Feb 16 2024 06:50 AM
Hi there,
I am currently trying to construct an Azure Policy that uses the 'count' expression, as described in this documentation. My policy rule looks like the following, and tries to audit or deny all network interfaces where :
I deployed two VMs for tests purposes:
The issue : both VMs are compliant. I think this is easy to reproduce. Do you guys have any feedbacks about it?
Best regards!
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/networkInterfaces"
},
{
"field": "Microsoft.Network/networkInterfaces/ipconfigurations[*].publicIpAddress.id",
"exists": true
},
{
"field": "Microsoft.Network/networkInterfaces/virtualMachine.id",
"exists": true
},
{
"count": {
"field": "Microsoft.Network/networkInterfaces/networkSecurityGroup.securityRules[*]"
},
"equals": 1
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}