none
Policy affects resources with no tags

    Question

  • Hi there, please redirect to the right forums if this isn't one.

    I created a policy that enforces a tag and it's value to all resources. Problem is, it is also failing the deployment of resources that take no tags (NSG, for example).

    Can somebody explain this behavior because it sure is inconvenient. 

    Cheers


    Sam (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" wherever applicable. Thanks!) Blog:AnalyticOps Insights Twitter:Sameer Mhaisekar

    Monday, February 11, 2019 4:09 PM

All replies

  • Hi Sameer,

    that's intended.

    If you want to ensure that deployment which includes non-tagged resources does not fail, use the policy that appends a tag dynamically during deployment (there is a built-in policy that provides this functionality). 

    https://docs.microsoft.com/en-us/azure/governance/policy/samples/apply-tag-default-value

    hth
    Marcin


    Monday, February 11, 2019 4:26 PM
  • Hey Marcin, thanks for the reply.

    I realized my mistake, my effect was "deny", should've been "append". That would probably get rid of the error.

    But anyway, denying deployment to a resource that has no value, does not make any sense. Why would a policy apply to a place where it isn't supposed to be relevant? :/

    Cheers


    Sam (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" wherever applicable. Thanks!) Blog:AnalyticOps Insights Twitter:Sameer Mhaisekar

    Monday, February 11, 2019 5:38 PM