In a case where membership needed to be strictly controlled, the Blueprint configuration should offer an "Overwrite" option. This would remove any accounts manually added and block any accounts from being manually added.
• Account Admin role on a Subscription 1 has Amber and Brian.
• Blueprint defines the members of the Account Admin role as Amber and Chuck and is assigned to Management Group A.
• When Subscription 1 is moved to Management Group A the members of the Account Admin role is updated to Amber and Chuck3 votes
Right now, to see what an older version of a blueprint does, we rely solely on the comments created when the version is published. This set really high standards for those comments.
It would be a great feature, if it was possible to see the ARM templates deployed in previous published versions, too determine what was actually deployed in that version.16 votes
A feature where it would be possible to create "blueprint wide paramters" that can be set during the assignment would be really valuable . We create a lot of blueprints where the same parameter value is used multiple times in multiple ARM templates in a single blueprint.
This is often used in naming conventions, to set a specific suffix or prefix during assignment.11 votes
I would love to have the blueprints for resource groups as well.
To quote from your documentation:
'With Blueprints, the relationship between the blueprint definition (what should be deployed) and the blueprint assignment (what was deployed) is preserved. This connection supports improved tracking and auditing of deployments. Blueprints can also upgrade several subscriptions at once that are governed by the same blueprint.'
Replace "subscription" with "resource group" in the text above and there you have my request. :)3 votes
It should be Possible to assign the Blueprint to a Management Group. So every subscripiton with will be added to the Management Group, get automatic the blueprint assignment49 votes
Very useful for ARM deployments of services such as AKS which require an SP. Terraform does this rather well, so it would be good to see the same for Blueprints (and perhaps Azure Deployment Manager).
Or maybe just have an ARM provider type for it as that would simplify feeding the id and secret through to the service that needs it.26 votes
Creating groups idempotently would be great as then you could have standardised group names and use those in the Role Assignments.15 votes
When applying a Blueprint, have an option to limit what is visible for users to deploy in the Azure Portal6 votes
The ability to create an Azure Blueprint with an ARM Template. Additionally the ability to export Azure Blueprints as an ARM Templates. That way we can use them in a more repeatable fashion and store our definitions as IaC and deploy them with our existing deployment pipelines.33 votes
Currently the only way to register all services for a subscription, if the users dont have owner or contributor roles on them, is to run a shell command for every single subscription to register all services. Being able to do this within a blueprint would save a great amount of time when building out tenants.5 votes
- Don't see your idea?