Closed luander closed 3 years ago
Even after this fix, which enables me to deploy the policy. It doesn't seem to work as it doesn't find any non-compliant subscription. I assigned the policy to the root management group. @serenaz Could you give me a hand making the policy work?
Hey! Thanks for submitting the PR :) Have your subscriptions registered the RP ManagedServices? If so, does the Policy deploy the RegistrationAssignments?
Hey @serenaz Thanks for your message, I manually registered "Microsoft.ManagedServices" provider on all subscriptions under the management group and was able to successfully create a remediation task and onboard all subscriptions to Lighthouse. However, after the deployment they still reported as non-compliant. After some trial and error I managed to have all subscriptions compliant by changing the existence condition to:
"existenceCondition": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.ManagedServices/registrationDefinitions"
},
{
"field": "Microsoft.ManagedServices/registrationDefinitions/managedByTenantId",
"equals": "[[parameters('managedByTenantId')]"
}
]
},
Ok, great! I'll add a note to the readme about registering for the RP and change the existence condition, too.
Then trying to deploy the policy to delegate subscriptions at management group level I get the following error:
I fixed the error by changing:
to: