Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

How can we improve Azure Governance?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Policy - Support for RegEx in Match Conditions

    Right now, the "Match" and "notMatch" conditions only support # for digit placeholders and ? for letters. This is okay, but it would be much more useful to support regex expressions. This would needed for define complex naming policies and tagging standards.

    79 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  17 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Automatic Remediation of deployIfNotExists templates

    What it says on the tin... deployIfNotExists should have an option to automatically remediate the issue by deploying the appropriate resources. (and/or automatically creating and running the remediation task)

    43 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  5 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support for functions in Resource Manager Policies

    Support for functions in Resource Manager Policies:

    {
    "if": {
    "field": "tags",
    "exists": "false"
    },
    "then": {
    "effect": "append",
    "details": [
    {
    "field": "tags",
    "value": { "creator": "CurrentUser()" }
    },
    {
    "field": "tags",
    "value": { "created": "DatetTime()" }
    }
    ]
    }
    }

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support query Virtual Machines by state

    Ability to query Virtual Machine resource type by state of the VM.

    23 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  5. Visualize Resource Graph in PowerBI

    I can today make querys and export to visualize in Power BI. It would be nice to somehow easier connect from Power BI to Resource Graph to visualize Resources.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  6. Provide an "otherwise" effect

    It would be useful to have an operator that provides the behavior:
    If {conditionA} is True AND If {conditionB} is True
    Then {effect}
    Otherwise {no-effect}.

    For example, the attached file demonstrates a possible policy definition that would restrict Public IP names to only those listed and ignore names of resources that are not Public IP addresses.

    The apparent behavior of the allOf operator is to require all conditions to be applied to all resources which requires anticipatory knowledge of resources currently generated by Marketplace templates. For example, the NIC is now generated automatically by the new VM wizard and the…

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Blueprints should use Azure Template Library artifacts.

    It would be great if Blueprints could reference a template in an Azure Template Library rather than having to cut and paste the ARM template into the Blueprint.

    This way Blueprints could be made up of tested components in the library. We could even specify versions in the BluePrint to allow for better release testing.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Blueprints ARM Template Support

    The ability to create an Azure Blueprint with an ARM Template. Additionally the ability to export Azure Blueprints as an ARM Templates. That way we can use them in a more repeatable fashion and store our definitions as IaC and deploy them with our existing deployment pipelines.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  9. Create Service Principals / App Registrations

    Very useful for ARM deployments of services such as AKS which require an SP. Terraform does this rather well, so it would be good to see the same for Blueprints (and perhaps Azure Deployment Manager).

    Or maybe just have an ARM provider type for it as that would simplify feeding the id and secret through to the service that needs it.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  10. See ARM templates in all blueprint published versions

    Right now, to see what an older version of a blueprint does, we rely solely on the comments created when the version is published. This set really high standards for those comments.
    It would be a great feature, if it was possible to see the ARM templates deployed in previous published versions, too determine what was actually deployed in that version.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  11. Azure Policy Template to audit/enforce Azure Backups on VMs

    Would love to get a pre-made Azure policy template to audit/enforce Azure Backups to ensure servers are not missed.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  12. Have Azure Blueprints that are published at the Management Group level visible at the Subscription Level

    In Azure Blueprints definitions, as a user, if I select an Azure Subscription I want to see any Blueprints that have been assigned at the Management Group levels above the subscription as well as the Subscription Blueprint definitions.

    This would provide a better view of the Blueprints that are available to be deployed in that Subscription.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  13. Allow more rich symbols while using Match in Policy definition

    I am using Management groups and wanted to roll out multiple naming policy.
    I have various clients hence thought of a consistent manner to support and organize Resource groups/Resources in a consistent way. i.e <Cleint>-<Prod/Dev>-RGP-<Name>.
    So it would sort out like
    CL1-PROD-RGP-MyFirstRG
    CL1-PROD-RGP-AnotherOne
    CL2-DEV-RGP-NNNN
    CL3-PROD-RGP-aaa

    but unfortunately found that match could not support a symbol which would represent letter or number in same symbol. Details can be seen in the closed feedback thread on the following page.

    https://docs.microsoft.com/en-us/azure/azure-policy/scripts/allow-multiple-name-patterns

    It would really help enforce a consistent naming convention.
    Not sure how fast help can arrive from MS?

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  14. azure blueprints assignment to management group

    It should be Possible to assign the Blueprint to a Management Group. So every subscripiton with will be added to the Management Group, get automatic the blueprint assignment

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  15. Create AAD Groups

    Creating groups idempotently would be great as then you could have standardised group names and use those in the Role Assignments.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  16. Select existing managed identity in Azure Policy Assignment

    When creating a policy assignment using deployIfNotExist the assignment always creates a new Managed Identity. We would like to be able to select/use an existing Managed Identity. This way we don't have to assign permissions to multiple Managed Identities and we can re-use the Managed Identity.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Either Include Custom Scripts or the Ability to Call an Automation Runbook in Azure Blueprint

    Since there are lots of configuration things that ARM Templates cannot do, it would be extremely helpful if it was possible to include a custom script, preferably PowerShell, in an Azure Blueprint. If including custom scripts is not possible, having the ability to execute an Automation Runbook would also be a good way to solve this problem.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  18. Support blueprint parameters in the UI

    A feature where it would be possible to create "blueprint wide paramters" that can be set during the assignment would be really valuable . We create a lot of blueprints where the same parameter value is used multiple times in multiple ARM templates in a single blueprint.
    This is often used in naming conventions, to set a specific suffix or prefix during assignment.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  19. Integrate Azure Policy with Azure DevOps

    Recently, I started working with Azure Policies. In that, am able to create Azure Policy through portal successfully and now am trying to do same with the help of Azure DevOps. According to documentation there is a chance to integrate Azure Policy with Azure DevOps, but there is no more information regarding to that.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Show user friendly message when Azure Policy does not meet compliance

    We have created custom policy which checking tags existence when a user creates a new resource group. The policy works great.

    But we have faced unexpected behavior. When we tried to create a new resource group for test purposes (without tags) we had an uninformative error (Unexpected error while creating the resource group.).
    We think some people might have a misunderstanding about this message (From this message they won’t understand why they cannot create a new resource group).
    We investigated this issue but have not found trouble in the policy itself therefore right now we think it is an azure…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5
  • Don't see your idea?

Feedback and Knowledge Base