Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Policy - Support for RegEx in Match Conditions

    Right now, the "Match" and "notMatch" conditions only support # for digit placeholders and ? for letters. This is okay, but it would be much more useful to support regex expressions. This would needed for define complex naming policies and tagging standards.

    182 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  25 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Automatic Remediation of deployIfNotExists templates

    What it says on the tin... deployIfNotExists should have an option to automatically remediate the issue by deploying the appropriate resources. (and/or automatically creating and running the remediation task)

    74 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  7 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support query Virtual Machines by state

    Ability to query Virtual Machine resource type by state of the VM.

    64 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  5 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  4. When Unassigning an Azure Blueprint Provide Option of Removing Blueprint Created Resources

    Since a Blueprint has the ability to create multiple resources in Azure it should also have the ability to clean up those resources. Think of it as the same as deleting a ResourceGroup deletes all resources in the ResourceGroup.

    25 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure Policy - Indexed mode policies pick up resources that don't support tags

    For example, I created a custom policy definition that audits if a tag exists. It is set mode=indexed, so only taggable and location based resources should be evaluated.

    Here are some things that are coming back as non-compliant:
    /microsoft.insights/alertrules
    /microsoft.insights/actiongroups
    /Microsoft.Compute/virtualMachines/extensions
    /microsoft.insights/activitylogalerts
    /microsoft.operationsmanagement/solutions
    /microsoft.portal/dashboards

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  10 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow Resource Graph to target all subscriptions or a management group

    Currently, the Resource Graph API expect a list of subscription IDs to be passed in as part of the request body. This is very troublesome when you need to query all subscriptions in a tenant or a management group. Please add support for allowing wildcard for the subscriptions value i.e. "*", and extend the support for management groups.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  7. Resource Graph type for Management Groups

    Add Management Groups as a resource type for Resource Graph. This would allow for writing queries that target subscriptions that are in a specific Management Group. This is extremely helpful for enterprises that have a lot of subscriptions that are being organized with Management Groups.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to query for DNS Zones CNAME type in Azure Resource Graph

    I am able to filter out resources by provider (e.g., 'Microsoft.Network') and higher-level types (e.g., 'Microsoft.Network/dnszones'). However, not all resource types are supported by Resource Graph. For example, DNS Zone record types aren't supported. I would like to get a response for a query like this one:

    az graph query -q "where type =~ 'microsoft.network/dnszones/cname'"

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  9. Azure Policy Initiatives - allow Policy exclusion changes

    An initiative contains multiple policies, and need to be able to exclude application of a child policy while maintaining enforcement of the other policies within. Today, it is 'all or nothing' application of the initiative.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base