Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

How can we improve Azure Governance?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add "evaluate" booleans to Azure Policy ARM schema definitions

    If you are working with policies, and have existing parameters and rules file from working with CLI / PowerShell, then you cannot copy and paste the JSON into the policyRule and parameters properties in Microsoft.Authorization/oplicyDefinitions. It will error.

    I suggest adding evaluatePolicyRule and evaluateParameters booleans, both defaulting to false. Also an evaluate boolean that sets both of the above, also defaulting to false.

    The tags.initiative.json shows my workaround, but it is very ugly. The tags.initiative.2.json file shows how I think it could and should look.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Prevent Owner role unless MFA enabled

    We have a requirement to ensure all Owners have MFA enabled, using Conditional access policies we can only assign Global Admins not Owners, so would appreciate a way within a management group to ensure the "owner" of the subscription has MFA enabled, which we could assign by policy instead of audit, adding enforce MFA for Owner

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Get policy state return all objects

    When getting policy state it only returns non-compliant objects. If the results returned all objects it would be easier to get an overview of compliance status for the environment.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Policy - Extend policy aliases for Microsoft.Datamigration provider

    Create aliases for objects within services/projects to allow auditing or enforcement of authentication/encryption options on new migrations.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure Policy - Need a policy alias for Microsoft.RecoveryServices/vaults/monitoringConfigurations

    In order to create an azure policy that audits recovery vaults that do not have backup alerts enabled, there should be an alias for the monitoringConfigurations property.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Bug: If tags are appended by Built-In Policy they do not appear on UI and Powershell before you update resource tags

    Hi,

    There is a bug in Policy and Resource tags.

    If you use policies to append tags & values to Resource from Resource Group those appended tags and values do not appear in resource, before you update tags by Azure Portal UI. Right away when you example add new tag and press save button, those tags what are appended by policies appears on UI and Powershell. Not before.

    I have tested this and even next day or after two days those tags and values not appear in resource before updating tags.

    So if you want those tags and values shown…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Append for azure policy works only creation.Update whould also be possible

    Currently if we want to enforce the policy to copy the RG tags to the child resources is possible but it is not possible to copy the Rg tags to the existing resources. It would be good to have it.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  8. guest configuration

    Provide more samples for VM Guest Configuration. Currently there is only 1

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
2 Next →
  • Don't see your idea?

Feedback and Knowledge Base