Show user friendly message when Azure Policy does not meet compliance
We have created custom policy which checking tags existence when a user creates a new resource group. The policy works great.
But we have faced unexpected behavior. When we tried to create a new resource group for test purposes (without tags) we had an uninformative error (Unexpected error while creating the resource group.).
We think some people might have a misunderstanding about this message (From this message they won’t understand why they cannot create a new resource group).
We investigated this issue but have not found trouble in the policy itself therefore right now we think it is an azure policy issue.
So it would be great if users can have informative error message so they can understand the reason of resource group creation failed.
Thanks for your feedback. We are continuously adding more information error messages to improve them. Thank you for being this case to light and we will take a look and update as needed.
- Azure Governance Team
@Goverance & Deployments Team, Could this be fixed any time soon.
Leaving graceful or user friendly message when RG creation fails is a nice one to have as a feature especially when we have custom policy's defined on the subscription and we need to be clearly tell the user , why we failed it.
Baden, Toby commented
Additional, interim/workaround solution: a bash script or Python script that extracts all of the existing policies into JSON for post processing allowing for ease of creating and managing documentation on custom built scripts. It would gather all initiatives and associated policies and policies not associated with initiatives . The customer would run the script under an account that has complete range of read-only access to the tenant.
Baden, Toby commented
Looks like some work has been done on this-better now. But there is room for improvement still. Issue: When deploying resources requesting user is faced with reading through 100's lines worth of JSON for a handful of Polices 'failed', the 'useful' part of the JSON is closer to 2% of the payload. If three policies failed, the JSON could be paired down to the point where it easily fits on the right-most "blade". In the attached, I've circled 8-9 lines out one policy 'failed' of close to 100 lines of JSON that is useful to the requester.