Forum Widgets
Latest Discussions
Amortized costs in Azure Budgets
Currently Azure budgets can only evaluate actual spend, there is no option to evaluate amortized cost. This results in inaccurate representation of spend when RI's are in play. Does anyone know if this is on the roadmap to be released in Budgets any time soon? In Cost Analysis you can already switch between actual and amortized view but nothing similar in budget configurations yet. Thanks you!
Microsoft's inconsistent implementation of tagging in Azure
We revamped our Azure resource tagging strategy several years ago and rely on them heavily for #Governance and #FinOps. We not only enforce #tags via #AzurePolicy, we also enforce tag values based on a set of permissible values for each tag. Even with that in place we experience some drift due to exclusions required in the policy definition or exemptions in the policy assignments. I won't get into why this flexibility is needed here, that's a whole separate discussion. Establishing a sound tag hygiene process becomes a vital component of your overall governance and FinOps strategies. One method we employ for tag hygiene is to surface the non-compliant resources in a #PowerBi report using an #AzureResourceGraph (ARG) query. Yes, you can do this in the Compliance section of Azure Policy as well however it lacks ease of use. For example, flipping back and forth between policies, filtering by subscriptions, surfacing other linked metadata is a cumbersome experience in the Azure Policy blade. Now onto my frustrations with how Microsoft has implemented tagging across Azure. 1. Inconsistent application of Tag case-sensitivity across tools - In Azure Policy and in the Azure portal, tag names are case-insensitive whereas tag values are case-sensitive. - In Azure Resource Graph Explorer, both tag names and tag values are case-sensitive. - Why is there inconsistency with case-sensitivity of tag names? 2. Inconsistent Tag validation across Resource Types - When deploying a Storage Account, Azure validates my tag policy before I am able to hit the create button (before it's submitted to ARM) whereas when deploying a resource like a Public IP Address, that validation only occurs after you hit the create button. This likely happens with other resource types as well. By the way, my tagging policy specifies "Indexed" for mode, so in effect it should apply to any and all resources that support tagging in Azure. - Why is does the evaluation of the tag policy differ based on the resource being deployed? 3. Inconsistent Tag UX across Resource Types - When deploying a Storage Account, the tags input is a drop-down list. However, when deploying an Azure Virtual Machine, the tags input is a textbox. Although the latter makes use of predictive text, it's still clearly a different experience. This inconsistency is found across multiple Azure resources. - Why is the tag UX different between resource types? I realize some of this is addressed or is less of a concern when using IaC but that may not be for everyone, or work in all scenarios. It would be great if Microsoft could standardize their implementation of tagging resources uniformly across the entire Azure estate. In my opinion I don't think that's a huge ask.
We've moved! Azure portal team here
Hello Tech Community! Welcome to the new home for announcements, discussions, feedback and anything Azure portal. We will use this space to share any updates about the Azure portal with you, as well as to hear your feedback. Over the last few months, we've started a few initiatives to help you better understand how to be more productive using the Azure portal, and to become aware of any enhancements that we ship. From our Azure portal how-to YouTube playlist, to the monthly blogs and product documentation, we will now focus on sharing these news with you here, on the Tech Community. We will still rely on the feedback forum to get feature requests, as it offers a rich platform that allows discussions and upvoting of requests. To get started on our discussions, have a look at everything that's new in the Azure portal in the month of June and let us know what you think. The Azure portal is built by a large team of engineers who is always hard at work focusing on improving the Azure user experience. We're always eager to get your feedback and learn how can we make your experience even better, so feel free to use this space to bring questions and express your feedback or any thoughts about Azure user experience.
Restrict Cost Consumption by using Azure Automation, Budget and Policy
Video See the demo video by using below link Demonstration Video Automation Runbook Logic Logic which set tag value once threshold exceeds # Authenticate using Managed Identity (recommended for Automation Accounts) Connect-AzAccount -Identity # Define Subscription ID and Reset Tag $subscriptionId = (Get-AzContext).Subscription.Id $tags = @{ "cost exceeded" = "yes" } # Resetting the tag value # Update the tag Update-AzTag -ResourceId "/subscriptions/$subscriptionId" -Tag $tags -Operation Merge Write-Output "Tag 'cost exceeded' reset to 'yes' for subscription $subscriptionId" Logic which reset tag value every month # Authenticate using Managed Identity (recommended for Automation Accounts) Connect-AzAccount -Identity # Define Subscription ID and Reset Tag $subscriptionId = (Get-AzContext).Subscription.Id $tags = @{ "cost exceeded" = "no" } # Resetting the tag value # Update the tag Update-AzTag -ResourceId "/subscriptions/$subscriptionId" -Tag $tags -Operation Merge Write-Output "Tag 'cost exceeded' reset to 'no' for subscription $subscriptionId" Azure Policy Logic { "properties": { "displayName": "budget", "policyType": "Custom", "mode": "All", "metadata": { "version": "1.0.0", "createdBy": "f6bb4303-e52d-4cba-9790-01f0798164b7", "createdOn": "2025-03-13T05:08:05.8483517Z", "updatedBy": "f6bb4303-e52d-4cba-9790-01f0798164b7", "updatedOn": "2025-03-13T06:32:35.1740944Z" }, "version": "1.0.0", "parameters": {}, "policyRule": { "if": { "allOf": [ { "field": "type", "notEquals": "Microsoft.Resources/subscriptions" }, { "value": "[subscription().tags['cost exceeded']]", "equals": "yes" } ] }, "then": { "effect": "Deny" } }, "versions": [ "1.0.0" ] }, }
Private Marketplace collections permissions
To be able do delegate permissions in Private Marketplace, setting permissions on collections would be great. Currently only Marketplace Administrators (set on tenant level) can manage collections. On Enterprise level it would be great to able to delegate these permissions. We mainly can solve the problem to add a subscription to a collection. Using Management Groups as scope in Private Marketplace collections might be another option to solve that problem.How to export Azure Compliance Data for NIST 800-53 r4 in a PDF format
I am doing security audit and have to provide recommendations to my customer based on the Audit outcome. I have created a NIST 800-53 R4 Policy Initiative and assigned it to few subscriptions. So i would like to export this compliance report now in the form of a PDF or a CSV. How is that possible? I don't see any option to export the compliance report. You get this option in Azure Security Center for CIS, PCI DSS, SOC TSP and ISO 27001. I want something like that in Azure Policy. Can anyone help me with this or provide some pointers. Thanks
