1,219 questions with Azure Policy tags
Disable user ability to create subscriptions
I want to have full control of all subscription creations in my tenant. If I disable the ability of end users to create new subscriptions in my tenant, how would subscriptions be created going forward and what would be negatively impacted? (Is…
How can deny storage account creation if a Private Endpoint is not created at the same time
Hello, Looking for a solution to create Azure policy to deny storage account creation if a Private Endpoint is not created at the same time. Thanks, Srinath.
Nist 800-171 rev 2 policy assignment error - Subnets should be associted with a network security group
Hello I am running NIST policy 800-171 rev 2 against my tenant and its failing compliance check for Azurefirewallmanagementsubnet subnet with error "Subnets should be associated with a network security group". When I try to associate subnet…
Subscription management | Region access
Hi everyone, My Azure for Students subscription is restricted by the ‘Allowed resource deployment regions’ policy. I need help or confirmation of which regions are enabled for Foundry projects or assistance enabling one supported region. Thank you for…
Deny policy
I have this den policy [ "parameters": { "effect": { "type": "String", "metadata": { "displayName": "Effect", "description":…
Azure policy - how to apply a policy on specific resources
Hello, I would like to test the new CIS Security Benchmarks for Windows Server by deploying the policy but only on a few resources. (arc onboarded machines) How is this possible ? In the Basics of the policy assignment, you can choose the scope but…
How to get Region for use of resoursecs
I am unable to use any resources in my Azure student account. In my assignment policy, there is no region where I can use resources as attached. How do I go about this.
Unable to install built-in guest configurations in Azure Windows VM
I am using bicep to install some built-in guest configurations in my windows machine. But they are in pending state as in the below screenshot. I suspect I am missing source(ContentUri) in the bicep for those guest configuration assignments. Can anyone…
Urgent: Disabled Azure Subscription Affecting Educational Platform
Hello Microsoft Support, My Azure subscription was disabled due to suspected activity. I believe this may be a mistake. This issue is urgent because the subscription hosts services used by our educational platform. We need access to our databases and…
Azure deny Policy
I am trying to create a deny policy for web apps where the users must have minTls above 1.2 and another policy where the webapp should only accept ['FTPSOnly,Disabled']. But when i assign it it doesnt work and co-polite points out that…
Automation requirement for enabling VM Insights using Azure Policy
We are trying to automate the onboarding of Azure VM Insights monitoring using Azure Policy (DeployIfNotExists) instead of manual configuration through Azure Portal. Currently, VM Insights is enabled manually via: VM → Monitor → Insights → Enable
Join: Microsoft Azure Q&A Champions Program
The Microsoft Azure Q&A Champions Program recognizes and empowers a global community of internal and external Azure experts who help customers succeed by providing high-quality, trusted answers on Microsoft Q&A. The program scales expert led…
AI answer
how to fix You do not have permissions to create resource groups under subscription
You do not have permission to create resource groups under subscription
Azure Subscription disabled due to suspecious activity
I am using Azure Services to host application. I am kind of new to azure and might have done something against the Azure Policy. I have raised a case already but posting this to know what to do to enable my subscrition apart from waiting for an agent to…
Enable Azure Policy to Automatically Configure Log Analytics and VM Insights Across Subscriptions via Management Group Scope
We are building a multi-cloud FinOps application where we collect performance and cost metrics from Azure resources. Currently, we are programmatically enabling diagnostic settings and monitoring configurations using APIs for specific resource…
how to enable SaaS susbscriptions to my azure account or resource group under my account
how to enable SaaS susbscriptions to my azure account or resource group under my account
Azure Policy View Compliance Detail
Hello, I want to ask whether it is possible to get this data from Azure Resource Graph This is the built-in policy from Azure { "properties": { "displayName": "Inherit a tag from the resource group", …
View Compliance Details with Azure Resource Graph or Powershell
Hello, I am trying to view compliance details in View Compliance for Policy compliance builtin "Inherit a tag from the resource group" Right now I can see from the portal Reason for non-compliance Current value must be equal to the target…
Guest assignment error :- Resource instance with id 'AzureWindowsBaseline' is not found in DSC document.
All of sudden, guest assignments are failing in GCCH tenants. gc_agent.log file seems to suggest something is missing in downloaded package. Is this temporary microsoft issue? Is there a fix for it? [2026-05-05 03:54:35.211] [PID 6916] [TID 9036] [Pull…
Azure student subscription given no allowed resource deployment regions policy
Hello, I recently started my Azure for Students subscription and found that any resource creation was blocked under policy, usually with an error code RequestDisallowedByAzure. Upon further examination to others who have had this problem, it seems that…