Alias request: "Microsoft.Subscription/SubscriptionDefinitions/state"

Question

Alias request: "Microsoft.Subscription/SubscriptionDefinitions/state"

AnkitPathak41 opened this issue 4 months ago · 0 comments

Scenario

Need to use Azure Policy to deny changing the state of disabled subscription under decommissioned management group to maintain the state of subscriptions following the CAF model.

Definition

{
  "properties": {
    "displayName": "Deny Enabling Disabled Subscriptions",
    "description": "Ensures that subscriptions in a disabled state remain disabled and cannot be reactivated.",
    "metadata": {
  
      "category": "Subscriptions"
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "Microsoft.Subscription/SubscriptionDefinitions/state",
            "equals": "Enabled"
          },
          {
            "field": "Microsoft.Subscription/SubscriptionDefinitions/state",
            "notEquals": "Disabled"
          }
        ]
      },
      "then": {
        "effect": "Deny"
      }
    }
  }
}