azure-policy

azure-policy copied to clipboard

Enhancement: NetworkSecurityGroup_FlowLog_TrafficAnalytics_Deploy.json should support retention logs and duration

6

**ISSUE TITLE:** NetworkSecurityGroup_FlowLog_TrafficAnalytics_Deploy.json has default retention hardcore to '0' day (which unlimited days) and enabled "false". Enhancement should be done for allowing to enable NSG flow logs retention as well...

spotakash

Add App Service FTPsState Aliases to be modifiable

1

Hi, is there any ways you can make these aliases to be modifiable aliases? (so we can use modify policy effect) Microsoft.Web/sites/config/ftpsState Microsoft.Web/sites/slot/config/ftpsState We want our business users to be...

YiHe2022

Deploy to Azure Buttons Not Working for Custom Image Polic Sample

1

Policy: Allowed-Custom-Images Problem: When using the "Deploy to Azure" buttons for either Azure Cloud, the portal throws an error on the JSON: "Unexpected token u in JSON at position 0"....

djtech2k-MS

"[Preview]: Configure Azure Kubernetes Service clusters to enable Defender profile" uses old API version

1

"[Preview]: Configure Azure Kubernetes Service clusters to enable Defender profile" uses old API version "2015-11-01-preview". As the result, when we apply this policy, it will be failed because we can...

jyama4ta

Scenario Need to use Azure Policy to set diagnostics settings on an app service, the log categories differ from plan, for example Anti virus logs are only supported on premium...

erwinkramer

Unable to get deny effect using azure policy on sql db creation when azure hybrid benefit is not enabled

1

Hi, I tried below policy to deny sql db creation when azure hybrid is not enabled whereas audit effect is working fine. Deny effect still allows me to create but...

adapaharsha

Currentlty the categories of the diagnostic policy for event hub is running behind on what is actually available: Current policy implementation: ``` { "category": "ArchiveLogs", "enabled": true, "retentionPolicy": { "enabled":...

swupdiedoowap

#### Details of the scenario you tried and the problem that is occurring Azure Function App (linux, python) is incorrectly registering as failing this policy. #### Verbose logs showing the...

JohnDelisle

Container images should be deployed from trusted registries only: Query should be done on Image ID instead of Image

2

#### Details of the scenario you tried and the problem that is occurring The policy seems to trigger on the Image value which does not show the registry in the...

StephanZaat

Improve ACR (azurecr.io) example regex

7

The old version, `^.+azurecr.io/.+$`, has four problems: * Strings like `evil.com/contoso.azurecr.io/foo` match. * Strings like `evilazurecr.io/foo` match. * Strings like `contoso.azurecraio/foo` match. * "Unescaped forward slash. This may cause issues...

SimonAlling