Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Store resource changes for more than 14 days

    Ability to store Azure resource changes for more than 14 days

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  2. Python SDK support

    Create a Python SDK for Azure Blueprints. Blueprints are an amazing service, and allow Azure to be directly competitive with AWS's services like Landing Zone, Control Tower, and their Account Vending Machine. Unfortunately, the lack of Python support will prevent many of the customers who are not traditional Microsoft shops from adopting this service.

    Please develop a Python, and Node, SDK!

    Thank you

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  3. Have Azure Blueprints that are published at the Management Group level visible at the Subscription Level

    In Azure Blueprints definitions, as a user, if I select an Azure Subscription I want to see any Blueprints that have been assigned at the Management Group levels above the subscription as well as the Subscription Blueprint definitions.

    This would provide a better view of the Blueprints that are available to be deployed in that Subscription.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support querying of deleted resources via the Azure Resource Graph

    It would be useful if you could query for deleted resources via the ARG. For example:

    `where deleted == true`

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Automatic Remediation of deployIfNotExists templates

    What it says on the tin... deployIfNotExists should have an option to automatically remediate the issue by deploying the appropriate resources. (and/or automatically creating and running the remediation task)

    52 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  4 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure Policy - Support for Rego Syntax

    It would be great for companies who are working across the major cloud vendors and on AKS if Azure Policy supported the use of OPA and rego policy syntax in addition to the current json format. This would allow companies to adopt a single policy language and use it in multiple contexts.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Resource Graph: Incorporate more Tabular operators from Kusto, like Join

    Per https://docs.microsoft.com/en-us/azure/governance/resource-graph/concepts/query-language#supported-tabular-operators - there's a limited selected of Tabular operators that work in Azure Resource Graph. It would be beneficial if additional operators, such as Join, are supported.
    Example: If I wanted to pull all VMs and their private IP address, I would need to join the VM with the NIC resource to pull both properties in a single report

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Policy - Export compliance report to CSV

    Add an export to CSV button to the policy compliance screen. The Policy screens can be quite cluttered and clunky. But I can get compliance data from multiple assignments at once. I would like to be able to then export that compliance data so that I can slice and dice the data, augment the data and steward compliance (say in a new policy roll-out) from Excel.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Implement a Change Reviewer Group feature

    Lots of organisations are using code technologies like ARM Templates/PowerShell/Az CLI/Terraform to manage their Azure Tenants which can allow a team to perform a review on changes made to an environment.

    However there are organisations that currently use the Portal and only the Portal for implementing any changes to resources.

    I propose that an Azure Tenant / Subscription / Resource Group / Resource should allow for a enforced Change reviewer group feature where any changes made can need to be signed off and reviewed by another set of eyes in the team.

    This likely feels like a enhancement to the…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  10. Azure policy effect "deny" doesn't work on API call"delete"

    Hello,

    Currently Azure policy effect "deny" doesn't work on API call "delete". This creates issues when cx's create policies with deny effect. For example, when we try to create a policy which prevent users from disconnecting "VNET INTEGRATION", the operation which takes place is Delete(Microsoft.Web/sites/networkconfig/virtualNetwork).

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure Policy - Enable faster (itterative) development of Policies

    When developping Policies, testing is a very time consuming process as Policy evaluation takes place once every 30 minutes. You can trigger an on-demand scan, but it still takes a lot more time and effort than I'd like to be able to try filters and logic fast.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  12. Deploy Custom RBAC Role via Azure Blueprint

    It would be a nice feature to add Custom RBAC Role as a Azure Blueprint Artifact. Deploying custom RBAC roles currently is painful and packaging them in an Azure Blueprint would allow for a less painful and much more standarized way of deploying custom RBAC roles.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  13. Either Include Custom Scripts or the Ability to Call an Automation Runbook in Azure Blueprint

    Since there are lots of configuration things that ARM Templates cannot do, it would be extremely helpful if it was possible to include a custom script, preferably PowerShell, in an Azure Blueprint. If including custom scripts is not possible, having the ability to execute an Automation Runbook would also be a good way to solve this problem.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  14. Tree View for Management Groups hierarchies

    Add a tree view for hierarchy built in "Management Groups". The current UI is functional, but difficult to view/verify/export the actual organizational structure architects are building. A view similar to the slideware, docs, and icon for "Management Groups" would be fantastic!

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support conditions on artifact level

    It would be very nice when conditions attribute can be set on a artifact like it could on resources in an ARM template. So it would be possible to deploy or not deploy artifacts based on parameter inputs or outputs from an ARM.
    Example use case:
    Blueprint creates a vNet and an AKS cluster. Then you configure an ingress controller on AKS and after that a new NSG should be deployed which locks down the vNet so only the LB of the Ingress Controller is reachable. This can be done by update the blueprint assignment and specify a parameter like…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  16. Blueprints should use Azure Template Library artifacts.

    It would be great if Blueprints could reference a template in an Azure Template Library rather than having to cut and paste the ARM template into the Blueprint.

    This way Blueprints could be made up of tested components in the library. We could even specify versions in the BluePrint to allow for better release testing.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  17. Allow Resource Graph to target all subscriptions or a management group

    Currently, the Resource Graph API expect a list of subscription IDs to be passed in as part of the request body. This is very troublesome when you need to query all subscriptions in a tenant or a management group. Please add support for allowing wildcard for the subscriptions value i.e. "*", and extend the support for management groups.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  18. Use Search-AzGraph to find Resource Groups and MetaData

    For faster and more complex queries I need to find Resource Groups using Graph. E.g. show me all Resource Groups with tag X across my tenant. Looping through 200 subscriptions is very time consuming. Also hope that it will allow more complex queries comparing resource tag values to Resource Group tag values.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  19. Ability to query for role assignments in Azure Resource Graph

    Please add support for listing all role assignments

    Resource Type: Microsoft.Authorization/roleAssignments

    https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roleAssignments

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  20. Resource Changes: Track resource move

    Create a change log when a resource is moved to a different resource group and maintain its history from before it moved

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6
  • Don't see your idea?

Feedback and Knowledge Base