Question regarding Identity MG policy and Entra ID Deployment (Public IP)

[PolarbearChimney]

Let us know the feedback or general question

I have a question regarding the best course of action. I am attempting to deploy Entra Domain Services into the Identity subscription, but the deployment fails due to the assigned policies. Specifically, the policy "Identity - Deny the creation of public IP" is causing the issue.

Questions:

1. Why is this policy in place?
2. Would the best course of action be to make an exception, or is the policy there by mistake?

Entra Domain Services requires a load balancer with a public IP for deployment, and I currently see no alternative method to deploy it without a public IP.

Code of Conduct

• [X] I agree to follow this project's Code of Conduct

[jtracey93]

Hey @PolarbearChimney,

Thanks for the issue. This policy is assigned as typically customers use traditional IaaS for their DCs and therefore we want to prevent public IPs on these and hence the policy is assigned.

You can either stop the policy by being assigned/enforced via the parameters in the alzDefaultsPolicyAssignments module. Or you can create a policy exemption to exclude just the RGs you are deploying into.

Hope that helps