Azure Governance

Azure Governance is a portfolio of platform capabilities that helps customers address the need for control at scale without sacrificing developer agility. This includes services like Azure Policy, Azure Blueprints, Azure Resource Graph & Management Groups.

More details about the services are available in the Azure Governance documentation. If you have a technical issue, please open a post on the developer forums through Stack Overflow.

Products that we listen to in this space include: Azure Policy, Azure Blueprints, Azure Resource Graph, Azure Subscriptions and Azure Management Groups

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. PIM add support in the Graph API to query Azure resources roles audit logs.

    We can query Azure AD roles in PIM for our conformity report but have to log-in to the portal manually for PIM roles on Azure Resource.

    Works for PowerBI Admin Roles but not for "Contributor" role in Subscription X.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  2. Azure Storage File share available in resource graph

    Right now, the file share information of a storage account is not available in the resource graph.
    ie. it would allow to list the file share of a subscription, compute the global storage size or simulate the pricing.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  3. Python SDK support

    Create a Python SDK for Azure Blueprints. Blueprints are an amazing service, and allow Azure to be directly competitive with AWS's services like Landing Zone, Control Tower, and their Account Vending Machine. Unfortunately, the lack of Python support will prevent many of the customers who are not traditional Microsoft shops from adopting this service.

    Please develop a Python, and Node, SDK!

    Thank you

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  4. Blueprints do not create managed identities for deployifnotexist policy initiatives

    Currently Azure Blueprints can assign policy initiatives but do not properly create the managed service identity for deployifnotexist policy definitions within the initiative. This needs to be corrected as that is basic functionality of a policy initiative assignment. The managed identity is created correctly if directly assigning the policy definition outside of an initiative.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  5. Azure Policy - Alias for auditing Archive Tier on blob storage items

    Blob Storage Archive Tier is not covered under Azure's BAA and therefore must be audited in situations where HIPAA and HI-TRUST compliance is required. Currently there does not exist an alias for determining whether a blob item is set to Archive Tier. Note that there IS a storage account level alias for determining Hot or Cold storage, but this is not the same.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  6. Azure Resource Graph - Support query for backup status

    Add the ability to query backup status from Azure Resource Graph and therefore see status for multiple vaults in a unique dashboard

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  7. Azure Policy to check whether the Management group follows naming Pattern

    Hello,
    currently, we cannot create an azure Policy which checks whether the management group follows naming pattern.
    It will be better if this feature is added to the Azure policy

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  8. Azure Policy - Support for Rego Syntax

    It would be great for companies who are working across the major cloud vendors and on AKS if Azure Policy supported the use of OPA and rego policy syntax in addition to the current json format. This would allow companies to adopt a single policy language and use it in multiple contexts.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  9. Convert linked/nested arm templates into a blueprint

    Take an existing nested or linked arm template and convert it into a blueprint, with each template being converted into an artifact. With this you could take advantage of blueprints update and locking features.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support history for resources

    For scenarios where we need the resources to be synced into an external store, we want the history so that I don't need to scan all the resources again.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  11. Fix TitleCase issue in preview Azure Security Center Initiative Policy

    The new Built-In Policy [Preview]: Manage certificate validity period (/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560), has a parameter certificatesValidityPeriodMonitoringEffect having allowed values: 'audit', 'deny', 'disabled', whereas all the other policies have values with TitleCase capitals, like: 'AuditIfNotExists', 'Disabled'. As we are running scripts to automatically activate of disabled policies by setting parameters for the initiative Enable Monitoring in Azure Security Center (/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8), the routine now fails, most likely due to Case Sensitivity, showing the error: PolicyParameterValueNotAllowed : The value 'Audit' is not allowed for policy parameter 'certificatesValidityPeriodMonitoringEffect' in policy definition '1f3afdf9-d0c9-4c3d-847f-89da613e70a8'. The allowed values are 'audit, deny, disabled'. CorrelationId: 3aa33bae-fd0a-4a58-9f55-c201bd0d9609.

    The issue has been submitted…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  12. Include core counts for VMs for the purpose of cross-joins with other data

    It would be great to have some of other meta data exposed within Resource Graph. More specifically a way to get the number of cores that a VM size has. This would be valuable for queries to show the total number of cores that are used. Right now, we have to export out the results of the Resource Graph and convert the VM SKU to the number of cores outside of Resource Graph. Having it within the Resource Graph would allow us to do joins within our queries to get a single report with all of the information that we…

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add additional strongTypes for Blueprint

    Please add the following strongTypes that are supported by Azure Policy:

    storageSkus
    vmSKUs
    existingResourceGroups
    omsWorkspace

    Additionally, I would like the following:

    existingVNETs - displays existing Virtual Networks
    existingVNETSubnets - displays exiting VNET Subnets

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Blueprints  ·  Flag idea as inappropriate…  ·  Admin →
  14. Azure Policy template for auditing/restricting public blob sharing

    Currently, Azure storage allows for the public sharing of blobs. It would be great to be able to use Azure policy to detect (and remediate) this feature.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  15. policy for tags enumeration

    Set a policy, that only certain values are allowed on a specific tag.
    For instance, if you set the tag: "Environment", you can only set the values "Dev" or "Prod" nothing else will be accepted. (An enumeration of unlimited numbers please)

    If a tag is needed in the Azure Portal (UI) Then an combobox (drop down) should be presented.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  16. Export functionality for Azure Policy report

    I'd suggest to have a functionality of Excel exporting in Azure Policy so security administrator or system administrator can export and report to ISM/CISO level.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  17. Get azure recommendations for All VMs in one place using azure resource graph

    This way we will get the recommendations in terms of memory CPU usage and COST so that the overall COST reduction can be planned by downsizing the VMs or planning for SPOT VMs

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  18. Ability to query budget and forecast in Azure Resource Graph

    Please add the ability to query budget and forecast in Azure Resource Graph. This will allow the creation of dynamic and filterable cost management dashboards

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Azure Resource Graph  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow me to name the managed identity created for deployIfNotExists policies

    There currently is no control available I can find that allows me to name the managed identities that are created when I make an assignment that includes a deployIfNotExists policy.

    This is challenging because the name of the identity that is created for me shows up in Azure IAM is not meaningful. For example: 145be6177g3g391580751e32

    This makes it very hard for someone to verify the identity of the "app" and therefore become concerned over if this is a legitimate app in our AAD.

    Please allow me to name the managed identity at creation time or better yet allow me to…

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  20. Azure Policy

    When we apply Azure Policy to the SQL DB created through stored procedure, the Policy is not triggering its effect on that resource as these resources are not created in ARM layer. We know that policy evaluation happens on the ARM layer. But it would be great if Policy team could add this feature in the Policy so that Policy evaluation happens on the resources created through stored procedure as well.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Azure Policy  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base