Recently, I started working with Azure Policies. In that, am able to create Azure Policy through portal successfully and now am trying to do same with the help of Azure DevOps. According to documentation there is a chance to integrate Azure Policy with Azure DevOps, but there is no more information regarding to that.34 votes
Thanks for your feedback. We currently have a partnership with the Azure DevOps team to better improve this experience. We do have some built-in tasks and compliance gates and are working on reamp them. We recently publish documentation on Designing Policy as Code workflows and will add more documentation as our improvements develop.
Azure Policy Team
Since there are lots of configuration things that ARM Templates cannot do, it would be extremely helpful if it was possible to include a custom script, preferably PowerShell, in an Azure Blueprint. If including custom scripts is not possible, having the ability to execute an Automation Runbook would also be a good way to solve this problem.26 votes
We are working to release the ability to run a custom script in Azure Blueprint
Add Management Groups as a resource type for Resource Graph. This would allow for writing queries that target subscriptions that are in a specific Management Group. This is extremely helpful for enterprises that have a lot of subscriptions that are being organized with Management Groups.21 votes
We’ve started work on adding MG as a type in the ResourceContainers table. You also have the option to pass in your management group IDs as the scope in the request body to Azure Resource Graph.
It would be great for companies who are working across the major cloud vendors and on AKS if Azure Policy supported the use of OPA and rego policy syntax in addition to the current json format. This would allow companies to adopt a single policy language and use it in multiple contexts.12 votes
Azure Policy uses Rego language for its AKS Policy (in limited public preview today): https://docs.microsoft.com/en-us/azure/aks/support-policies
It does not support custom policy definitions yet, as we plan to move to Gatekeeper v.3 which has breaking change in its policy language.
When using an ARM template artifact within a resource group artifact, allow us to use the resourceGroup() functions, like respourceGroup().location. Currently, we receive the error: Error: 'The function 'resourceGroup' is not valid.'4 votes
We are working on a fix to make sure all ARM template functions work if they are deployed by a blueprint
- Don't see your idea?