Azure Policy - What’s the length of Policy assignments name?

Published 02-04-2021 01:31 AM 1,646 Views
Microsoft

Introduction:

This Blog will discuss the length of Azure Policy Assignment name using Powershell script and Terraform. And clarify what is resource name and display name of Azure Policy Assignments

Azure Policy can evaluate resources in Azure Resource Manager by comparing the properties of resources with the policy rules. These rules in JSON format are known as Policy Definition. These Policy can be assigned in scopes like Subscription, Management Group which is known as Policy Assignment.

Terraform is an open-source tool for provisioning and managing cloud infrastructure. It also supported by Azure.  We can also use Terraform to assign Azure Policies.

If you’re not familiar with Azure policy or Terraform please read these documents about Azure Policy, Terraform with Azure, Azure Policy with Terraform  and Implementing Azure Policy using Terraform.

 

Discussion:

You may already have experience in using Azure Policy, but did you pay attention to what’s the maximum length for Azure Policy Assignment name? And did you notice there’re display name and resource name for Azure Policy Assignments?

Based on this document Azure Name rules, we know that

policyAssignments

scope of assignment

1-128 display name

1-64 resource name

1-24 resource name at management group scope

Display name can contain any characters.

Resource name can't include % and can't end with period or space

 

The above document mentions the length of display name and resource name. Especially for Management Group, only 24 characters can used for the resource name.

So, if the length is more than 24 characters, what’s the error would you get?  Now let’s start a test for it.

 

Tests:

Powershell:

Using Powershell there is a script can assign Policy, here is the refence link for your interesting New-AzureRmPolicyAssignment (AzureRM.Resources) | Microsoft Docs

New-AzureRmPolicyAssignment

   -Name <String>

   -Scope <String>

   [-NotScope <String[]>]

   [-DisplayName <String>]

   [-Description <String>]

   [-PolicyDefinition <PSObject>]

   [-PolicySetDefinition <PSObject>]

   [-Metadata <String>]

   [-Sku <Hashtable>]

   [-AssignIdentity]

   [-Location <String>]

   [-ApiVersion <String>]

   [-Pre]

   [-DefaultProfile <IAzureContextContainer>]

   [-InformationAction <ActionPreference>]

   [-InformationVariable <String>]

   [<CommonParameters>]

Here are two parameters Name and DisplayName. So how to run this script?

To run this script, I need get the Definition ID using Get-AzPolicyDefinition

$definition = Get-AzPolicyDefinition | Where-Object { $_.Properties.DisplayName -eq 'Audit VMs that do not use managed disks' }

  • First, I tried to use Name with value “Audit VMs without managed disks npdi1_csam1_CC001321121_PublicIP” it’s 64 characters. And Display Name as “'Audit VMs without managed disks Assignment npdi1_csam1_CC00_PublicIP VMs without managed disks npdi1_csam1_CC001321121_PublicIP” it’s 127 characters.  Then assigned it in my Management group.

Then I got error The assignment name must not exceed ‘24’ characters

Scarlett_liu_10-1611913249901.png

 

  • And then I change the Name to “Audit VMs no PublicIP”,  I can create Policy Assignment successfully.

Scarlett_liu_9-1611913175408.png

 

  • After that I change Display name to “Audit VMs without managed disks Assignment npdi1_csam1_CC00_PublicIP VMs without managed disks npdi1_csam1_CC001321121_PublicIPAA” it’s 129 characters.

The error shows “The policy assignment 'Audit VMs no PublicIP' display name exceeded the allowed length limit. Current length: '129', allowed maximum length: '128'.

Scarlett_liu_8-1611913156959.png

 

 

Now we check in Azure portal, shows the successful Policy Assignment “Audit VMs without managed disks Assignment npdi1_csam1_CC00_PublicIP VMs without managed disks npdi1_csam1_CC001321121_PublicIP”

Meanwhile the name “Audit VMs no PublicIP” is used I the Assignment ID.

Scarlett_liu_14-1611913607536.png

So, in PowerShell Script the parameter name is limited by resource name mentioned in Azure Name rules,. And if the Policy is assigned in Management Group scope, the maximum length is 24 characters.

And the parameter DisplayName is limited by display name in Azure Name rules less than 128 characters.

Based on the test above we also know that the Assignment name we checked in Azure portal is the display name.

Terraform:

To test in Terraform, you need to understand the way to assign a Policy in Terraform, you can check in the document above or from here again Azure Policy with Terraform  

Similar like Powershell script, it also has name and display name. Here I also use Management Group as the scope.

provider "azurerm" {

    version = "2.35.0"

    features {}

}

 

resource "azurerm_policy_assignment" "npdi1_csam1_CC0_PublicIP" {

    name = " Audit VMs without managed disks npdi1_csam1_CC001321121_PublicIP "

    scope = "/providers/Microsoft.Management/managementGroups/testmymanagement"

    policy_definition_id = "/providers/Microsoft.Management/managementGroups/testmymanagement/providers/Microsoft.Authorization/policyDefinitions/23a424a8-d05c-4824-916a-d9422272d299"

    description = "Shows all virtual machines not using managed disks"

    display_name = "Audit VMs without managed disks Assignment npdi1_csam1_CC00_PublicIP VMs without managed disks npdi1_csam1_CC001321121_PublicIP"

}

I got same error with Powershell Script.

Scarlett_liu_4-1611912695358.png

Then change Name to “Audit VMs no PublicIP” an display name to “Audit VMs without managed disks Assignment npdi1_csam1_CC00_PublicIP VMs without managed disks npdi1_csam1_CC001321121_PublicIPAA”. We have same error for display name exceed to 128 characters.

Scarlett_liu_12-1611913371747.png

 

 

Summary

  • From this test we know that the resource name use in Azure Policy Assignment is the last part of Assigment ID.
  • The display name is the Assignment name that show in Azure portal.

Scarlett_liu_13-1611913413034.png

Please pay attention about the length of  name and display name when you assign a Policy in PowerShell script and Terraform.

Welcome to provide your comments about this blog.

2 Comments
Senior Member

@Scarlett_liu do you know if Microsoft is planning on updating the length for the Resource Name when it comes to Management Groups so that is matches it's "cousins"? The a length of 24 characters is extremely limiting especially when trying to automate things.

Microsoft

hi, @Greg Lloyd  thanks for contacting me here.

I will confirm with our backed whether we have plan to update the Resource name length for Management Group. You also can provide your feedback to here https://feedback.azure.com/. Your needs always important to us  :lol:

%3CLINGO-SUB%20id%3D%22lingo-sub-2108008%22%20slang%3D%22en-US%22%3EAzure%20Policy%20-%20What%E2%80%99s%20the%20length%20of%20Policy%20assignments%20name%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2108008%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EIntroduction%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EThis%20Blog%20will%20discuss%20the%20length%20of%20Azure%20Policy%20Assignment%20name%20using%20Powershell%20script%20and%20Terraform.%20And%20clarify%20what%20is%20resource%20name%20and%20display%20name%20of%20Azure%20Policy%20Assignments%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EAzure%20Policy%3C%2FSTRONG%3E%20can%20evaluate%20resources%20%3CSTRONG%3Ein%20Azure%20Resource%20Manager%3C%2FSTRONG%3E%20by%20comparing%20the%20properties%20of%20resources%20with%20the%20policy%20rules.%20These%20rules%20in%20JSON%20format%20are%20known%20as%20%3CSTRONG%3EPolicy%20Definition.%3C%2FSTRONG%3E%20These%20Policy%20can%20be%20assigned%20in%20scopes%20like%20Subscription%2C%20Management%20Group%20which%20is%20known%20as%20%3CSTRONG%3EPolicy%20Assignment.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ETerraform%3C%2FSTRONG%3E%20is%20an%20open-source%20tool%20for%20provisioning%20and%20managing%20cloud%20infrastructure.%20It%20also%20supported%20by%20Azure.%26nbsp%3B%20We%20can%20also%20use%20Terraform%20to%20assign%20Azure%20Policies.%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIf%20you%E2%80%99re%20not%20familiar%20with%20Azure%20policy%20or%20Terraform%20please%20read%20these%20documents%20about%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fpolicy%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Policy%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdeveloper%2Fterraform%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ETerraform%20with%20Azure%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fpolicy%2Fassign-policy-terraform%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Policy%20with%20Terraform%20%3C%2FA%3E%26nbsp%3Band%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-paas-blog%2Fimplementing-azure-policy-using-terraform%2Fba-p%2F1423775%22%20target%3D%22_blank%22%3EImplementing%20Azure%20Policy%20using%20Terraform%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EDiscussion%3C%2FSTRONG%3E%3A%3C%2FP%3E%0A%3CP%3EYou%20may%20already%20have%20experience%20in%20using%20Azure%20Policy%2C%20but%20did%20you%20pay%20attention%20to%20what%E2%80%99s%20the%20%3CSTRONG%3Emaximum%20length%3C%2FSTRONG%3E%20for%20Azure%20Policy%20Assignment%20name%3F%20And%20did%20you%20notice%20there%E2%80%99re%20%3CSTRONG%3Edisplay%20name%3C%2FSTRONG%3E%20and%20%3CSTRONG%3Eresource%20name%3C%2FSTRONG%3E%20for%20Azure%20Policy%20Assignments%3F%3C%2FP%3E%0A%3CP%3EBased%20on%20this%20document%20%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-resource-manager%2Fmanagement%2Fresource-name-rules%23microsoftauthorization%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Name%20rules%3C%2FA%3E%3C%2FSPAN%3E%2C%20we%20know%20that%3C%2FP%3E%0A%3CTABLE%20width%3D%22599%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%3E%3CP%3EpolicyAssignments%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3Escope%20of%20assignment%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3E1-128%20display%20name%3CBR%20%2F%3E%3CBR%20%2F%3E1-64%20resource%20name%3CBR%20%2F%3E%3CBR%20%2F%3E1-24%20resource%20name%20at%20management%20group%20scope%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%3E%3CP%3EDisplay%20name%20can%20contain%20any%20characters.%3CBR%20%2F%3E%3CBR%20%2F%3EResource%20name%20can't%20include%26nbsp%3B%25%26nbsp%3Band%20can't%20end%20with%20period%20or%20space%3C%2FP%3E%0A%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20above%20document%20mentions%20the%20length%20of%20display%20name%20and%20resource%20name.%20Especially%20for%20%3CSTRONG%3EManagement%20Group%3C%2FSTRONG%3E%2C%20only%2024%20characters%20can%20used%20for%20the%20%3CSTRONG%3Eresource%20name%3C%2FSTRONG%3E.%3C%2FP%3E%0A%3CP%3ESo%2C%20if%20the%20length%20is%20more%20than%2024%20characters%2C%20what%E2%80%99s%20the%20error%20would%20you%20get%3F%20%26nbsp%3BNow%20let%E2%80%99s%20start%20a%20test%20for%20it.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ETests%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPowershell%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EUsing%20Powershell%20there%20is%20a%20script%20can%20assign%20Policy%2C%20here%20is%20the%20refence%20link%20for%20your%20interesting%20%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fpowershell%2Fmodule%2Fazurerm.resources%2Fnew-azurermpolicyassignment%3Fview%3Dazurermps-6.13.0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ENew-AzureRmPolicyAssignment%20(AzureRM.Resources)%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%3CEM%3ENew-AzureRmPolicyAssignment%3C%2FEM%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20-Name%20%3CSTRING%3E%3C%2FSTRING%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20-Scope%20%3CSTRING%3E%3C%2FSTRING%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-NotScope%20%3CSTRING%3E%5D%3C%2FSTRING%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-DisplayName%20%3CSTRING%3E%5D%3C%2FSTRING%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-Description%20%3CSTRING%3E%5D%3C%2FSTRING%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-PolicyDefinition%20%3CPSOBJECT%3E%5D%3C%2FPSOBJECT%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-PolicySetDefinition%20%3CPSOBJECT%3E%5D%3C%2FPSOBJECT%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-Metadata%20%3CSTRING%3E%5D%3C%2FSTRING%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-Sku%20%3CHASHTABLE%3E%5D%3C%2FHASHTABLE%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-AssignIdentity%5D%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-Location%20%3CSTRING%3E%5D%3C%2FSTRING%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-ApiVersion%20%3CSTRING%3E%5D%3C%2FSTRING%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-Pre%5D%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-DefaultProfile%20%3CIAZURECONTEXTCONTAINER%3E%5D%3C%2FIAZURECONTEXTCONTAINER%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-InformationAction%20%3CACTIONPREFERENCE%3E%5D%3C%2FACTIONPREFERENCE%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B-InformationVariable%20%3CSTRING%3E%5D%3C%2FSTRING%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%20%5B%3CCOMMONPARAMETERS%3E%5D%3C%2FCOMMONPARAMETERS%3E%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EHere%20are%20two%20parameters%20%3CSTRONG%3EName%3C%2FSTRONG%3E%20and%20%3CSTRONG%3EDisplayName.%20%3C%2FSTRONG%3ESo%20how%20to%20run%20this%20script%3F%3C%2FP%3E%0A%3CP%3ETo%20run%20this%20script%2C%20I%20need%20get%20the%20Definition%20ID%20using%3CSTRONG%3E%20Get-AzPolicyDefinition%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%24definition%20%3D%20Get-AzPolicyDefinition%20%7C%20Where-Object%20%7B%20%24_.Properties.DisplayName%20-eq%20'Audit%20VMs%20that%20do%20not%20use%20managed%20disks'%20%7D%3C%2FEM%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFirst%2C%20I%20tried%20to%20use%20Name%20with%20value%20%E2%80%9C%3CSTRONG%3EAudit%20VMs%20without%20managed%20disks%20npdi1_csam1_CC001321121_PublicIP%3C%2FSTRONG%3E%E2%80%9D%20it%E2%80%99s%20%3CSTRONG%3E64%3C%2FSTRONG%3E%20characters.%20And%20Display%20Name%20as%20%E2%80%9C%3CSTRONG%3E'Audit%20VMs%20without%20managed%20disks%20Assignment%20npdi1_csam1_CC00_PublicIP%20VMs%20without%20managed%20disks%20npdi1_csam1_CC001321121_PublicIP%3C%2FSTRONG%3E%E2%80%9D%20it%E2%80%99s%20%3CSTRONG%3E127%3C%2FSTRONG%3E%20characters.%20%26nbsp%3BThen%20assigned%20it%20in%20my%20Management%20group.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThen%20I%20got%20error%20%3CSTRONG%3E%E2%80%9C%3C%2FSTRONG%3EThe%20assignment%20name%20must%20not%20exceed%20%E2%80%9824%E2%80%99%20characters%3CSTRONG%3E%E2%80%9D%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Scarlett_liu_10-1611913249901.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250540iA10F926344F1F21F%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Scarlett_liu_10-1611913249901.png%22%20alt%3D%22Scarlett_liu_10-1611913249901.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAnd%20then%20I%20change%20the%20Name%20to%20%E2%80%9C%3CSTRONG%3EAudit%20VMs%20no%20PublicIP%3C%2FSTRONG%3E%E2%80%9D%2C%20%26nbsp%3BI%20can%20create%20Policy%20Assignment%20successfully.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Scarlett_liu_9-1611913175408.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250539iC43F7B09A7FDAE86%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Scarlett_liu_9-1611913175408.png%22%20alt%3D%22Scarlett_liu_9-1611913175408.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAfter%20that%20I%20change%20Display%20name%20to%20%E2%80%9C%3CSTRONG%3EAudit%20VMs%20without%20managed%20disks%20Assignment%20npdi1_csam1_CC00_PublicIP%20VMs%20without%20managed%20disks%20npdi1_csam1_CC001321121_PublicIPAA%3C%2FSTRONG%3E%E2%80%9D%20it%E2%80%99s%20%3CSTRONG%3E129%3C%2FSTRONG%3E%20characters.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EThe%20error%20shows%20%E2%80%9CThe%20policy%20assignment%20'Audit%20VMs%20no%20PublicIP'%20display%20name%20exceeded%20the%20allowed%20length%20limit.%20Current%20length%3A%20'129'%2C%20allowed%20maximum%20length%3A%20'128'.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Scarlett_liu_8-1611913156959.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250538iD82DB6838610AC78%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Scarlett_liu_8-1611913156959.png%22%20alt%3D%22Scarlett_liu_8-1611913156959.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ENow%20we%20check%20in%20Azure%20portal%2C%20shows%20the%20successful%20Policy%20Assignment%20%3CSTRONG%3E%E2%80%9CAudit%20VMs%20without%20managed%20disks%20Assignment%20npdi1_csam1_CC00_PublicIP%20VMs%20without%20managed%20disks%20npdi1_csam1_CC001321121_PublicIP%E2%80%9D%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3EMeanwhile%20the%20name%20%E2%80%9C%3CSTRONG%3EAudit%20VMs%20no%20PublicIP%3C%2FSTRONG%3E%E2%80%9D%20is%20used%20I%20the%20Assignment%20ID.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Scarlett_liu_14-1611913607536.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250544iF35DC6118C58B314%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Scarlett_liu_14-1611913607536.png%22%20alt%3D%22Scarlett_liu_14-1611913607536.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3ESo%2C%20in%20PowerShell%20Script%20the%20parameter%20%3CSTRONG%3Ename%3C%2FSTRONG%3E%20is%20limited%20by%20%3CSTRONG%3Eresource%20name%3C%2FSTRONG%3E%20mentioned%20in%20%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-resource-manager%2Fmanagement%2Fresource-name-rules%23microsoftauthorization%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Name%20rules%3C%2FA%3E%3C%2FSPAN%3E%2C.%20And%20if%20the%20Policy%20is%20assigned%20in%20Management%20Group%20scope%2C%20the%20maximum%20length%20is%20%3CSTRONG%3E24%3C%2FSTRONG%3E%20characters.%3C%2FP%3E%0A%3CP%3EAnd%20the%20parameter%20%3CSTRONG%3EDisplayName%20%3C%2FSTRONG%3Eis%20limited%20by%20%3CSTRONG%3Edisplay%20name%3C%2FSTRONG%3E%20in%20%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fazure-resource-manager%2Fmanagement%2Fresource-name-rules%23microsoftauthorization%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Name%20rules%3C%2FA%3E%3C%2FSPAN%3E%20less%20than%20%3CSTRONG%3E128%3C%2FSTRONG%3E%20characters.%3C%2FP%3E%0A%3CP%3EBased%20on%20the%20test%20above%20we%20also%20know%20that%20the%20Assignment%20name%20we%20checked%20in%20Azure%20portal%20is%20the%20display%20name.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ETerraform%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3ETo%20test%20in%20Terraform%2C%20you%20need%20to%20understand%20the%20way%20to%20assign%20a%20Policy%20in%20Terraform%2C%20you%20can%20check%20in%20the%20document%20above%20or%20from%20here%20again%20%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fpolicy%2Fassign-policy-terraform%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Policy%20with%20Terraform%20%3C%2FA%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESimilar%20like%20Powershell%20script%2C%20it%20also%20has%20%3CSTRONG%3Ename%3C%2FSTRONG%3E%20and%20%3CSTRONG%3Edisplay%20name.%20%3C%2FSTRONG%3EHere%20I%20also%20use%20Management%20Group%20as%20the%20scope.%3C%2FP%3E%0A%3CP%3E%3CEM%3Eprovider%20%22azurerm%22%20%7B%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20version%20%3D%20%222.35.0%22%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20features%20%7B%7D%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%7D%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3Eresource%20%22azurerm_policy_assignment%22%20%22npdi1_csam1_CC0_PublicIP%22%20%7B%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20name%20%3D%20%22%20Audit%20VMs%20without%20managed%20disks%20npdi1_csam1_CC001321121_PublicIP%20%22%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20scope%20%3D%20%22%2Fproviders%2FMicrosoft.Management%2FmanagementGroups%2Ftestmymanagement%22%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20policy_definition_id%20%3D%20%22%2Fproviders%2FMicrosoft.Management%2FmanagementGroups%2Ftestmymanagement%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F23a424a8-d05c-4824-916a-d9422272d299%22%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20description%20%3D%20%22Shows%20all%20virtual%20machines%20not%20using%20managed%20disks%22%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%20display_name%20%3D%20%22Audit%20VMs%20without%20managed%20disks%20Assignment%20npdi1_csam1_CC00_PublicIP%20VMs%20without%20managed%20disks%20npdi1_csam1_CC001321121_PublicIP%22%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CEM%3E%7D%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3EI%20got%20same%20error%20with%20Powershell%20Script.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Scarlett_liu_4-1611912695358.png%22%20style%3D%22width%3A%20817px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250534iA3EB59CAE2387F2E%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Scarlett_liu_4-1611912695358.png%22%20alt%3D%22Scarlett_liu_4-1611912695358.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThen%20change%20Name%20to%20%E2%80%9C%3CSTRONG%3EAudit%20VMs%20no%20PublicIP%3C%2FSTRONG%3E%E2%80%9D%20an%20display%20name%20to%20%E2%80%9C%3CSTRONG%3EAudit%20VMs%20without%20managed%20disks%20Assignment%20npdi1_csam1_CC00_PublicIP%20VMs%20without%20managed%20disks%20npdi1_csam1_CC001321121_PublicIPAA%3C%2FSTRONG%3E%E2%80%9D.%20We%20have%20same%20error%20for%20display%20name%20exceed%20to%20%3CSTRONG%3E128%3C%2FSTRONG%3E%20characters.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Scarlett_liu_12-1611913371747.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250542i80FDFC114CCA2086%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Scarlett_liu_12-1611913371747.png%22%20alt%3D%22Scarlett_liu_12-1611913371747.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ESummary%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EFrom%20this%20test%20we%20know%20that%20the%20%3CSTRONG%3Eresource%20name%3C%2FSTRONG%3E%20use%20in%20Azure%20Policy%20Assignment%20is%20the%20last%20part%20of%20Assigment%20ID.%3C%2FLI%3E%0A%3CLI%3EThe%20%3CSTRONG%3Edisplay%20name%3C%2FSTRONG%3E%20is%20the%20Assignment%20name%20that%20show%20in%20Azure%20portal.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Scarlett_liu_13-1611913413034.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F250543iFC55BD6D69995550%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Scarlett_liu_13-1611913413034.png%22%20alt%3D%22Scarlett_liu_13-1611913413034.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EPlease%20pay%20attention%20about%20the%20%3CSTRONG%3Elength%3C%2FSTRONG%3E%20of%20%26nbsp%3B%3CSTRONG%3Ename%3C%2FSTRONG%3E%20and%20%3CSTRONG%3Edisplay%20name%3C%2FSTRONG%3E%20when%20you%20assign%20a%20Policy%20in%20PowerShell%20script%20and%20Terraform.%3C%2FP%3E%0A%3CP%3EWelcome%20to%20provide%20your%20comments%20about%20this%20blog.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2108008%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EIntroduction%3A%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EThis%20Blog%20will%20discuss%20the%20length%20of%20Azure%20Policy%20Assignment%20name%20using%20Powershell%20script%20and%20Terraform.%20And%20clarify%20what%20is%20resource%20name%20and%20display%20name%20of%20Azure%20Policy%20Assignments%20%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EAzure%20Policy%3C%2FSTRONG%3E%20can%20evaluate%20resources%20%3CSTRONG%3Ein%20Azure%20Resource%20Manager%3C%2FSTRONG%3E%20by%20comparing%20the%20properties%20of%20resources%20with%20the%20policy%20rules.%20These%20rules%20in%20JSON%20format%20are%20known%20as%20%3CSTRONG%3EPolicy%20Definition.%3C%2FSTRONG%3E%20These%20Policy%20can%20be%20assigned%20in%20scopes%20like%20Subscription%2C%20Management%20Group%20which%20is%20known%20as%20%3CSTRONG%3EPolicy%20Assignment.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3ETerraform%3C%2FSTRONG%3E%20is%20an%20open-source%20tool%20for%20provisioning%20and%20managing%20cloud%20infrastructure.%20It%20also%20supported%20by%20Azure.%26nbsp%3B%20We%20can%20also%20use%20Terraform%20to%20assign%20Azure%20Policies.%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EIf%20you%E2%80%99re%20not%20familiar%20with%20Azure%20policy%20or%20Terraform%20please%20read%20these%20documents%20about%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fpolicy%2Foverview%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3EAzure%20Policy%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fdeveloper%2Fterraform%2Foverview%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3ETerraform%20with%20Azure%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fgovernance%2Fpolicy%2Fassign-policy-terraform%22%20rel%3D%22noopener%20noreferrer%22%20target%3D%22_blank%22%3EAzure%20Policy%20with%20Terraform%20%3C%2FA%3E%26nbsp%3Band%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-paas-blog%2Fimplementing-azure-policy-using-terraform%2Fba-p%2F1423775%22%20target%3D%22_blank%22%3EImplementing%20Azure%20Policy%20using%20Terraform%3C%2FA%3E.%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2108008%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Policy%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2197137%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Policy%20-%20What%E2%80%99s%20the%20length%20of%20Policy%20assignments%20name%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2197137%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F764035%22%20target%3D%22_blank%22%3E%40Scarlett_liu%3C%2FA%3E%26nbsp%3Bdo%20you%20know%20if%20Microsoft%20is%20planning%20on%20updating%20the%20length%20for%20the%20Resource%20Name%20when%20it%20comes%20to%20Management%20Groups%20so%20that%20is%20matches%20it's%20%22cousins%22%3F%20The%20a%20length%20of%2024%20characters%20is%20extremely%20limiting%20especially%20when%20trying%20to%20automate%20things.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Feb 04 2021 01:09 AM
Updated by: