Feature Request - add policy replacement id in description for deprecated

[vegazbabz]

It would be great if you in the description of a policy def, could add the policy id of the new policy that is replacing a deprecated policy, so that you do not have to manually sit and connect the dots.

[jtracey93]

Hey @vegazbabz,

We should be doing this already in our latest policy refreshes.

Please provide a list of any you have spotted and we will address going forward.

cc: @Springstone @paulgrimley

[vegazbabz]

Multiple, unfortunately. I have also seen the opposite, so it is not consistant.

Couldn't find more than these:

• https://www.azadvertizer.net/azpolicyadvertizer/Deny-MachineLearning-PublicNetworkAccess.html
• https://www.azadvertizer.net/azpolicyadvertizer/Deny-PublicEndpoint-MariaDB.html
• https://www.azadvertizer.net/azpolicyadvertizer/Deny-PublicIP.html
• https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Nsg-FlowLogs-to-LA.html
• https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Nsg-FlowLogs.html

This two have it:

• https://www.azadvertizer.net/azpolicyadvertizer/Deploy-Sql-Tde.html
• https://www.azadvertizer.net/azpolicyadvertizer/Deny-RDP-From-Internet.html

[paulgrimley]

@vegazbabz thanks for awareness, we do document these here https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deprecated-Services#deprecated-policies but as you suggest having them within the description also helps. Will work on getting these updated.

[paulgrimley]

Backlog item created AB#29467

[Springstone]

I was just going to share the same @paulgrimley. Adding the replacement policy ID will be added going forward to all deprecated policies, and as suggested we will remediate those currently deployed as above. Please do always check https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Deprecated-Services and https://github.com/Azure/Enterprise-Scale/wiki/Whats-new for complete history of changes.

[vegazbabz]

We always check that, however, we have script that pulls changes from this repo into our Azure DevOps. So when comparing changes and we can see a policy has been deprecated, then we want to easily just check the other superseding policy without having to search for it. Thanks

[Springstone]

See PR #1388 that will address existing deprecated custom policies with a "supersededBy" metadata property. Kindly also note that AzAdvertizer has been updated with great views and tooling for comparing superseded ALZ policies. Example here: AzAdvertizer

[vegazbabz]

Sounds good, thanks. Feel free to close it from my point of view.