Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Azure Policy Template to audit/enforce Azure Backups on VMs

    Would love to get a pre-made Azure policy template to audit/enforce Azure Backups to ensure servers are not missed.

    24 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  2. Either Include Custom Scripts or the Ability to Call an Automation Runbook in Azure Blueprint

    Since there are lots of configuration things that ARM Templates cannot do, it would be extremely helpful if it was possible to include a custom script, preferably PowerShell, in an Azure Blueprint. If including custom scripts is not possible, having the ability to execute an Automation Runbook would also be a good way to solve this problem.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to retreive subscription name given subscriptionId in Resource Graph Query

    Resource graph queries are great at returning SubscriptionId. But a GUID is unfriendly. Provide a function or means for retrieving the subscription display name. For example:

    where type contains 'publicIPAddresses' and properties.ipAddress != ''
    | summarize count () by subscriptionName(subscriptionId)

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Policy - Support for Rego Syntax

    It would be great for companies who are working across the major cloud vendors and on AKS if Azure Policy supported the use of OPA and rego policy syntax in addition to the current json format. This would allow companies to adopt a single policy language and use it in multiple contexts.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure Policy - Enable faster (itterative) development of Policies

    When developping Policies, testing is a very time consuming process as Policy evaluation takes place once every 30 minutes. You can trigger an on-demand scan, but it still takes a lot more time and effort than I'd like to be able to try filters and logic fast.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure Policy development environment

    Developing policy is a nightmare, missing efficient debugging tools, information on the way they are calculated, etc. We need authoring tool to be able to efficiently develop and test policies.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Policy template for auditing/restricting public blob sharing

    Currently, Azure storage allows for the public sharing of blobs. It would be great to be able to use Azure policy to detect (and remediate) this feature.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow use of resourceGroup() functions within a resource group artifact

    When using an ARM template artifact within a resource group artifact, allow us to use the resourceGroup() functions, like respourceGroup().location. Currently, we receive the error: Error: 'The function 'resourceGroup' is not valid.'

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  9. Resource Graph - Support for searching nested arrays

    Ability to enumerate through resource responses that contain nested arrays.

    Example scenario: identify all subnets that does not have an NSG assigned.

    Today, the approach will be to retrieve all of the VNETs and enumerate through the list in PowerShell. This adds another level of complexity and complicates analysis through the Portal.

    Example code:

    $rgQuery = "where type == 'microsoft.network/virtualnetworks' | summarize subnets = make_list(properties.subnets)"
    $results = Search-AzGraph -Query $rgQuery

    $SubnetsWithoutNSGs = [System.Collections.ArrayList]@()

    foreach ($subnet in $results.subnets)
    {
    if ($subnet.properties.networkSecurityGroup -eq $null)
    {
    $captures = [regex]::Match($subnet.id, '/subscriptions/(.*)/resourceGroups/(.*)/providers/.*/virtualNetworks/(.*)/subnets/(.*)').Captures

    $item = New-Object PSObject
    $item | Add-Member NoteProperty SubscriptionId ($captures.Groups[1].value)
    $item | Add-Member…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  10. azure policy check string length

    It would be great if there will be in future a possibility to check the length of the resource Name at the deployment.

    So it would be much easier to Control the naming convention for a resource.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base