Describe the bug
We are currently migrating from using excluded scopes to exemptions and would like to leave the excluded scopes in place until all the exemptions have been created. This is now not possible in v10.2.13 as the exemption will be deleted/not created if it is included in the excluded scope of an assignment. In v8 this was possible.
Example 1
Running EPAC v10.2.13 with an exemption previously created with EPAC v8.
If the scope is included in the excluded scopes of an assignment, the exemption will be deleted:
WARNING: Exemption entry 373: No assignments found for exemption scope /subscriptions/xxxxx/resourceGroups/xxxxx, skipping entry.
...
Policy Exemption counts:
0 unchanged
0 orphaned
0 expired
1 changes:
new = 0
update = 0
replace = 0
delete = 1
Example 2
Trying to create a new exemption with EPAC v10.2.13, the exemptions scope is included in the excluded scope of an assignment:
WARNING: Exemption entry 374: No assignments found for exemption scope /subscriptions/xxxxx/resourceGroups/xxxxx, skipping entry.
...
Policy Exemption counts:
0 unchanged
0 orphaned
0 expired
0 changes:
new = 0
update = 0
replace = 0
delete = 0
Working on a fix for this - you will be able to specify a switch called -SkipNotScopedExemptions when you run Build-DeploymentPlans to override this default behavior.
Describe the bug We are currently migrating from using excluded scopes to exemptions and would like to leave the excluded scopes in place until all the exemptions have been created. This is now not possible in v10.2.13 as the exemption will be deleted/not created if it is included in the excluded scope of an assignment. In v8 this was possible.
Example 1
Running EPAC v10.2.13 with an exemption previously created with EPAC v8. If the scope is included in the excluded scopes of an assignment, the exemption will be deleted:
Example 2
Trying to create a new exemption with EPAC v10.2.13, the exemptions scope is included in the excluded scope of an assignment:
EPAC Version 10.2.13