Azure Governance
Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.
More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.
Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups
-
Azure Policy - Support for RegEx in Match Conditions
Right now, the "Match" and "notMatch" conditions only support # for digit placeholders and ? for letters. This is okay, but it would be much more useful to support regex expressions. This would needed for define complex naming policies and tagging standards.
37 votesIf there are specific RegEx expressions needed, please leave them in the comments below. We will be investigating the feasibility. Thanks.
-
Allow Automatic Remediation of deployIfNotExists templates
What it says on the tin... deployIfNotExists should have an option to automatically remediate the issue by deploying the appropriate resources. (and/or automatically creating and running the remediation task)
23 votes -
Support for functions in Resource Manager Policies
Support for functions in Resource Manager Policies:
{
"if": {
"field": "tags",
"exists": "false"
},
"then": {
"effect": "append",
"details": [
{
"field": "tags",
"value": { "creator": "CurrentUser()" }
},
{
"field": "tags",
"value": { "created": "DatetTime()" }
}
]
}
}21 votes -
Provide an "otherwise" effect
It would be useful to have an operator that provides the behavior:
If {conditionA} is True AND If {conditionB} is True
Then {effect}
Otherwise {no-effect}.For example, the attached file demonstrates a possible policy definition that would restrict Public IP names to only those listed and ignore names of resources that are not Public IP addresses.
The apparent behavior of the allOf operator is to require all conditions to be applied to all resources which requires anticipatory knowledge of resources currently generated by Marketplace templates. For example, the NIC is now generated automatically by the new VM wizard and the…
14 votes -
Support adding a tag to resource groups created by a blueprint
Today blueprints don't support any way of adding a tag to a created resource group in the UI or the API.
12 votesWe expect this to be available sometime in march or april depending on how development goes
-
See ARM templates in all blueprint published versions
Right now, to see what an older version of a blueprint does, we rely solely on the comments created when the version is published. This set really high standards for those comments.
It would be a great feature, if it was possible to see the ARM templates deployed in previous published versions, too determine what was actually deployed in that version.11 votes -
Support query Virtual Machines by state
Ability to query Virtual Machine resource type by state of the VM.
11 votes -
Azure Blueprint Powershell management
Managing Azure Blueprints via PowerShell or Azure Cli and not via Rest API. Makes it easier to use it with azure Automation.
10 votes -
Allow more rich symbols while using Match in Policy definition
I am using Management groups and wanted to roll out multiple naming policy.
I have various clients hence thought of a consistent manner to support and organize Resource groups/Resources in a consistent way. i.e <Cleint>-<Prod/Dev>-RGP-<Name>.
So it would sort out like
CL1-PROD-RGP-MyFirstRG
CL1-PROD-RGP-AnotherOne
CL2-DEV-RGP-NNNN
CL3-PROD-RGP-aaabut unfortunately found that match could not support a symbol which would represent letter or number in same symbol. Details can be seen in the closed feedback thread on the following page.
https://docs.microsoft.com/en-us/azure/azure-policy/scripts/allow-multiple-name-patterns
It would really help enforce a consistent naming convention.
Not sure how fast help can arrive from MS?10 votesHi Omar,
Thank you for the feedback. I will share this with the Policy team to see what options they currently have or if this is on their roadmap.Thanks
Rich -
Create Service Principals / App Registrations
Very useful for ARM deployments of services such as AKS which require an SP. Terraform does this rather well, so it would be good to see the same for Blueprints (and perhaps Azure Deployment Manager).
Or maybe just have an ARM provider type for it as that would simplify feeding the id and secret through to the service that needs it.
9 votes -
Azure Blueprints ARM Template Support
The ability to create an Azure Blueprint with an ARM Template. Additionally the ability to export Azure Blueprints as an ARM Templates. That way we can use them in a more repeatable fashion and store our definitions as IaC and deploy them with our existing deployment pipelines.
8 votes -
Integrate Azure Policy with Azure DevOps
Recently, I started working with Azure Policies. In that, am able to create Azure Policy through portal successfully and now am trying to do same with the help of Azure DevOps. According to documentation there is a chance to integrate Azure Policy with Azure DevOps, but there is no more information regarding to that.
7 votes -
Create AAD Groups
Creating groups idempotently would be great as then you could have standardised group names and use those in the Role Assignments.
7 votes -
Azure Policy Template to audit/enforce Azure Backups on VMs
Would love to get a pre-made Azure policy template to audit/enforce Azure Backups to ensure servers are not missed.
7 votes -
Support blueprint parameters in the UI
A feature where it would be possible to create "blueprint wide paramters" that can be set during the assignment would be really valuable . We create a lot of blueprints where the same parameter value is used multiple times in multiple ARM templates in a single blueprint.
This is often used in naming conventions, to set a specific suffix or prefix during assignment.6 votes -
Integrate Azure Blueprints with Azure Devops
It would be really helpful to have integration with Azure Devops. Copy pasting arm templates as artifacts is painful. Would like to be able to store my templates in Azure Devops and call them as artifacts from Azure Blueprints
6 votes -
Azure Policy based on industry governance/compliance frameworks
It would be helpful to take some of the control mapping from blueprints against industry frameworks such as PCI-DSS/NIST/etc and allow you to report compliance against those controls for each of the Azure services that exist in your environment.
Integrating something like cloudsecurityalliance.org control matrix or unifiedcompliance.com would be very helpful.
6 votes -
Visualize Resource Graph in PowerBI
I can today make querys and export to visualize in Power BI. It would be nice to somehow easier connect from Power BI to Resource Graph to visualize Resources.
5 votes -
Add ability to create Azure Dashboards from Resource Graph query
Add ability to create Azure Dashboards from Resource Graph query
5 votes -
Show Azure Policy Definition parameters on a separate tab
In a lot of situations you are only interested in viewing initiative definitions and definition parameters, not editing them.
Showing definition parameters on a separate tab would save a lot of time.5 votes
- Don't see your idea?