Right now, the "Match" and "notMatch" conditions only support # for digit placeholders and ? for letters. This is okay, but it would be much more useful to support regex expressions. This would needed for define complex naming policies and tagging standards.182 votes
What it says on the tin... deployIfNotExists should have an option to automatically remediate the issue by deploying the appropriate resources. (and/or automatically creating and running the remediation task)74 votes
Ability to query Virtual Machine resource type by state of the VM.64 votes
Since a Blueprint has the ability to create multiple resources in Azure it should also have the ability to clean up those resources. Think of it as the same as deleting a ResourceGroup deletes all resources in the ResourceGroup.25 votes
For example, I created a custom policy definition that audits if a tag exists. It is set mode=indexed, so only taggable and location based resources should be evaluated.
Here are some things that are coming back as non-compliant:
Currently, the Resource Graph API expect a list of subscription IDs to be passed in as part of the request body. This is very troublesome when you need to query all subscriptions in a tenant or a management group. Please add support for allowing wildcard for the subscriptions value i.e. "*", and extend the support for management groups.10 votes
Add Management Groups as a resource type for Resource Graph. This would allow for writing queries that target subscriptions that are in a specific Management Group. This is extremely helpful for enterprises that have a lot of subscriptions that are being organized with Management Groups.4 votes
I am able to filter out resources by provider (e.g., 'Microsoft.Network') and higher-level types (e.g., 'Microsoft.Network/dnszones'). However, not all resource types are supported by Resource Graph. For example, DNS Zone record types aren't supported. I would like to get a response for a query like this one:
az graph query -q "where type =~ 'microsoft.network/dnszones/cname'"3 votes
An initiative contains multiple policies, and need to be able to exclude application of a child policy while maintaining enforcement of the other policies within. Today, it is 'all or nothing' application of the initiative.1 vote
- Don't see your idea?