kenieva
commented
3 years ago Hi @guidovbrakel, this custom policy was written for the intention that there is only one specific NSG allowed. That is why the NSG ID is parameterized and evaluated against.
I did find this policy that might fit more of your needs: https://github.com/Azure/Community-Policy/blob/master/Policies/Network/modify-subnet-nsg/azurepolicy.json
As always, if you need help writing a custom policy, our support engineers are trained in writing custom policies and can help you through the process.
Thanks,
Kemley Nieva
Hi,
This Azure Policy doesn't work properly, it also blocks creating new subnets and vnets because if this policy is active you can't associate an nsg with a vnet.
I changed it to audit but then it lists the vnets that already have a NSG attached. https://github.com/Azure/azure-policy/blob/master/samples/Network/enforce-nsg-on-subnet/azurepolicy.json