Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add License data on Azure Resource Graph Explorer query

    Add License data on Azure Resource Graph Explorer query, because my customer needs to create alerts about that

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  2. Microsoft should allow for one or more Azure management groups to be added to one subscription.

    Currently, a subscription is linked to one management group and the management group structure stops. If you allow for one or more management groups under a subscription, you can then organize one or more resource groups to a management group. This would allow for solutions to have a management group and be able to control access and governance at the solution level, not at a subscription level.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Management Groups  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure Policy: Custom Rules

    AWS Config has the ability to define custom rules, where the rule evaluation is run within a lambda function: https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html

    It would be nice if Azure Policy had an equivalent capability--that way, arbitrarily complex evaluations could be defined by using a language such as python instead of being limited to what the policy definition's JSON language supports

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Storage File share available in resource graph

    Right now, the file share information of a storage account is not available in the resource graph.
    ie. it would allow to list the file share of a subscription, compute the global storage size or simulate the pricing.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure Resource Graph - Support query for backup status

    Add the ability to query backup status from Azure Resource Graph and therefore see status for multiple vaults in a unique dashboard

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add Subscription RBAC Management Access using ARG

    Currently I am not able to find way to get details of the access control for the subscriptions to be queried using the Azure Resource Graph explorer.

    Example: Requirement to have subscription Name, Group or user name, Access level (Owner, reader, contributor etc.)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  7. Grafana plugin for Resource Graph

    We love the Grafana plugins for Log Analytics, Appinsights, ADE. Can we see a plugin for Azure Resource Graph next?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Policy Initiatives - allow Policy exclusion changes

    An initiative contains multiple policies, and need to be able to exclude application of a child policy while maintaining enforcement of the other policies within. Today, it is 'all or nothing' application of the initiative.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Support query Hybrid worker groups

    I would like to query all hybrid worker groups

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support query AAD App Registrations and AAD Groups.

    I would like to query to find AAD App Registrations and AAD Groups. We would use this to replace how we are automating orphaned app regisrations and unassigned AAD groups.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  11. Better support for SecureString parameters via Portal

    I am developing a Blueprint with an ARM template artifact that allocates an Azure KeyVault (along with a few other resources in the stack).


    1. I would like to initialize several secrets via "securestring" parameters from the Portal.

    2. I would like to optionally update such secrets via subsequent assignment operations from the Portal.

    To use "securestring" parameters currently, first requires initializing a reference Key Vault with the secrets in question. It's a catch-22 scenario. Also, since regular "string" type parameters show up in clear text in the deployment history, there is no secure way to initialize Key Vault secrets by simply…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  12. Provide alternative to Policy Aliases

    Provide an alternative to Policy Aliases for fields that need to evaluated during policy rule conditions. Ideally using a function that supports a custom path (for example such as: "Microsoft.Logic/workflows/definition/triggers/manual/kind").

    This will allow for more advanced conditions to be created for policy evaluations without first having to contact Microsoft support (and raise a support ticket) for each new alias needed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  13. Give 'Management group contributor' delete rights on the Management Group

    Management group contributor should have delete rights on the management group. This is currently not the case.

    'Not authorized to delete'.

    Or else, foresee another Role that has delete rights on the Management Group, without being distributed to the subscriptions below (eg. the owner can delete the group, but is immediately owner in the underlying subscriptions as well).

    Thanks !
    T

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Management Groups  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow use of uniqueString ARM function in Blueprint template artifacts

    Allow use of uniqueString ARM function in Blueprint template artifacts.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  15. Include expanded instance view information into virtual machines response

    It would be very useful to include properties.instanceView into base response for 'Microsoft.Compute/virtualMachines'. It's not efficient enough to get instance statuses for each machine in separate API call. Moreover I didn't find an ability to retrieve this property via GraphAPI at all.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  16. KQL to query Azure VM's status

    Would like a way to use Azure Resource Graph to query all VM's and filter out deallocated VM's (VM status).

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability to export Blueprint

    Ability to export Blueprint and utilise in another tenant would save extreme amount of man hours replicating them.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  18. Within a Blueprint, allow for the creation and RBAC of Resource Groups based on an array

    Suppose I have a standard set of Resource Groups that I want to be created for each subscription - think of them as team names for the sake of this example).

    Within the ARM template, I have a variable (using parameters) containing an array of team names I want to create.

    Within the blueprint, I want to be able to enumerate over this array and create the RG's using variable substitution to adhere to a naming convention. Each RG then having a consistent set of RBAC applied.

    After triggering the BluePrint, I would have the confidence that the subscription exactly…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support Optional Blueprint Parameters

    Currently, all Blueprint Parameters require a value to be entered. Please support optional parameters for Blueprints. There are numerous use cases for this:


    • Deploy a VM standalone or in an Availability Set.

    • Add additional tags to resources.

    • And so on...

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure Policy - Support for Array type in Like conditions

    like only works with strings, not arrays per Azure Policy conditions.

    It should work with arrays with a wild card
    [
    "Microsoft.Compute/",
    "Microsoft.Resources/
    ",
    "Microsoft.Sql/",
    "Microsoft.Network/
    "
    ]

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base