azure-policy

azure-policy copied to clipboard

The current built-in policy definition "/providers/Microsoft.Authorization/policyDefinitions/9a7c7a7d-49e5-4213-bea8-6a502b6272e0" ("Deploy Diagnostic Settings for Azure SQL Database to Event Hub") does not contain "eventHubLocation" as a parameter. Comparing to e.g. "/providers/Microsoft.Authorization/policyDefinitions/edf3780c-3d70-40fe-b17e-ab72013dafca" ("Deploy Diagnostic Settings...

tom-ditlev

Deploy - Configure diagnostic settings for SQL Databases to Log Analytics workspace should exclude the master database

1

#### Details of the scenario you tried and the problem that is occurring This policy is returning a non compliant status on synapse master databases. The issue is that it...

Pedroms1

Deploy - Diagnostic Settings SQL Server should exclude Synapse Workspace under water SQL Server

1

Currently we see that the builtin policy for setting Diagnostic Settings is displaying that Synapse Workspace (with underwater SQL Server) is not compliant. This is not a normal SQL Server...

spoelly

**ISSUE TITLE:** For the policy "Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'": On is ambiguous. **ISSUE DESCRIPTION** Can you please explicitly point out both "require/allow"...

mspatlin

#### Details of the scenario you tried and the problem that is occurring Several policies are not applying to gen2 Ubuntu VM's. See all policies in this list - https://github.com/Azure/azure-policy/search?q=18.04-LTS....

jamesw4

Azure Security Benchmark Initiative: missing parameter for an included policy

1

The 'Azure Security Benchmark' initiative includes the 'Kubernetes clusters should disable automounting API credentials' policy. It however does not include a parameter to set the 'excludedNamespaces' on that specific policy....

staal-it

Issue with Policy "IP Forwarding on your virtual machine should be disabled"

1

While I am creating the ARO cluster I get an error like this from time2time. "errorMessage": "Unable to evaluate policy with definition '/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744/' and assignment '/subscriptions//providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn/'. The request to retrieve...

mifurm

KeyVault_SoftDeleteMustBeEnabled_Audit policy rule seems defined incorrectly

2

I am trying to create a KeyVault with 2019-09-01 API version. [The docs](https://docs.microsoft.com/en-us/azure/templates/microsoft.keyvault/2019-09-01/vaults?tabs=bicep) say that `enableSoftDelete` will be set to `true` if it is not set, so I do not...

yaskovdev

New Kubernetes policy: required liveness/ readiness probes policy

4

This policy will allow to define if liveness/ readiness probes are required in a pod deployment.

denniszielke

Update known issues

1

Updating the known issues about Microsoft.Web/hostingEnvironment this is in response to incident below: https://portal.microsofticm.com/imp/v3/incidents/details/216516652/home

cemheren