Matt White

Hi @adhodgson1 Agree with the recommendation to move the NSG policy to Audit. You can do this using `archetype_config_overrides` or using archetype extensions. The above example from @heintonny comes from...

@adhodgson-wpp see #427

Also @adhodgson-wpp, yes you do need to be able to write roleAssignments on a subscription to move it. This is documented here: https://docs.microsoft.com/en-gb/azure/governance/management-groups/overview#moving-management-groups-and-subscriptions

> @krowlandson, @jfaurskov, @matt-FFFFFF - do we agree we should bootstrap this in all RIs - even though it cant be policied Yes. I think we should enable if we...

See upstream PR: * hashicorp/terraform-provider-azurerm#14518

Hi @rhyspaterson Thanks for logging this request! Initial investigation seems like this could be challenging because of the constraint on the API authentication for the `monitor_aad_diagnostic_setting` resource. This would break...

Hi, You can use the resource id to access the value in the map. This is knowable as you have used the subscription id as an input to the module...

Glad to help - I will leave this open to track

I have one concern that we are using a Bicep data structure to store the configuration for the public/mc/ff policies. This should be in a common data format like JSON...

Thanks for your detailed use case information @rfk-nc We will keep this issue open to track the request and prioritize accordingly.