Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Either Include Custom Scripts or the Ability to Call an Automation Runbook in Azure Blueprint

    Since there are lots of configuration things that ARM Templates cannot do, it would be extremely helpful if it was possible to include a custom script, preferably PowerShell, in an Azure Blueprint. If including custom scripts is not possible, having the ability to execute an Automation Runbook would also be a good way to solve this problem.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  2. Integrate Azure Policy with Azure DevOps

    Recently, I started working with Azure Policies. In that, am able to create Azure Policy through portal successfully and now am trying to do same with the help of Azure DevOps. According to documentation there is a chance to integrate Azure Policy with Azure DevOps, but there is no more information regarding to that.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    Thanks for your feedback. We currently have a partnership with the Azure DevOps team to better improve this experience. We do have some built-in tasks and compliance gates and are working on reamp them. We recently publish documentation on Designing Policy as Code workflows and will add more documentation as our improvements develop.

    Thank you,

    Azure Policy Team

  3. Ability to retreive subscription name given subscriptionId in Resource Graph Query

    Resource graph queries are great at returning SubscriptionId. But a GUID is unfriendly. Provide a function or means for retrieving the subscription display name. For example:

    where type contains 'publicIPAddresses' and properties.ipAddress != ''
    | summarize count () by subscriptionName(subscriptionId)

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Policy - Enable faster (itterative) development of Policies

    When developping Policies, testing is a very time consuming process as Policy evaluation takes place once every 30 minutes. You can trigger an on-demand scan, but it still takes a lot more time and effort than I'd like to be able to try filters and logic fast.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure Policy - Support for Rego Syntax

    It would be great for companies who are working across the major cloud vendors and on AKS if Azure Policy supported the use of OPA and rego policy syntax in addition to the current json format. This would allow companies to adopt a single policy language and use it in multiple contexts.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure Policy development environment

    Developing policy is a nightmare, missing efficient debugging tools, information on the way they are calculated, etc. We need authoring tool to be able to efficiently develop and test policies.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Policy template for auditing/restricting public blob sharing

    Currently, Azure storage allows for the public sharing of blobs. It would be great to be able to use Azure policy to detect (and remediate) this feature.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow use of resourceGroup() functions within a resource group artifact

    When using an ARM template artifact within a resource group artifact, allow us to use the resourceGroup() functions, like respourceGroup().location. Currently, we receive the error: Error: 'The function 'resourceGroup' is not valid.'

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  9. Resource Graph - Support for searching nested arrays

    Ability to enumerate through resource responses that contain nested arrays.

    Example scenario: identify all subnets that does not have an NSG assigned.

    Today, the approach will be to retrieve all of the VNETs and enumerate through the list in PowerShell. This adds another level of complexity and complicates analysis through the Portal.

    Example code:

    $rgQuery = "where type == 'microsoft.network/virtualnetworks' | summarize subnets = make_list(properties.subnets)"
    $results = Search-AzGraph -Query $rgQuery

    $SubnetsWithoutNSGs = [System.Collections.ArrayList]@()

    foreach ($subnet in $results.subnets)
    {

    if ($subnet.properties.networkSecurityGroup -eq $null)
    
    {
    $captures = [regex]::Match($subnet.id, '/subscriptions/(.*)/resourceGroups/(.*)/providers/.*/virtualNetworks/(.*)/subnets/(.*)').Captures

    $item = New-Object PSObject
    $item | Add-Member NoteProperty SubscriptionId ($captures.Groups[1].value)
    $item | Add-Member…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base