Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

How can we improve Azure Governance?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Policy - Extend policy aliases for Microsoft.Datamigration provider

    Create aliases for objects within services/projects to allow auditing or enforcement of authentication/encryption options on new migrations.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Tree View for Management Groups hierarchies

    Add a tree view for hierarchy built in "Management Groups". The current UI is functional, but difficult to view/verify/export the actual organizational structure architects are building. A view similar to the slideware, docs, and icon for "Management Groups" would be fantastic!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Blueprint Parameters Validation

    Currently the only Blueprint Parameter validation properties that are accepted is "defaultValue" and "allowedValues". Please add the following that are supported by ARM Template Parameters and would provide a much better experience for an Blueprint Assigner:

    - minValue
    - maxValue
    - minLength
    - maxLength

    More information about the above properties can be found here: https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-authoring-templates#parameters

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  4. Select existing managed identity in Azure Policy Assignment

    When creating a policy assignment using deployIfNotExist the assignment always creates a new Managed Identity. We would like to be able to select/use an existing Managed Identity. This way we don't have to assign permissions to multiple Managed Identities and we can re-use the Managed Identity.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow adding Azure Policy initiative parameters later on (after you've saved and closed out of it)

    Presently you can only add initiative parameters upon first creation of the initiative. Once you save it and go back in to edit you can no longer add parameters. This is very inflexible and requires you to know everything you want in the initiative up front.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing backlog and also gives us insight into the potential impact of implementing the suggested feature.

  6. Add additional strongTypes for Blueprint

    Please add the following strongTypes that are supported by Azure Policy:

    storageSkus
    vmSKUs
    existingResourceGroups
    omsWorkspace

    Additionally, I would like the following:

    existingVNETs - displays existing Virtual Networks
    existingVNETSubnets - displays exiting VNET Subnets

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  7. PCI DSS 3.2.1 BluePrint

    1- After creating a blueprint by using the new PCI DSS 3.2.1 one, I've seen that the it has only the following which I believe is not the complete list. Is this an issue or it's due to being still Preview?
    *Deploy Threat Detection on SQL servers
    *Require encryption on Data Lake Store accounts
    *Allowed locations
    *Deploy Auditing on SQL servers
    *Deploy SQL DB transparent data encryption
    *Allowed locations for resource groups

    2- Will this blueprint provide guidence on what Azure Resources should used for PCI DSS Compliance? As an example the previous blueprints page was stating that ASE (App…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Policy - Support for Rego Syntax

    It would be great for companies who are working across the major cloud vendors and on AKS if Azure Policy supported the use of OPA and rego policy syntax in addition to the current json format. This would allow companies to adopt a single policy language and use it in multiple contexts.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure Policy - Need a policy alias for Microsoft.RecoveryServices/vaults/monitoringConfigurations

    In order to create an azure policy that audits recovery vaults that do not have backup alerts enabled, there should be an alias for the monitoringConfigurations property.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  10. Implement a Change Reviewer Group feature

    Lots of organisations are using code technologies like ARM Templates/PowerShell/Az CLI/Terraform to manage their Azure Tenants which can allow a team to perform a review on changes made to an environment.

    However there are organisations that currently use the Portal and only the Portal for implementing any changes to resources.

    I propose that an Azure Tenant / Subscription / Resource Group / Resource should allow for a enforced Change reviewer group feature where any changes made can need to be signed off and reviewed by another set of eyes in the team.

    This likely feels like a enhancement to the…

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add Meter Category/Service Name in resource graph

    The category type Meter category, which is available at billing modul is not available at resource graph.
    It is only the resource type category available, that is not the same as meter category.
    So it is not possible to make billing queries in billing modul and compare this with counts from resources in resource graph.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  12. Blueprints do not create managed identities for deployifnotexist policy initiatives

    Currently Azure Blueprints can assign policy initiatives but do not properly create the managed service identity for deployifnotexist policy definitions within the initiative. This needs to be corrected as that is basic functionality of a policy initiative assignment. The managed identity is created correctly if directly assigning the policy definition outside of an initiative.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  13. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to query arrays without specifying an index

    Please introduce new operators like all_of() & any_of() for array members query.

    Today I have to specify an index if I want to query alertRules with a specific property value, ie:

    where type =~ 'microsoft.insights/alertrules'
    | where properties.actions[0].sendToServiceOwners == "true"

    I would like a way to query if any or all items in the array are matching

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  15. Ability to query for role assignments in Azure Resource Graph

    Please add support for listing all role assignments

    Resource Type: Microsoft.Authorization/roleAssignments

    https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roleAssignments

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to query for custom role definitions in Azure Resource Graph

    Please add support for listing all custom role definitions

    Resource Type: Microsoft.Authorization/roleDefinitions

    https://docs.microsoft.com/en-us/azure/templates/microsoft.authorization/2017-09-01/roledefinitions

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  17. Azure Policy - Enable faster (itterative) development of Policies

    When developping Policies, testing is a very time consuming process as Policy evaluation takes place once every 30 minutes. You can trigger an on-demand scan, but it still takes a lot more time and effort than I'd like to be able to try filters and logic fast.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  18. Renaming Azure Management Group to Azure Subscription Group

    Azure Management Group should have been called/renamed to Azure Subscription Group for subscription grouping, analogous to Resource Group for resource grouping. Subscription Group is much more specific and descriptive than Management Group to indicate subscription grouping.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Management Groups  ·  Flag idea as inappropriate…  ·  Admin →
  19. Bug: If tags are appended by Built-In Policy they do not appear on UI and Powershell before you update resource tags

    Hi,

    There is a bug in Policy and Resource tags.

    If you use policies to append tags & values to Resource from Resource Group those appended tags and values do not appear in resource, before you update tags by Azure Portal UI. Right away when you example add new tag and press save button, those tags what are appended by policies appears on UI and Powershell. Not before.

    I have tested this and even next day or after two days those tags and values not appear in resource before updating tags.

    So if you want those tags and values shown…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Deploy Custom RBAC Role via Azure Blueprint

    It would be a nice feature to add Custom RBAC Role as a Azure Blueprint Artifact. Deploying custom RBAC roles currently is painful and packaging them in an Azure Blueprint would allow for a less painful and much more standarized way of deploying custom RBAC roles.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base