Restrict Azure TAG

Copper Contributor

I am looking for a way to restrict the create Azure TAG which is not in Approved list. 

Tried with below policy but it is blocking all the deployment or changes for the Azure Resources. Appreciate if anyone is using any solution or can tell me what I am doing wrong here.

 

properties": {

    "displayName""Apply DENY Policy to Restrict Unapproved TAGs",

    "policyType""Custom",

    "mode""All",

    "metadata": {

      "category""Tags",

      "createdBy""353fbf48-7c09-4291-be21-7a54e074bcc4",

      "createdOn""2023-10-27T15:31:41.3262887Z",

      "updatedBy""353fbf48-7c09-4291-be21-7a54e074bcc4",

      "updatedOn""2023-10-30T13:33:20.3048696Z"

    },

    "parameters": {},

    "policyRule": {

      "if": {

        "anyOf": [

          {

            "field""tags['Application']",

            "exists"false

          },

          {

            "field""tags['ApplicationOwner']",

            "exists"false

          },

      }

        ]

      },

      "then": {

        "effect""deny"

      }

    }

  },

1 Reply