Azure custom policy is not working. Need help!!!!

%3CLINGO-SUB%20id%3D%22lingo-sub-756617%22%20slang%3D%22en-US%22%3EAzure%20custom%20policy%20is%20not%20working.%20Need%20help!!!!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-756617%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETrying%20to%20check%20whether%20SecurityContacts%2Femail%20presents%20with%20this%20policy.%20It%20is%20not%20showing.%20Also%20the%20policy%20execution%20interval%20is%20intermittent.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%3E%3CSPAN%3E%22policyRule%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%7B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22if%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%7B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22field%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22type%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22equals%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22Microsoft.Security%2FsecurityContacts%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7D%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22then%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%7B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22effect%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22AuditIfNotExists%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22details%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%7B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22type%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22Microsoft.Security%2FsecurityContacts%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22existenceCondition%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%7B%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22field%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22Microsoft.Security%2FsecurityContacts%2Femail%22%3C%2FSPAN%3E%3CSPAN%3E%2C%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%22exists%22%3C%2FSPAN%3E%3CSPAN%3E%3A%20%3C%2FSPAN%3E%3CSPAN%3E%22true%22%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3C%2FDIV%3E%3CDIV%3E%3CSPAN%3E%7D%3C%2FSPAN%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-758595%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20custom%20policy%20is%20not%20working.%20Need%20help!!!!%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-758595%22%20slang%3D%22en-US%22%3E%3CP%3EFixed%20the%20issue.%20The%20issue%20is%20that%20email%20attribute%20is%20null%20though%20the%20SecurityContacts%20settings%20is%20not%20enabled.%20So%20need%20to%20check%20for%20null%20values%20which%20made%20the%20policy%20to%20trigger%20vilations..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20issue%20can%20be%20closed..%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

 

Trying to check whether SecurityContacts/email presents with this policy. It is not showing. Also the policy execution interval is intermittent. 

 

"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Security/securityContacts"
},
"then": {
"effect": "AuditIfNotExists",
"details": {
"type": "Microsoft.Security/securityContacts",
"existenceCondition": {
"field": "Microsoft.Security/securityContacts/email",
"exists": "true"
}
}
}
}
1 Reply

Fixed the issue. The issue is that email attribute is null though the SecurityContacts settings is not enabled. So need to check for null values which made the policy to trigger vilations..

 

This issue can be closed..