Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more here.

Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Difference between versions

    So we use the Azure Blueprint for creating landing zones. A landing zone definition is created/modified by a developer . An Azure Admin then has to review the changes done to the definition and publish a new version but he/she has no way to see the differences that were added from the previous version.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  2. ARM & Blueprint Support for Creating Azure Active Directory Tenants

    AAD tenancy as a bulkhead between service provider and customer is a key governance pattern. Microsoft itself recommends and uses this pattern to deliver many services including Azure.

    Given the foundational nature of AAD and its implications on nearly all deployed resources, a Blueprint without the ability to create AAD tenants is like a book without a cover.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure CLI Blueprint

    When I entered a parameter with a bad pathname, I got a JSON parsing error instead of file not found.
    Error Received:
    Expecting value: line 1 column 1 (char 0)

    Command:
    az blueprint artifact policy create \
    --blueprint-name 'MyBlueprint' \
    --artifact-name 'policyTags' \
    --policy-definition-id '/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71' \
    --display-name 'Apply tag and its default value to resource groups' \
    --description 'Apply tag and its default value to resource groups' \
    --parameters artifacts\policyTags.json

    I was on a Mac and so the path separator was invalid.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  4. Can u please give me some idea to automate azure blueprints using azure devops

    I need to change the code in code repository of azure devops in build pipeline. In release pipeline ,it should trigger ua azure blueprints and assign at particular subscription.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  5. Remove Managed Identities Role Assignments after unassigning blueprints

    After unassigning blueprints, the managed identities created for deployIfNotExists policies are deleted, but the Role Assignments in IAM are still there. This leads to Unknown Managed Identities in the control access of the subscription.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  6. deny assignment to child resources through portal

    Deny assignment should be available to get edited in portal as it would be easy to change properties

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Blueprints Preview

    Question: Azure Blueprints is now in preview for 2 years. Will this be a standard feature and if so when?

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  8. It will be useful if Blueprint can have ordering of deployment

    It will be useful if Blueprint can have ordering of deployment, for example in one template, it deploys a log analytics workspace, and I have another template deploys set of alerting targeting at this workspace. Since they are not in the same template file, the alerting template will fail, because it can't find workspace at the time of depoyment.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  9. Discard blueprint draft

    Discard a draft for a blueprint

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  10. Blueprints and ARM Complete mode

    Today, without the ability to specify complete mode deployments, we struggle undoing items from ARM templates. As blueprints change over time, would make our lives much easier if we didn't need to drop into Azure CLI or REST to undo changes

    https://github.com/neilpeterson/azure-blueprints-pipeline-tasks/issues/66

    6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  11. provide schema for blueprint artifact

    There should be a $schema property for blueprint artifacts. I usually author blueprints in VSCode with the Azure Resource Manager extension. It does not do proper syntax checking I'm guessing because there is no schema.

    The inner ARM template does have a schema, but that's not sufficient for clean syntax checking and command completion.

    Something like this
    {
    "kind": "template",
    "$schema": "https://schema.management.azure.com/schemas/2020-01-01/blueprintArtifactTemplate.json#",
    "properties": {

    "template": {
    

    ...
    }
    }
    }

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow for blueprint access on management groups without seeing all other subscriptions beneath it

    We want to give access to blueprints on management groups without the user seeing all other subscription below that management group.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  13. Improve CIS Blueprints for subnet NSGs and/or clarify documentation

    CIS Blueprint policy says subnet does not have an NSG, but the portal and az CLI say it does. The policy definition refers to Microsoft.Security/complianceResults and networkSecurityGroupsOnSubnets which are not documented.

    3 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  14. Better support for SecureString parameters via Portal

    I am developing a Blueprint with an ARM template artifact that allocates an Azure KeyVault (along with a few other resources in the stack).


    1. I would like to initialize several secrets via "securestring" parameters from the Portal.

    2. I would like to optionally update such secrets via subsequent assignment operations from the Portal.

    To use "securestring" parameters currently, first requires initializing a reference Key Vault with the secrets in question. It's a catch-22 scenario. Also, since regular "string" type parameters show up in clear text in the deployment history, there is no secure way to initialize Key Vault secrets by simply…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow use of uniqueString ARM function in Blueprint template artifacts

    Allow use of uniqueString ARM function in Blueprint template artifacts.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  16. Ability to export Blueprint

    Ability to export Blueprint and utilise in another tenant would save extreme amount of man hours replicating them.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  17. Within a Blueprint, allow for the creation and RBAC of Resource Groups based on an array

    Suppose I have a standard set of Resource Groups that I want to be created for each subscription - think of them as team names for the sake of this example).

    Within the ARM template, I have a variable (using parameters) containing an array of team names I want to create.

    Within the blueprint, I want to be able to enumerate over this array and create the RG's using variable substitution to adhere to a naming convention. Each RG then having a consistent set of RBAC applied.

    After triggering the BluePrint, I would have the confidence that the subscription exactly…

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support Optional Blueprint Parameters

    Currently, all Blueprint Parameters require a value to be entered. Please support optional parameters for Blueprints. There are numerous use cases for this:


    • Deploy a VM standalone or in an Availability Set.

    • Add additional tags to resources.

    • And so on...

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  19. Create AAD Groups with Blueprints

    How about an ability to add AAD users or groups to the current AAD tenant with Blueprints? Blueprints are currently aimed at subscription level, but how about extending this to the whole tenant?

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow Deny Assignments for Existing Resource Groups

    Allow Deny Assignments for Existing Resource Groups - Currently deny assignments with Blueprints is only allowed for new resources. It would be really helpful if the same feature can be applied to existing resource groups.

    26 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3
  • Don't see your idea?

Feedback and Knowledge Base