Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Integrate Azure Blueprints with Azure Devops

    It would be really helpful to have integration with Azure Devops. Copy pasting arm templates as artifacts is painful. Would like to be able to store my templates in Azure Devops and call them as artifacts from Azure Blueprints

    36 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure Policy Template to audit/enforce Azure Backups on VMs

    Would love to get a pre-made Azure policy template to audit/enforce Azure Backups to ensure servers are not missed.

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  3. Azure Blueprint Powershell management

    Managing Azure Blueprints via PowerShell or Azure Cli and not via Rest API. Makes it easier to use it with azure Automation.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support adding a tag to resource groups created by a blueprint

    Today blueprints don't support any way of adding a tag to a created resource group in the UI or the API.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  5. Ability to retreive subscription name given subscriptionId in Resource Graph Query

    Resource graph queries are great at returning SubscriptionId. But a GUID is unfriendly. Provide a function or means for retrieving the subscription display name. For example:

    where type contains 'publicIPAddresses' and properties.ipAddress != ''
    | summarize count () by subscriptionName(subscriptionId)

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  7 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure Resource Graph: Incorporate more Tabular operators from Kusto, like Join

    Per https://docs.microsoft.com/en-us/azure/governance/resource-graph/concepts/query-language#supported-tabular-operators - there's a limited selected of Tabular operators that work in Azure Resource Graph. It would be beneficial if additional operators, such as Join, are supported.
    Example: If I wanted to pull all VMs and their private IP address, I would need to join the VM with the NIC resource to pull both properties in a single report

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  7. Use Search-AzGraph to find Resource Groups and MetaData

    For faster and more complex queries I need to find Resource Groups using Graph. E.g. show me all Resource Groups with tag X across my tenant. Looping through 200 subscriptions is very time consuming. Also hope that it will allow more complex queries comparing resource tag values to Resource Group tag values.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  2 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Policy based on industry governance/compliance frameworks

    It would be helpful to take some of the control mapping from blueprints against industry frameworks such as PCI-DSS/NIST/etc and allow you to report compliance against those controls for each of the Azure services that exist in your environment.

    Integrating something like cloudsecurityalliance.org control matrix or unifiedcompliance.com would be very helpful.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    Thanks for you feedback! At Ignite 2019, we were happy to announce our Regulatory Compliance initiatives. We are mapping our policies directly to compliance frameworks. We have started with the NIST framework and will continue with others as time progress. Once again, thanks for your input!

    -Azure Policy Team

  9. Support using Azure Blueprints without requiring Managment Groups

    For customers like us not using Management Groups it is hard to try/use Azure Blueprints.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  10. Show Azure Policy Definition parameters on a separate tab

    In a lot of situations you are only interested in viewing initiative definitions and definition parameters, not editing them.
    Showing definition parameters on a separate tab would save a lot of time.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add ability to create Azure Dashboards from Resource Graph query

    Add ability to create Azure Dashboards from Resource Graph query

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  3 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  12. Resource Graph - Support for searching nested arrays

    Ability to enumerate through resource responses that contain nested arrays.

    Example scenario: identify all subnets that does not have an NSG assigned.

    Today, the approach will be to retrieve all of the VNETs and enumerate through the list in PowerShell. This adds another level of complexity and complicates analysis through the Portal.

    Example code:

    $rgQuery = "where type == 'microsoft.network/virtualnetworks' | summarize subnets = make_list(properties.subnets)"
    $results = Search-AzGraph -Query $rgQuery

    $SubnetsWithoutNSGs = [System.Collections.ArrayList]@()

    foreach ($subnet in $results.subnets)
    {

    if ($subnet.properties.networkSecurityGroup -eq $null)
    
    {
    $captures = [regex]::Match($subnet.id, '/subscriptions/(.*)/resourceGroups/(.*)/providers/.*/virtualNetworks/(.*)/subnets/(.*)').Captures

    $item = New-Object PSObject
    $item | Add-Member NoteProperty SubscriptionId ($captures.Groups[1].value)
    $item | Add-Member…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  13. Passing output of one template as parameter to dependent template

    I have one template where i output some details of resource which i want to pass as parameter to other dependent template. Please let me know if it is possible now or will be added in future.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  14. Show Kusto query in Resource Graph (as per Log Analytics)

    In the same way that Log Analytics displays the Kusto query when filters are applied, it would be great if Resource Graph could do this too so the queries could be saved and used via API calls, etc.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  15. azure policy check string length

    It would be great if there will be in future a possibility to check the length of the resource Name at the deployment.

    So it would be much easier to Control the naming convention for a resource.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  16. Create a strongType for an AAD Principal ID

    When creating role assignments via an Azure Blueprint, it would be extremely helpful to have a strongType that would allow the selection of one or more AAD Principal IDs. This would provide a much better user experience when deploying a Role Assignment.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →

    This can be done today. We need to publish docs for this, but we support three strong types today:

    • principalId
    • location
    • resourceType

    It will go inside of the metadata property of your parameter declaration like this:

    “principalIds”: { “type”: “string”, “metadata”: { “displayName”: “Principal IDs”, “strongType”: “PrincipalId” } },
  17. Open Source the sample Blueprints

    Is the blueprint available on GitHub at all?

    I have taken the blueprint as a foundation for my "data centre in a box" template but, I have no way of seeing if there have been any changes to the MS provided one and if there are, what changes were made.

    Cheers

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow more than 100 items to be exported in azure resource graph

    Allow more than 100 items to be exported in azure resource graph
    If a limit is needed, 100 seems a bit small

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  19. JSON object support in parameters to arm templates

    I'm using json objects to pass things like subnet configurations, tags and nsg rules into a vnet template. When I add a artificat the GUI only supports string/integers as parameters. My suggestion is to make it possible to upload a complex parameter file in the same way as the template is added. That way I won't need to "dumb down" my parameter files and hard code things in my templates. I would then also have the option to use string parameters for simple templates and object for more complex ones when I add them to blueprints.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    completed  ·  3 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  20. Easily navigate between Policy Definitions and Assignments

    In the portal, I cannot easily navigate between policy definitions and assignments. Examples:

    -From a policy definition, show me all assignments of this definition
    -From a policy assignment, show me the definition

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base