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support functions within the definition of parameters...

    For example, instead of this...

    "locations": {
    "type": "array",
    "minLength": 1,
    "allowedValues": [
    "westus",
    "eastus",
    ...
    ]
    }

    ... I'd prefer to write something like this:

    "locations": {
    "type": "array",
    "minLength": 1,
    "allowedValues": "[providers('Microsoft.Web', 'serverfarms').Locations]"
    }

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add nested resource groups

    I would like to have nested resource groups. A scenario in which this can be usefull is in DTAP. You can create a resource group for the application/service; and within that resourcegroup you could create resource groups for all the DTAP stages. For Example: A resourcegroup called "MyApp" with resourcegroups "Dev", "Test", "Production" in it.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Full Power BI Embedded Workspace ARM Template support

    I need the ability of creating Azure Power BI Embedded workspace resources using ARM Templates. Both flat and nested templates must be supported. I need the ability of setting Web App/API App/ Functions App Application Settings during deployment using the nested Power BI Embedded ARM template output parameters.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  11. Change the location

    Change the location for example change App service from western Europe to north Europe.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  12. Add Set-AzSubscription cmdlet to Azure PowerShell AZ Module

    New Azure PowerShell module (AZ) has a cmdlet (Get-AzSubscription) to get list of all the Azure subscriptions. I did not find similar (Set-AzSubscription) cmdlet which I could have then used / piped along with Get-AzSubscription cmdlet to change active subscription. I have to rather use Set-AzContext cmdlet to do the same. Set-AzContext though does have its counterpart Get-AzContext to get current subscription information.

    Point is every 'get' cmdlet should be paired with a 'set' cmdlet to make it easy for user to understand its purpose.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  13. Make the -whatif flag for Template Deployments report changes

    When running the New-AzureRmResourceGroupDeployment powershell command, the -whatif flag exists; however, it only reports that a deployment will be created with $name.
    It would be extremely convenient to run a ReadOnly deployment, which fully analyzes the template and all linked templates, and identifies every change that will be performed. By using this handy switch, unexpected production-level changes could be avoided.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Improve provisioning of Power BI workspace collection through ARM template

    Right now we can provision a Power BI workspace collection through ARM template. But once the collection is there we get an error if we execute the template again. In general this is not the behavior for the other resources and probably needs to be changed. You can see here more for info. https://stackoverflow.com/questions/42209695/error-when-updating-a-powerbi-workspace-collection-from-an-arm-template

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Remove DNS Zone 'child' records (CNAMEs, etc) with Complete Deployments

    https://stackoverflow.com/questions/49073063/

    Expectation: If a template is deployed in Complete mode, Resources which are not represented in the template should be removed.

    Actual: Once a child resource (like CNAME) is deployed with an ARM Template, it cannot be removed with an ARM Template, regardless of the Deployment Mode.

    This effectively breaks a core tenet of ARM Templates+Deployments and requires additional an out-of-band control/automation plane.

    While this behavior /can/ vary across Resource Providers, I haven't seen a good argument for why it /should be/ inconsistently implemented, especially without the capacity to control the behavior.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to use a naming convention pattern in Azure

    It could be useful to define per subscription/per resource group/ or per object level a naming convention pattern in order to facilitate the naming and coherency of objects in Azure.
    Using a prefix / suffix / incremental / regexp patterns

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow a securestring parameter to be returned inside an object in the outputs section and remain as a securestring

    Imagine a scenario where you have a template parameter (let's call it assetsSasToken) of type securestring. You want assetsSasToken to be included into a complex object and be returned in the outputs section while remaining a securestring. Right now if you attempt this, the value of assetsSasToken returned as part of the complex object is not secured anymore.

    Here is now to reproduce the problematic scenario:

    {
    "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
    "assetsSasToken": {
    "type": "securestring",
    "defaultValue": "?someSasToken",
    "metadata": {
    "description": "SAS Token associated with parameters artifactsLocation"
    }
    }
    },
    "variables": { },
    "resources": [ ],
    "outputs":…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  18. Use a DSL rather than JSON for authoring templates

    Scrap the JSON thing and use a DSL with real language features for declaring the templates.

    The syntax itself can be compressed and much easier to use. (for example defining a parameters or a variables without unnecessary syntactic sugar or properties in properties)

    Replace concat with full expressions (and partly numeric ones for easier construction of names) and skip all the variable('xx') and parameter('ccc') and just use the names (xx, ccc) directly in expressions.

    Replace the copy/copyIndex thing with a flexible iterator definition that allows you to use any sequence of values as input (custom number sequences, custom arrays etc)

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Resource Namespace Pollution

    Currently, all resources (storage, redis, websites, etc.) require that I come up with a unique name for the service that will be suffixed by something related to the resource type. The naming restrictions on these varies but tends to be short and often disallows anything other than alphabetic characters.

    After creating a handful of Azure resources, I quickly run into problems with coming up with new names for my resources that are meaningful yet not already taken by someone else. I am very close to just generating random character sequences for names and giving up on having them be usefully…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  20. ARM Template Builder GUI

    As a User, it would be nice to build ARM Templates in a visual way. This would allow me to connect resources together, whether they exist or will need to be created at the time of building the template.

    Example:
    Create an Azure Function App that has HTTP Trigger, with Queue Storage as ingress and Table Storage as egress. Managed by APIM.

    This would create a template for me and deploy the resources as well. I could then define specifics within the interface I am creating the template visually.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Azure Resource Manager

Feedback and Knowledge Base