Show user friendly message when Azure Policy does not meet compliance

%3CLINGO-SUB%20id%3D%22lingo-sub-323825%22%20slang%3D%22en-US%22%3EShow%20user%20friendly%20message%20when%20Azure%20Policy%20does%20not%20meet%20compliance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-323825%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20created%20custom%20policy%20which%20checking%20tags%20existence%20when%20a%20user%20creates%20a%20new%20resource%20group.%20The%20policy%20works%20great.%3C%2FP%3E%3CP%3EBut%20we%20have%20faced%20unexpected%20behavior.%20When%20we%20tried%20to%20create%20a%20new%20resource%20group%20for%20test%20purposes%20(without%20tags)%20we%20had%20an%20uninformative%20error%20(Unexpected%20error%20while%20creating%20the%20resource%20group.).%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3EWe%20think%20some%20people%20might%20have%20a%20misunderstanding%20about%20this%20message%20(From%20this%20message%20they%20won%E2%80%99t%20understand%20why%20they%20cannot%20create%20a%20new%20resource%20group).%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CBR%20%2F%3EWe%20investigated%20this%20issue%20but%20have%20not%20found%20trouble%20in%20the%20policy%20itself%20therefore%20right%20now%20we%20think%20it%20is%20an%20azure%20policy%20issue.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20somebody%20meet%20this%20kind%20of%20issue%3F%20Is%20there%20a%20workaround%20for%20the%20issue%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20original%20feedback%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ffeedback.azure.com%2Fforums%2F915958-azure-governance%2Fsuggestions%2F36599173-show-user-friendly-message-when-azure-policy-does%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ffeedback.azure.com%2Fforums%2F915958-azure-governance%2Fsuggestions%2F36599173-show-user-friendly-message-when-azure-policy-does%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-323825%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Policy%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

We have created custom policy which checking tags existence when a user creates a new resource group. The policy works great.

But we have faced unexpected behavior. When we tried to create a new resource group for test purposes (without tags) we had an uninformative error (Unexpected error while creating the resource group.). 
We think some people might have a misunderstanding about this message (From this message they won’t understand why they cannot create a new resource group). 
We investigated this issue but have not found trouble in the policy itself therefore right now we think it is an azure policy issue.

 

Does somebody meet this kind of issue? Is there a workaround for the issue?

 

The original feedback: https://feedback.azure.com/forums/915958-azure-governance/suggestions/36599173-show-user-friendly-me...

 

1 Reply

@Evgeniy_BytsenkoHi, would you mind sharing your policy? I was about to embark on the journey of locking down cloud spend, and stumbled on this post.

For my part, I have written a small powershell function that deletes all resource groups which have not been tagged. But I'd like to throw a warning when an RG is not created 'correctly'.

 

 

Happy to share the code.