Forum Discussion

sreeky's avatar
sreeky
Copper Contributor
Nov 07, 2023

Unable to exempt a resource in Defender for cloud

Hi Folks,

 

I am getting an error while trying to exempt a resource from Microsoft defender for cloud.

I have all the required permissions and I can see this error only in 4 of my subscriptions while the same exemption is working in other subscriptions. 

Can anyone please help me to understand the issue??

 

The error observed is pasted below:

 

Creating a disable rule on selected items failed.
{"type":"MsPortalFx.Errors.AjaxError","baseTypes":["MsPortalFx.Errors.AjaxError","MsPortalFx.Errors.Error"],"data":{"uri":"https://management.azure.com/providers/Microsoft.Management/managementgroups/xxxxxx/providers/Microsoft.Authorization/policyAssignments/xxxx?api-version=2022-06-01","type":"PUT","pathAndQuery":"","requestId":"xxxxx","failureCause":"","sessionId":"xxxxx","commandName":"Microsoft_Azure_Security.","status":400,"statusText":"error","duration":1793.3999999761581},"extension":"Microsoft_Azure_Security","errorLevel":2,"timestamp":11408643.299999952,"name":"AjaxError","innerErrors":[],"textStatus":"error","errorThrown":"","jqXHR":{"readyState":4,"responseText":"{\"error\":{\"code\":\"PolicyEntityMetadataTooLarge\",\"message\":\"The policy entity 'xxxx' is invalid. The size of the metadata property is '65900' bytes, which exceeds the limit of '65536' bytes.\"}}","responseJSON":{"error":{"code":"PolicyEntityMetadataTooLarge","message":"The policy entity 'xxxxx' is invalid. The size of the metadata property is '65900' bytes, which exceeds the limit of '65536' bytes."}},"status":400,"statusText":"error"}}

  • Hi sreeky,

    the error you're seeing is "PolicyEntityMetadataTooLarge," which means that the metadata for the policy entity you're trying to exempt is too large. The maximum size for policy entity metadata is 65,536 bytes, and the metadata for the policy entity you're trying to exempt is 65,900 bytes.

    This error is only happening in 4 of your subscriptions because the policy entity metadata is larger than 65,536 bytes in those subscriptions. In your other subscriptions, the policy entity metadata is smaller than 65,536 bytes, so the exemption is working.

    To fix this error, you need to reduce the size of the metadata for the policy entity to 65,536 bytes or less. You can do this by removing any unnecessary metadata from the policy entity.

    Once you have reduced the size of the metadata, you should be able to exempt the resource without any problems.

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

  • LeonPavesic's avatar
    LeonPavesic
    Silver Contributor

    Hi sreeky,

    the error you're seeing is "PolicyEntityMetadataTooLarge," which means that the metadata for the policy entity you're trying to exempt is too large. The maximum size for policy entity metadata is 65,536 bytes, and the metadata for the policy entity you're trying to exempt is 65,900 bytes.

    This error is only happening in 4 of your subscriptions because the policy entity metadata is larger than 65,536 bytes in those subscriptions. In your other subscriptions, the policy entity metadata is smaller than 65,536 bytes, so the exemption is working.

    To fix this error, you need to reduce the size of the metadata for the policy entity to 65,536 bytes or less. You can do this by removing any unnecessary metadata from the policy entity.

    Once you have reduced the size of the metadata, you should be able to exempt the resource without any problems.

    Please click Mark as Best Response & Like if my post helped you to solve your issue.
    This will help others to find the correct solution easily. It also closes the item.


    If the post was useful in other ways, please consider giving it Like.


    Kindest regards,


    Leon Pavesic
    (LinkedIn)

    • sreeky's avatar
      sreeky
      Copper Contributor

      Hi Leon,


      Appreciate your response to my question.


      From your reply - "To fix this error, you need to reduce the size of the metadata for the policy entity to 65,536 bytes or less. You can do this by removing any unnecessary metadata from the policy entity."


      Can you let me know as how to perform this?

      • LeonPavesic's avatar
        LeonPavesic
        Silver Contributor

        Hi sreeky,

        thanks for your update.

        Sure, here are the steps on how to reduce the size of the metadata for the policy entity to 65,536 bytes or less:

        1. Identify the policy entity that is causing the error. You can do this by checking the error message. The error message will include the name of the policy entity.
        2. Retrieve the metadata for the policy entity. You can use the Get-AzPolicyDefinition cmdlet to retrieve the metadata for a policy entity.
        3. Identify the unnecessary metadata. Once you have the metadata for the policy entity, you can identify the unnecessary metadata. This may include any metadata that is not required for the policy entity to function properly.
        4. Remove the unnecessary metadata. You can use the Set-AzPolicyDefinition cmdlet to remove metadata from a policy entity.

        Here is an example of how to use the Get-AzPolicyDefinition cmdlet to retrieve the metadata for a policy entity:

         

        Get-AzPolicyDefinition -Name "PolicyEntityName"

         

        Get-AzPolicyDefinition (Az.Resources) | Microsoft Learn


        Then you need to choose what metada is not important and remove it.

        Here is an example of how to use the Set-AzPolicyDefinition cmdlet to remove metadata from a policy entity:

         

        Set-AzPolicyDefinition -Name "PolicyEntityName" -Metadata @{
            "UnnecessaryMetadata" = $null
        }

         

        Set-AzPolicyDefinition (Az.Resources) | Microsoft Learn

        Once you have removed the unnecessary metadata, you should be able to exempt the resource without any problems.

        Please click Mark as Best Response & Like if my post helped you to solve your issue.
        This will help others to find the correct solution easily. It also closes the item.


        If the post was useful in other ways, please consider giving it Like.


        Kindest regards,


        Leon Pavesic
        (LinkedIn)

Resources