Azure provides a wide range of virtual machine sizes to cater to different workloads and applications. However, sometimes while selecting a VM size, you might come across an error message that says Blocked by the policy. This error message can be frustrating, especially when you’re in a rush to get your workload up and running.
In this blog post, we will explore what the Blocked by policy error message means and how you can resolve it.
In this blog, we will walk through the following :
First, let’s understand what the “Blocked by policy” error message means.
What does the ‘Blocked by Policy’ error mean?
In Azure, Blocked by policy typically refers to a situation where an action or request made by a user or an application is denied because it violates a policy defined in Azure Policy.
Azure Policy is a service that allows you to create, assign, and manage policies that enforce rules and restrictions on resources in your Azure environment.
For example, you may have a policy that prohibits the creation of certain types of resources, such as virtual machines with certain operating systems or storage accounts with specific encryption settings. If someone tries to create a resource that violates this policy, the operation will be blocked by policy, and the user will receive an error message indicating that the request was denied due to a policy violation.
Additionally, Azure Policy can also be used to enforce regulatory compliance, security, and governance requirements by defining policies that help you achieve and maintain compliance with industry standards or internal policies. This error message is typically shown when you are trying to select a VM size that is not allowed by the policies set up in your Azure subscription. These policies can be set up by your organization or by Azure itself to ensure that resources are being used efficiently and effectively.
Now that we know what the error message means, let’s look at how we can resolve it. There are a few steps that you can take to resolve this error message:
Ways to Resolve the error –
1. Check if the policy is still assigned:
Go to the Azure Policy blade in the Azure portal and check if the policy you created is still assigned to the scope (e.g. subscription, resource group) where you’re trying to create the VMs. If it is, you’ll need to unassign the policy to allow VM creation.
2. Check if the policy has an effect:
Even if the policy is no longer assigned, it may have an effect that’s still blocking VM creation. Go to the “Compliance” tab for the policy in the Azure Policy blade and check if there are any non-compliant resources. If there are, check the details to see if VM creation is being blocked by the policy. If it is, you’ll need to modify or remove the policy to allow VM creation.
3. Check if there are any other policies in effect:
If you’ve confirmed that the policy you created is no longer assigned and has no effect, there may be other policies in effect that are blocking VM creation. Check the Azure Policy blade for any other policies that are assigned to the same scope as the VMs you’re trying to create.
4. Check the subscription limits:
The subscription you’re using may have reached its limit for VM creation. Check the subscription limits in the Azure portal to see if this is the case.
5. Try a different subscription:
If none of the above steps resolve the issue, try creating a new VM in a different subscription to see if the issue is specific to your current subscription.
6. Check the policy definition:
First, you need to identify the policy definition that is blocking your action or request. Check the error message to see if it provides any details about the policy. You can also go to the Azure Policy portal and search for the policy that is causing the issue.
7. Adjust the policy definition:
Once you have identified the policy, you can adjust the policy definition to allow your action or request. You can modify the policy rules or exemptions, or you can create a new policy that overrides the existing policy.
8. Request an exemption:
If you cannot modify the policy definition, you can request an exemption from the policy owner. This is usually done by submitting a ticket to the policy owner or the Azure support team. You need to provide a valid reason for the exemption request and demonstrate that your action or demand is necessary and does not violate any other policies or regulations.
Also, Check our post on Azure Policy.
Cautions :
- Understand the policies: Before you start working with Azure resources, it is important to understand the policies that are in place in your organization. This will help you avoid any actions that violate the policies.
- Test your actions: Before you perform any action in Azure, it is a good practice to test it in a non-production environment. This will help you identify any policy violations and resolve them before they cause any issues in the production environment.
- Review policies regularly: Policies may change over time, and it is important to review them regularly to ensure that you are aware of any updates or changes that may impact your actions in Azure.
- Follow best practices: Following best practices for security, compliance, and governance in Azure can help you avoid policy violations. Azure provides many resources and tools that can help you implement best practices, such as Microsoft Defender for Cloud and Azure Advisor.
- Seek guidance: If you are not sure whether an action violates a policy, it is better to seek guidance from the policy owner or a subject matter expert. They can help you understand the policy and suggest alternative solutions if needed.
- Determine causes of Non – Compliance: When an Azure resource is determined to be non-compliant with a policy rule, it’s helpful to understand which portion of the rule the resource isn’t compliant with. It’s also useful to understand what change altered a previously compliant resource to make it non-compliant.
Conclusion:
In conclusion, the “Blocked by policy” error message can be frustrating, but it is there to ensure that resources are being used efficiently and effectively. By following the steps outlined in this blog post, you can resolve this error message and select a VM size that is allowed by the policies in your Azure subscription.
References/Related
- Azure Active Directory (Azure AD): Everything You Need To Know
- AZ-104 Exam & AZ-104 Certification Overview
- [AZ-104] Microsoft Azure Administrator Training: Step By Step Activity Guides/Hands-On Lab Exercise
- AKS Cluster | How to Create Kubernetes Cluster in Azure & Azure Kubernetes Service Overview
- Network Watcher in Azure | Features
- AZ-305 VS AZ-104 | Microsoft Azure Solution Architect V/S Azure Administrator
Next Task For You
Begin your journey toward becoming a Microsoft Azure Administrator Associate. Just click on the register now button below to register for a Free Class on Microsoft Azure Administrator Associate [Az-104], which will help you to understand better, so you can choose the right path and clear the certification exam.
The post How to Fix ERROR: Blocked By Policy appeared first on Cloud Training Program.