Azure/azure-policy
Repository for Azure Resource Policy built-in definitions and samples
Open Policy AgentMIT
Issues
- 0
Enrich built-in policies with the deny effect
#1403 opened by RoboK8 - 1
Configure virtual networks to enforce workspace, storage account and retention interval for Flow logs and Traffic Analytics: Needs to assess Microsoft.Network/networkWatchers/flowLogs/provisioningState
#1402 opened by jcetina - 0
10a43735-527c-46f0-a95c-954a8f9594dc - Ensure 'Windows Firewall: Public: Settings: Apply local connection security rules' is set to 'Yes'
#1401 opened by PresidentCamach0 - 1
Cannot limit allowed cognitive services types/kind
#1400 opened by adameska - 4
- 0
- 0
Enable logging by category group for Network security groups (microsoft.network/networksecuritygroups) to Event Hub: Non existent default option 'audit'
#1397 opened by thedevopsjedi - 1
- 1
Do not apply "* should restrict network access" and "* should have firewall enabled" to Private-Link Resources
#1392 opened by benjaminpieplow - 0
Alias request: Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.scheduledEventsProfile.terminateNotificationProfile
#1393 opened by sdx-jkataja - 0
Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data: Issue with deployed policy via terraform
#1390 opened by derchristian56 - 0
Correct the casing on the RoleDefintionIds
#1387 opened by pmatthews05 - 0
- 0
Behavior of the built-in policy “Azure AI Services resources should restrict network access”.
#1384 opened by wada10 - 0
Configure Azure Defender for servers to be enabled : Why is deployment location hardcoded to westeurope?
#1383 opened by cjtous1 - 0
Configure Backup Policies missing Ubuntu 24.04
#1381 opened by jbarrancos - 0
Request for alias to manage Microsoft.Security/securityContacts.emails
#1378 opened by KrzysztofParys - 0
Question:
#1375 opened by dheeban0111 - 0
Question: Why is the deny/block public access policy for Cognitive services deprecated?
#1374 opened by odee79 - 0
Wildcard use in role and cluster role policy does not support list of exclude clusterrole.
#1372 opened by sumanraja - 0
Feature tracker: Data Replication for Custom Policy
#1371 opened by anlandu - 0
Audit diagnostic setting for selected resource types: false positive for `microsoft.automation/automationaccounts`, `microsoft.keyvault/vaults`, and `microsoft.network/publicipaddresses`
#1370 opened by sanderaernouts - 0
Audit diagnostic setting for selected resource types: false positive for `microsoft.network/networkinterfaces`
#1369 opened by sanderaernouts - 1
Connection string related policy not working | Microsoft.Web/sites/siteConfig.connectionStrings
#1368 opened by Sermandurai-Azure - 0
Sample Custom policy to deny any secret creation without expiration date which is 180 days more/less than creation date
#1365 opened by khushbu985 - 2
[azure-policy-vscode-extension][bug] : Extension fails to initialize when Azure Account@0.12.0 is installed
#1362 opened by asilverman - 0
[azure-policy-vscode-extension][Feature Request]: Add Policy JSON Schema Validation as Part of the Extension
#1363 opened by asilverman - 0
Feature Request: Please consider adding a label `azure-policy-vscode-extension`
#1361 opened by asilverman - 0
Azure Machine Learning CMK policy bug
#1344 opened by HermenOtter - 0
Incorrect Description in Policy Set Definition
#1358 opened by stefanstranger - 0
Make aliases modifiable
#1356 opened by nuts2890 - 3
Azure Policy Rules do not support Management Groups
#1304 opened by s4parke - 0
- 3
[Preview]: Assign Built-In User-Assigned Managed Identity to Virtual Machines - Permissions issue when scoped to resource group.
#1311 opened by phill-lewis - 0
Storage accounts should restrict network access using virtual network rules: Doesn't check if PublicNetworkAccess is disabled
#1345 opened by fcm1997 - 0
Support for SnowflakeV2 allowedValues parameter using builtin assignment ADF_allowed_linked_service_resource_types
#1334 opened by luca-gervasi-od - 0
Provide parameters to Audit or Disable the scan of Microsoft Defender options
#1333 opened by JamesDLD - 0
- 0
- 1
Email notification for high severity alerts should be enabled: Validates that email notifications are off rather than on
#1318 opened by mattias-fjellstrom - 1
Microsoft.MachineLearningServices/workspaces/computes not recognizable
#1323 opened by jayendranarumugam - 3
Email notification for high severity alerts should be enabled: Validates that email notifications are off rather than on
#1312 opened by erenes - 0
Setup subscriptions to transition to an alternative vulnerability assessment solution - contains hardcoded location eastus
#1309 opened by aavdberg - 0
Managed identity over-provisioning of RBAC role for policy 'Configure periodic checking for missing system updates on azure virtual machines'
#1305 opened by eehret - 0
[Preview]: Configure ChangeTracking Extension for Linux virtual machines: Azure Policy does not support Red Hat 9.*
#1303 opened by neok-g - 0
- 0
Storage accounts - cross tenant object replication policy should get updated to reflect the new behavior
#1299 opened by rasitha1 - 0
Policy effect types are declared twice
#1298 opened by gerbermarco - 0
"[Preview]: Assign Built-In User-Assigned Managed Identity to Virtual Machines" for a UAMI in another subscription
#1297 opened by joaosa-microsoft - 0