Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

How can we improve Azure Governance?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Provide an "otherwise" effect

    It would be useful to have an operator that provides the behavior:
    If {conditionA} is True AND If {conditionB} is True
    Then {effect}
    Otherwise {no-effect}.

    For example, the attached file demonstrates a possible policy definition that would restrict Public IP names to only those listed and ignore names of resources that are not Public IP addresses.

    The apparent behavior of the allOf operator is to require all conditions to be applied to all resources which requires anticipatory knowledge of resources currently generated by Marketplace templates. For example, the NIC is now generated automatically by the new VM wizard and the…

    13 votes
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)

      We’ll send you updates on this idea

      0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
    • Support adding a tag to resource groups created by a blueprint

      Today blueprints don't support any way of adding a tag to a created resource group in the UI or the API.

      11 votes
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)

        We’ll send you updates on this idea

        0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
      • See ARM templates in all blueprint published versions

        Right now, to see what an older version of a blueprint does, we rely solely on the comments created when the version is published. This set really high standards for those comments.
        It would be a great feature, if it was possible to see the ARM templates deployed in previous published versions, too determine what was actually deployed in that version.

        10 votes
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)

          We’ll send you updates on this idea

          0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
        • Allow Automatic Remediation of deployIfNotExists templates

          What it says on the tin... deployIfNotExists should have an option to automatically remediate the issue by deploying the appropriate resources. (and/or automatically creating and running the remediation task)

          10 votes
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)

            We’ll send you updates on this idea

            0 comments  ·  Flag idea as inappropriate…  ·  Admin →
          • Create Service Principals / App Registrations

            Very useful for ARM deployments of services such as AKS which require an SP. Terraform does this rather well, so it would be good to see the same for Blueprints (and perhaps Azure Deployment Manager).

            Or maybe just have an ARM provider type for it as that would simplify feeding the id and secret through to the service that needs it.

            9 votes
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)

              We’ll send you updates on this idea

              2 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
            • Support query Virtual Machines by state

              Ability to query Virtual Machine resource type by state of the VM.

              8 votes
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)

                We’ll send you updates on this idea

                0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
              • Allow more rich symbols while using Match in Policy definition

                I am using Management groups and wanted to roll out multiple naming policy.
                I have various clients hence thought of a consistent manner to support and organize Resource groups/Resources in a consistent way. i.e <Cleint>-<Prod/Dev>-RGP-<Name>.
                So it would sort out like
                CL1-PROD-RGP-MyFirstRG
                CL1-PROD-RGP-AnotherOne
                CL2-DEV-RGP-NNNN
                CL3-PROD-RGP-aaa

                but unfortunately found that match could not support a symbol which would represent letter or number in same symbol. Details can be seen in the closed feedback thread on the following page.

                https://docs.microsoft.com/en-us/azure/azure-policy/scripts/allow-multiple-name-patterns

                It would really help enforce a consistent naming convention.
                Not sure how fast help can arrive from MS?

                8 votes
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)

                  We’ll send you updates on this idea

                  1 comment  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
                • Support blueprint parameters in the UI

                  A feature where it would be possible to create "blueprint wide paramters" that can be set during the assignment would be really valuable . We create a lot of blueprints where the same parameter value is used multiple times in multiple ARM templates in a single blueprint.
                  This is often used in naming conventions, to set a specific suffix or prefix during assignment.

                  6 votes
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)

                    We’ll send you updates on this idea

                    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
                  • Create AAD Groups

                    Creating groups idempotently would be great as then you could have standardised group names and use those in the Role Assignments.

                    6 votes
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)

                      We’ll send you updates on this idea

                      1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
                    • Azure Blueprints ARM Template Support

                      The ability to create an Azure Blueprint with an ARM Template. Additionally the ability to export Azure Blueprints as an ARM Templates. That way we can use them in a more repeatable fashion and store our definitions as IaC and deploy them with our existing deployment pipelines.

                      6 votes
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)

                        We’ll send you updates on this idea

                        1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
                      • Support using Azure Blueprints without requiring Managment Groups

                        For customers like us not using Management Groups it is hard to try/use Azure Blueprints.

                        6 votes
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)

                          We’ll send you updates on this idea

                          3 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
                        • Add ability to create Azure Dashboards from Resource Graph query

                          Add ability to create Azure Dashboards from Resource Graph query

                          5 votes
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)

                            We’ll send you updates on this idea

                            1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
                          • Show Azure Policy Definition parameters on a separate tab

                            In a lot of situations you are only interested in viewing initiative definitions and definition parameters, not editing them.
                            Showing definition parameters on a separate tab would save a lot of time.

                            5 votes
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)

                              We’ll send you updates on this idea

                              2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
                            • Integrate Azure Policy with Azure DevOps

                              Recently, I started working with Azure Policies. In that, am able to create Azure Policy through portal successfully and now am trying to do same with the help of Azure DevOps. According to documentation there is a chance to integrate Azure Policy with Azure DevOps, but there is no more information regarding to that.

                              4 votes
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)

                                We’ll send you updates on this idea

                                0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
                              • Azure Blueprint Powershell management

                                Managing Azure Blueprints via PowerShell or Azure Cli and not via Rest API. Makes it easier to use it with azure Automation.

                                4 votes
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)

                                  We’ll send you updates on this idea

                                  started  ·  0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
                                • Limit Portal View

                                  When applying a Blueprint, have an option to limit what is visible for users to deploy in the Azure Portal

                                  4 votes
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)

                                    We’ll send you updates on this idea

                                    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
                                  • Allow blueprints to register services within subscriptions

                                    Currently the only way to register all services for a subscription, if the users dont have owner or contributor roles on them, is to run a shell command for every single subscription to register all services. Being able to do this within a blueprint would save a great amount of time when building out tenants.

                                    4 votes
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)

                                      We’ll send you updates on this idea

                                      2 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
                                    • Azure Policy based on industry governance/compliance frameworks

                                      It would be helpful to take some of the control mapping from blueprints against industry frameworks such as PCI-DSS/NIST/etc and allow you to report compliance against those controls for each of the Azure services that exist in your environment.

                                      Integrating something like cloudsecurityalliance.org control matrix or unifiedcompliance.com would be very helpful.

                                      4 votes
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)

                                        We’ll send you updates on this idea

                                        1 comment  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
                                      • Azure Policy template for all options available in the Azure portal

                                        Allow Azure Policies to be created by having a "generate policy" option available next to each option available in the Azure portal. Every configuration item should have the ability to be created as a policy and making this easy through the portal for each Azure component and option would make it easy to manage configuration compliance.

                                        4 votes
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)

                                          We’ll send you updates on this idea

                                          0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
                                        • Azure Policy template for auditing/restricting public blob sharing

                                          Currently, Azure storage allows for the public sharing of blobs. It would be great to be able to use Azure policy to detect (and remediate) this feature.

                                          4 votes
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)

                                            We’ll send you updates on this idea

                                            0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
                                          ← Previous 1
                                          • Don't see your idea?

                                          Feedback and Knowledge Base