Is AzurePolicy applied topdown? I am applying it in MgmtGroup where it has Sub but no go.

%3CLINGO-SUB%20id%3D%22lingo-sub-1236614%22%20slang%3D%22en-US%22%3EIs%20AzurePolicy%20applied%20topdown%3F%20I%20am%20applying%20it%20in%20MgmtGroup%20where%20it%20has%20Sub%20but%20no%20go.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1236614%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20trying%20to%20apply%20Azure%20Policy%20in%20ManagementGroup%20but%20no%20go.%26nbsp%3B%20I%20tried%20in%20subscription%20and%20it%20works%20fine.%26nbsp%3B%20I%20thought%20you%20can%20apply%20policy%20in%20MgmtGroup%20in%20the%20subscription%2C%20and%20subscription%20will%20inherit%20the%20policy%20(top%20down).%26nbsp%3B%20Anyone%20can%20provide%20clarification%20on%20this%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20structure%20is%20like%20this%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20MgmtGroup1%26nbsp%3B%20(AzPolicy%20-%20allowed%20location)%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%7C___%20Subscription1%3C%2FP%3E%3CP%3E%26nbsp%3B%20MgmtGroup2%20(AzPolicy%20-%20allowed%20location)%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%7C__%20Subscription%202%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1236614%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eazure%20blueprints%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Management%20Groups%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Policy%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Resource%20Manager%20Deployments%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1239457%22%20slang%3D%22en-US%22%3ERe%3A%20Is%20AzurePolicy%20applied%20topdown%3F%20I%20am%20applying%20it%20in%20MgmtGroup%20where%20it%20has%20Sub%20but%20no%20go.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1239457%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F558687%22%20target%3D%22_blank%22%3E%40cloudcrazy%3C%2FA%3E%2C%26nbsp%3Bwhen%20a%20Policy%20is%20assigned%20at%20a%20Management%20Group%20(MG)%20scope%2C%20all%20the%20subscriptions%20belonging%20to%20the%20MG%20will%20inherit%20the%20policy.%20Can%20you%20double%20check%20if%20you%20assigned%20the%20policy%20to%20the%20right%20scope%3F%20Is%20the%20policy%20enforcement%20enabled%20(you%20can%20check%20this%20in%20the%20assignment%20details)%3F%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22hspinto_0-1584643754971.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F178225i7677B29B6C8542F8%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22hspinto_0-1584643754971.png%22%20alt%3D%22hspinto_0-1584643754971.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I am trying to apply Azure Policy in ManagementGroup but no go.  I tried in subscription and it works fine.  I thought you can apply policy in MgmtGroup in the subscription, and subscription will inherit the policy (top down).  Anyone can provide clarification on this?

 

My structure is like this

    MgmtGroup1  (AzPolicy - allowed location)

            |___ Subscription1

  MgmtGroup2 (AzPolicy - allowed location)

            |__ Subscription 2

1 Reply

@cloudcrazy, when a Policy is assigned at a Management Group (MG) scope, all the subscriptions belonging to the MG will inherit the policy. Can you double check if you assigned the policy to the right scope? Is the policy enforcement enabled (you can check this in the assignment details)?

hspinto_0-1584643754971.png