Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Evaluate a condition of Azure policy rules from powershell / az cli

    When creating policies it would be convenient to test our condition locally by targeting a specific resource group for exemple.

    Currently we should create the policy and assign it and wait for the the result.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure Policy initiatives - Remediate multiple policies within an initiative

    When assigning a new initiative the remediation task only evaluates a single policy rather than allowing multiple policies to be selected for remediation.

    The process at the moment is to remediate just one policy then the user must create multiple subsequent remediation tasks to evaluate the others one by one.

    What would be useful is the ability to ‘select all’ and/or select multiple policies to remediate as a single action while assigning a new initiative.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  3. make it easy to change name for newly added artifacts

    Currently when you add anything new, like templates, policy.
    the name (not display) is a random string, and it can not be displayed or changed via portal.
    please make it easy to change from portal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  4. deny public network access

    Instead of audit, it would be nice to have a deny public network access option for resources especially in the PaaS or Storage Accounts to name a few. I didn't see any except to audit it. Not sure if I understand this area quite well but I thought this is a need possibly (or is that an NSG or deny public on a VNETinstead).

    I understand there is a switch when say creating a resource like say a PostgreSQL or SQL, etc and I understand that there is now a Private EndPoint feature. But why not just deny public network…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  5. 5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  6. CIS summary

    Having multiple subscriptions that need CIS hardening we would like to have the option to have a summary of the CIS blueprints that are assigned to subscriptions. Just like the one in the security center (regularory compliance) but for the blueprint(s) that can be created and can be assigned individually.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Resource Graph: Add support for the semi and anti flavors to the join operator

    While leftsemi/anti and rightsemi/anti are part of KQL for the join operator, they aren't supported by Resource Graph. Only innerunique, inner, and leftouter are supported.
    https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/joinoperator?pivots=azuredataexplorer#join-flavors

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Resource Graph - Limitations in the Result Set

    Query results return only 1000 records

    Resource Graph limits any query to returning only 1000 records. This can be extended to the exact output values or the commands like First and Skip should be added with Kusto as well to exactly see the data.

    Also we are not able to use the MAP Visualization, as none of the Data set is matching with it. Can you add a demo for it as well.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  9. Provide ability to list Storage Account shares and containers in Resource Graph

    Provide ability to query Microsoft.Storage storageAccounts/blobServices/containers type

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  10. It will be useful if Blueprint can have ordering of deployment

    It will be useful if Blueprint can have ordering of deployment, for example in one template, it deploys a log analytics workspace, and I have another template deploys set of alerting targeting at this workspace. Since they are not in the same template file, the alerting template will fail, because it can't find workspace at the time of depoyment.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  11. Compliance reason for Deny policies

    Deny policies should not be shown as non-compliant if Current Value is the same as Target Value. In fact Deny policies should not be even included in the compliance data, as the effect is deny/prevention.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  12. Fix TitleCase issue in preview Azure Security Center Initiative Policy

    The new Built-In Policy [Preview]: Manage certificate validity period (/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560), has a parameter certificatesValidityPeriodMonitoringEffect having allowed values: 'audit', 'deny', 'disabled', whereas all the other policies have values with TitleCase capitals, like: 'AuditIfNotExists', 'Disabled'. As we are running scripts to automatically activate of disabled policies by setting parameters for the initiative Enable Monitoring in Azure Security Center (/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8), the routine now fails, most likely due to Case Sensitivity, showing the error: PolicyParameterValueNotAllowed : The value 'Audit' is not allowed for policy parameter 'certificatesValidityPeriodMonitoringEffect' in policy definition '1f3afdf9-d0c9-4c3d-847f-89da613e70a8'. The allowed values are 'audit, deny, disabled'. CorrelationId: 3aa33bae-fd0a-4a58-9f55-c201bd0d9609.

    The issue has been submitted…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  13. I'd like to leverage the resource graph explorer tool to be able to analyse cost and expenditures.

    I want to be able to create graphs that show details on cost and expenditures.
    how much are resources X costing me, if i make these changes how will that price change, so on and so on .

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure Resource Graph VLookup with external sources

    Here is the Use case - My Organization has 100 Subscriptions and each Subscription is assigned to a Different team. I am having a mapping in excel file which says the team owning the subscription. Now my team requested me to send a report on the total number of IaaS machines owned by each team. Currently how I am doing is (1)run the Azure Resource Graph query to get count() of VM's across each subscription. (2)Download the results as a CSV file, (3)do a VLookup against subscription so that I get the team owning the subscription.(4) Generate Report.

    Instead, It…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  15. Get Cost Details of Each Resource Per Day

    I am looking for a way to get cost of each Resource via Resource Graph API. We are extensively using Azure Consumption API's and preparing different kinds of Dashboards. If we have the ability to pull cost related data via Azure Resource Graph that would be saving lots of time.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  16. is there any logic apps connector is available ?

    how we can schedule export the result of the resource graph? or is there any logic apps connector available.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  17. Discard blueprint draft

    Discard a draft for a blueprint

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  18. Blueprints and ARM Complete mode

    Today, without the ability to specify complete mode deployments, we struggle undoing items from ARM templates. As blueprints change over time, would make our lives much easier if we didn't need to drop into Azure CLI or REST to undo changes

    https://github.com/neilpeterson/azure-blueprints-pipeline-tasks/issues/66

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  19. Guideline Export/Display

    Between Azure policy and Security Center - the export of what is or is not in compliance is now available, however there's no assistance to the individual(s) provisioning the services on how to make sure they’re provisioning accordingly.
    At the moment, individuals are provisioning services which are then appearing as out of compliance when reports are ran and shared.
    Proposal: export/display of Guidelines based on policies to azure service, its effect, and possible link to a regulatory compliance.
    Example:
    SQL (Service)
    • Policy A | Deny | NIST
    • Policy B | Deny | HIPPA, DoD
    • Policy C |…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Pin Overall Resource Compliance to Dashboards

    Be able to pin the Overall Resource Compliance percentage to Dashboards to allow quick access for Stakeholders

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 8 9
  • Don't see your idea?

Feedback and Knowledge Base