Help! My Azure policy is not firing!

Lately, I was involved in auto-provisioning a complete Azure governance setup. The automation was done through Azure CLI, as this offered the most flexible solution for my customer. Policy definitions were created via the az policy definition create command. While most of the policies just worked fine, I had issues with some of them. I lost quite some time to find out why…

I figured out that the policies that did not fire, were scoped to resource groups. This got me thinking of the different policy definition modes. Stating the documentation:

The mode determines which resource types are evaluated for a policy definition. The supported modes are:

all: evaluate resource groups, subscriptions, and all resource types
indexed: only evaluate resource types that support tags and location

The reason why my Azure policy rule was not firing, was because Azure CLI uses the indexed mode by default. This mode does not evaluate resource groups. Explicitly adding the –mode All, solved my problem and all Azure policies behaved as expected.

Hopefully this can save you some troubleshooting time!
Toon

← Previous post Next post →

UPCOMING TRAININGS

CHECK OUT OUR TRAININGS

Azure Integration Services

Azure Migration

Azure Governance

Azure Security

Azure Foundations

Recent Posts

Categories

Toon Vanhoutte

Azure Integration Services & Serverless

Wim Matthyssen

Azure Infra, Security & Governance

Alan Smith

Azure Development and AI/ML

Tim Hermie

Azure Identity and Security

Stéphane Eyskens

Cloud-native Azure architecture

Geert Baeke

Azure Kubernetes Service & Containerization

Maik van der Gaag

Azure Infrastructure as Code & DevOps

Bart Verboven

Azure Infra, Security & Governance

Sammy Deprez

Azure AI, ML & Cognitive Services

Sander van de Velde

Azure IoT

Any question?
Don’t hesitate to get in touch!