Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Blueprints Preview

    Question: Azure Blueprints is now in preview for 2 years. Will this be a standard feature and if so when?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  2. deny assignment to child resources through portal

    Deny assignment should be available to get edited in portal as it would be easy to change properties

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  3. Can u please give me some idea to automate azure blueprints using azure devops

    I need to change the code in code repository of azure devops in build pipeline. In release pipeline ,it should trigger ua azure blueprints and assign at particular subscription.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  4. Remove Managed Identities Role Assignments after unassigning blueprints

    After unassigning blueprints, the managed identities created for deployIfNotExists policies are deleted, but the Role Assignments in IAM are still there. This leads to Unknown Managed Identities in the control access of the subscription.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  5. Blueprints and ARM Complete mode

    Today, without the ability to specify complete mode deployments, we struggle undoing items from ARM templates. As blueprints change over time, would make our lives much easier if we didn't need to drop into Azure CLI or REST to undo changes

    https://github.com/neilpeterson/azure-blueprints-pipeline-tasks/issues/66

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow Deny Assignments for Existing Resource Groups

    Allow Deny Assignments for Existing Resource Groups - Currently deny assignments with Blueprints is only allowed for new resources. It would be really helpful if the same feature can be applied to existing resource groups.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  7. It will be useful if Blueprint can have ordering of deployment

    It will be useful if Blueprint can have ordering of deployment, for example in one template, it deploys a log analytics workspace, and I have another template deploys set of alerting targeting at this workspace. Since they are not in the same template file, the alerting template will fail, because it can't find workspace at the time of depoyment.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  8. When Unassigning an Azure Blueprint Provide Option of Removing Blueprint Created Resources

    Since a Blueprint has the ability to create multiple resources in Azure it should also have the ability to clean up those resources. Think of it as the same as deleting a ResourceGroup deletes all resources in the ResourceGroup.

    61 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  2 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  9. Discard blueprint draft

    Discard a draft for a blueprint

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow for blueprint access on management groups without seeing all other subscriptions beneath it

    We want to give access to blueprints on management groups without the user seeing all other subscription below that management group.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  11. Python SDK support

    Create a Python SDK for Azure Blueprints. Blueprints are an amazing service, and allow Azure to be directly competitive with AWS's services like Landing Zone, Control Tower, and their Account Vending Machine. Unfortunately, the lack of Python support will prevent many of the customers who are not traditional Microsoft shops from adopting this service.

    Please develop a Python, and Node, SDK!

    Thank you

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow customer to use Terraform or ARM Templates with Blueprints

    Most of my customers are using Terraform to deploy resources to Azure. Extend Blueprints to accept a .tf script as an artifact.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improve CIS Blueprints for subnet NSGs and/or clarify documentation

    CIS Blueprint policy says subnet does not have an NSG, but the portal and az CLI say it does. The policy definition refers to Microsoft.Security/complianceResults and networkSecurityGroupsOnSubnets which are not documented.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support Optional Blueprint Parameters

    Currently, all Blueprint Parameters require a value to be entered. Please support optional parameters for Blueprints. There are numerous use cases for this:


    • Deploy a VM standalone or in an Availability Set.

    • Add additional tags to resources.

    • And so on...

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  15. Either Include Custom Scripts or the Ability to Call an Automation Runbook in Azure Blueprint

    Since there are lots of configuration things that ARM Templates cannot do, it would be extremely helpful if it was possible to include a custom script, preferably PowerShell, in an Azure Blueprint. If including custom scripts is not possible, having the ability to execute an Automation Runbook would also be a good way to solve this problem.

    26 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  16. provide schema for blueprint artifact

    There should be a $schema property for blueprint artifacts. I usually author blueprints in VSCode with the Azure Resource Manager extension. It does not do proper syntax checking I'm guessing because there is no schema.

    The inner ARM template does have a schema, but that's not sufficient for clean syntax checking and command completion.

    Something like this
    {
    "kind": "template",
    "$schema": "https://schema.management.azure.com/schemas/2020-01-01/blueprintArtifactTemplate.json#",
    "properties": {

    "template": {
    

    ...
    }
    }
    }

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  17. Have Azure Blueprints that are published at the Management Group level visible at the Subscription Level

    In Azure Blueprints definitions, as a user, if I select an Azure Subscription I want to see any Blueprints that have been assigned at the Management Group levels above the subscription as well as the Subscription Blueprint definitions.

    This would provide a better view of the Blueprints that are available to be deployed in that Subscription.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  18. Deploy Custom RBAC Role via Azure Blueprint

    It would be a nice feature to add Custom RBAC Role as a Azure Blueprint Artifact. Deploying custom RBAC roles currently is painful and packaging them in an Azure Blueprint would allow for a less painful and much more standarized way of deploying custom RBAC roles.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow use of uniqueString ARM function in Blueprint template artifacts

    Allow use of uniqueString ARM function in Blueprint template artifacts.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  20. Blueprints should use Azure Template Library artifacts.

    It would be great if Blueprints could reference a template in an Azure Template Library rather than having to cut and paste the ARM template into the Blueprint.

    This way Blueprints could be made up of tested components in the library. We could even specify versions in the BluePrint to allow for better release testing.

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base