Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. It will be useful if Blueprint can have ordering of deployment

    It will be useful if Blueprint can have ordering of deployment, for example in one template, it deploys a log analytics workspace, and I have another template deploys set of alerting targeting at this workspace. Since they are not in the same template file, the alerting template will fail, because it can't find workspace at the time of depoyment.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  2. Discard blueprint draft

    Discard a draft for a blueprint

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  3. Blueprints and ARM Complete mode

    Today, without the ability to specify complete mode deployments, we struggle undoing items from ARM templates. As blueprints change over time, would make our lives much easier if we didn't need to drop into Azure CLI or REST to undo changes

    https://github.com/neilpeterson/azure-blueprints-pipeline-tasks/issues/66

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  4. provide schema for blueprint artifact

    There should be a $schema property for blueprint artifacts. I usually author blueprints in VSCode with the Azure Resource Manager extension. It does not do proper syntax checking I'm guessing because there is no schema.

    The inner ARM template does have a schema, but that's not sufficient for clean syntax checking and command completion.

    Something like this
    {
    "kind": "template",
    "$schema": "https://schema.management.azure.com/schemas/2020-01-01/blueprintArtifactTemplate.json#",
    "properties": {

    "template": {
    

    ...
    }
    }
    }

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow for blueprint access on management groups without seeing all other subscriptions beneath it

    We want to give access to blueprints on management groups without the user seeing all other subscription below that management group.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  6. Improve CIS Blueprints for subnet NSGs and/or clarify documentation

    CIS Blueprint policy says subnet does not have an NSG, but the portal and az CLI say it does. The policy definition refers to Microsoft.Security/complianceResults and networkSecurityGroupsOnSubnets which are not documented.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  7. Better support for SecureString parameters via Portal

    I am developing a Blueprint with an ARM template artifact that allocates an Azure KeyVault (along with a few other resources in the stack).


    1. I would like to initialize several secrets via "securestring" parameters from the Portal.

    2. I would like to optionally update such secrets via subsequent assignment operations from the Portal.

    To use "securestring" parameters currently, first requires initializing a reference Key Vault with the secrets in question. It's a catch-22 scenario. Also, since regular "string" type parameters show up in clear text in the deployment history, there is no secure way to initialize Key Vault secrets by simply…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow use of uniqueString ARM function in Blueprint template artifacts

    Allow use of uniqueString ARM function in Blueprint template artifacts.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  9. Ability to export Blueprint

    Ability to export Blueprint and utilise in another tenant would save extreme amount of man hours replicating them.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  10. Within a Blueprint, allow for the creation and RBAC of Resource Groups based on an array

    Suppose I have a standard set of Resource Groups that I want to be created for each subscription - think of them as team names for the sake of this example).

    Within the ARM template, I have a variable (using parameters) containing an array of team names I want to create.

    Within the blueprint, I want to be able to enumerate over this array and create the RG's using variable substitution to adhere to a naming convention. Each RG then having a consistent set of RBAC applied.

    After triggering the BluePrint, I would have the confidence that the subscription exactly…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  11. Support Optional Blueprint Parameters

    Currently, all Blueprint Parameters require a value to be entered. Please support optional parameters for Blueprints. There are numerous use cases for this:


    • Deploy a VM standalone or in an Availability Set.

    • Add additional tags to resources.

    • And so on...

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  12. Create AAD Groups with Blueprints

    How about an ability to add AAD users or groups to the current AAD tenant with Blueprints? Blueprints are currently aimed at subscription level, but how about extending this to the whole tenant?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow Deny Assignments for Existing Resource Groups

    Allow Deny Assignments for Existing Resource Groups - Currently deny assignments with Blueprints is only allowed for new resources. It would be really helpful if the same feature can be applied to existing resource groups.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  14. Exclude resource groups and/or resources when deploying a blueprint like you can with policy assignments under policy.

    Exclude resource groups and/or resources when deploying a blueprint like you can with policy assignments under policy.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  15. Granular locking of resources.

    Need the ability to have more granular locking of resources. Specifically being able to lock a VNET/subnet, but allow creation of NICs on the subnet so that users can attach to the subnet, but not modify an VNET/subnet configuration.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  16. Azure Blueprints loose blueprint level dependencies when edited in UI

    This is a bug... when you set up dependencies in blueprint.json they are removed if you subsequently edit the blueprint in the UI.


    1. Create blueprint in UI

    2. Export with AzBlueprint, set up dependencies and import

    3. Export again, dependecies are still there

    4. Edit in UI

    5. Export, dependencies are gone

    The dependency management is not a great experience at the moment, it needs to be visible in the UI, also, I the documentation should be updated to clearly state if you can make one resource group dependent on another rather than making them dependent on artifacts in another resource group.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  17. Function to get the properties of the assigned blueprint definition

    It would be useful when you could get (with a function) the properties, like the version or name, of the blueprint definition during an assignment.
    This way you could for example use this information in ARM artifact the information to tag the resources which a created by the blueprint assignment with the name and version number of the blueprint definition. So you would see directly form which blueprint definition and which version a resource was created.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support conditions on artifact level

    It would be very nice when conditions attribute can be set on a artifact like it could on resources in an ARM template. So it would be possible to deploy or not deploy artifacts based on parameter inputs or outputs from an ARM.
    Example use case:
    Blueprint creates a vNet and an AKS cluster. Then you configure an ingress controller on AKS and after that a new NSG should be deployed which locks down the vNet so only the LB of the Ingress Controller is reachable. This can be done by update the blueprint assignment and specify a parameter like…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  19. Python SDK support

    Create a Python SDK for Azure Blueprints. Blueprints are an amazing service, and allow Azure to be directly competitive with AWS's services like Landing Zone, Control Tower, and their Account Vending Machine. Unfortunately, the lack of Python support will prevent many of the customers who are not traditional Microsoft shops from adopting this service.

    Please develop a Python, and Node, SDK!

    Thank you

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow customer to use Terraform or ARM Templates with Blueprints

    Most of my customers are using Terraform to deploy resources to Azure. Extend Blueprints to accept a .tf script as an artifact.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base