apybar
commented
1 month ago @glsutter - On the last screenshot you sent, click the name of the assignment that you have the notScope applied to and on the "Essentials" section at the top, there should be a property called "Excluded scopes".
Let me know if that works for you please!
glsutter
I doubt if this is a bug. Maybe more of a question about how to verify notScopes.
To Reproduce I have an allowed locations initiative assigned at the intermediate root that allows CONUS locations. In the JSON, I have a scope and notScopes:
I have an additional assignment of the allowed locations initiative at scope TEST1-ecis-aus that restricts the location to Australia East and global:
"parameters": { "AllowedLocations": [ "australiaeast", "global" ] }, "children": [ { "nodeName": "mac-test", "scope": { "mac-test": [ "/providers/Microsoft.Management/managementGroups/TEST1-ecis-aus" ] } } ]Expected behavior A way to verify the CONUS location restriction does not apply to the TEST-ecis-aus MG. The only way I can see to verify that's true is by trying to create a RG in TEST1-ecis-aus in a CONUS region. I do not see any EPAC output or console output that indicates the CONUS location assignment is not applied to the TEST-ecis-aus MG. Am I missing something? Is there a way to verify the assignment notScope other than testing?
Screenshots May be appllcable - Screen
shot of assignments to TEST1 and TEST-ecis-aus show both initiative assignments. No exemptions, of course.
EPAC Version Just upgraded to 10.7.0.