Fix Azure Resource Group Policy Errors
When working with Azure Resource Group, you may encounter a configuration error that prevents your deployment from working. This guide explains the most common mistake with policy and shows the exact fix.
A Common Mistake
Not assigning Azure Policy to a resource group, allowing non-compliant resources to be created (e.g., VMs in unapproved regions).
The incorrect command:
az group create --name my-rg --location eastus
# No policy assigned
Error output:
A team creates resources:
az vm create --resource-group my-rg --location westeurope --name my-vm
VM created in westeurope even though company policy restricts resources to US regions. Without Azure Policy, there is no enforcement of organizational standards.
The Correct Approach
The right way to configure policy in Azure Resource Group:
az policy assignment create --name "allowed-locations" --policy /providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c --resource-group my-rg --params '{"listOfAllowedLocations": ["eastus", "eastus2"]}'
Successful result:
Policy assigned to resource group.
az vm create --resource-group my-rg --location westeurope --name my-vm
ERROR: Resource 'my-vm' was disallowed by policy. Allowed locations: eastus, eastus2.
Policy enforcement blocks non-compliant resource creation.
How to Prevent This
Assign policies at management group or subscription level for broad enforcement. Audit mode logs violations without blocking. Deny mode blocks non-compliant resources. DeployIfNotExists mode auto-remediates. Common policies: allowed locations, allowed SKUs, enforce tags.
FAQ
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro. Secure your cloud with DodaTech.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro