Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Have Azure Blueprints that are published at the Management Group level visible at the Subscription Level

    In Azure Blueprints definitions, as a user, if I select an Azure Subscription I want to see any Blueprints that have been assigned at the Management Group levels above the subscription as well as the Subscription Blueprint definitions.

    This would provide a better view of the Blueprints that are available to be deployed in that Subscription.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  2. See ARM templates in all blueprint published versions

    Right now, to see what an older version of a blueprint does, we rely solely on the comments created when the version is published. This set really high standards for those comments.
    It would be a great feature, if it was possible to see the ARM templates deployed in previous published versions, too determine what was actually deployed in that version.

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  3. Create AAD Groups

    Creating groups idempotently would be great as then you could have standardised group names and use those in the Role Assignments.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  4. Azure Policy - Enable faster (itterative) development of Policies

    When developping Policies, testing is a very time consuming process as Policy evaluation takes place once every 30 minutes. You can trigger an on-demand scan, but it still takes a lot more time and effort than I'd like to be able to try filters and logic fast.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure Policy development environment

    Developing policy is a nightmare, missing efficient debugging tools, information on the way they are calculated, etc. We need authoring tool to be able to efficiently develop and test policies.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure Policy - Add friendly / custom error messages for deny policies

    When someone tries to create a resource that is blocked by policy, they get an ugly JSON output that doesn't really provide any details as to why they failed validation. The best that they can get (if they find it) is the name of the policy or initiative. It would be much nicer to be able to enter and error description when defining the policies / initiatives and provide links to internal KB articles for how they should remedy the problem.

    13 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support querying of deleted resources via the Azure Resource Graph

    It would be useful if you could query for deleted resources via the ARG. For example:

    where deleted == true

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow Deny Assignments for Existing Resource Groups

    Allow Deny Assignments for Existing Resource Groups - Currently deny assignments with Blueprints is only allowed for new resources. It would be really helpful if the same feature can be applied to existing resource groups.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow Resource Graph to target all subscriptions or a management group

    Currently, the Resource Graph API expect a list of subscription IDs to be passed in as part of the request body. This is very troublesome when you need to query all subscriptions in a tenant or a management group. Please add support for allowing wildcard for the subscriptions value i.e. "*", and extend the support for management groups.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    planned  ·  1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  10. Pin Overall Resource Compliance to Dashboards

    Be able to pin the Overall Resource Compliance percentage to Dashboards to allow quick access for Stakeholders

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  11. Resource Graph - support for type microsoft.web/sites/config

    support type 'microsoft.web/sites/config' to get the all the data nodes under config type

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  2 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  12. 10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  13. PIM add support in the Graph API to query Azure resources roles audit logs.

    We can query Azure AD roles in PIM for our conformity report but have to log-in to the portal manually for PIM roles on Azure Resource.

    Works for PowerBI Admin Roles but not for "Contributor" role in Subscription X.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  14. Support blueprint parameters in the UI

    A feature where it would be possible to create "blueprint wide paramters" that can be set during the assignment would be really valuable . We create a lot of blueprints where the same parameter value is used multiple times in multiple ARM templates in a single blueprint.
    This is often used in naming conventions, to set a specific suffix or prefix during assignment.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  15. Azure Policy template for all options available in the Azure portal

    Allow Azure Policies to be created by having a "generate policy" option available next to each option available in the Azure portal. Every configuration item should have the ability to be created as a policy and making this easy through the portal for each Azure component and option would make it easy to manage configuration compliance.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks for the valid suggestion. Your feedback is now open for the user community to upvote & comment on. This allows us to effectively prioritize your request against our existing backlog and also gives us insight into the potential impact of implementing the suggested feature.

  16. Allow customer to use Terraform or ARM Templates with Blueprints

    Most of my customers are using Terraform to deploy resources to Azure. Extend Blueprints to accept a .tf script as an artifact.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  17. Deploy Custom RBAC Role via Azure Blueprint

    It would be a nice feature to add Custom RBAC Role as a Azure Blueprint Artifact. Deploying custom RBAC roles currently is painful and packaging them in an Azure Blueprint would allow for a less painful and much more standarized way of deploying custom RBAC roles.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  18. Quota limit per Resource Group

    There is a quota limit only per the subscription but it would be helpful if you will give an option also to configure quota limit per resource group.

    Example, we have a single subscription with some quota limit but I created a resource group for developers and testing team.

    Developer's resource group should be 50 instances and Testing resource group should be 60 instances.

    The current feature is not having that option to control my resource group usages.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure Policy to check whether the Management group follows naming Pattern

    Hello,
    currently, we cannot create an azure Policy which checks whether the management group follows naming pattern.
    It will be better if this feature is added to the Azure policy

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Python SDK support

    Create a Python SDK for Azure Blueprints. Blueprints are an amazing service, and allow Azure to be directly competitive with AWS's services like Landing Zone, Control Tower, and their Account Vending Machine. Unfortunately, the lack of Python support will prevent many of the customers who are not traditional Microsoft shops from adopting this service.

    Please develop a Python, and Node, SDK!

    Thank you

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base