Forum Discussion
Allowed resource types: Microsoft.Web/sites/privateEndpointConnectionProxies not available
Hi Microsoft Team,
We have started implementing some governance policies across our organization. One of the policies that we are trying to implement is Allowed resource types. We want to allow only certain types of resources to be spun up on our subscriptions.
When we applied this policy we have enabled all Microsoft.Web (including sites) but we are facing an issue when creating an app service with private endpoint. Its failing on Microsoft.Web/sites/privateEndpointConnectionProxies. We have checked the policy parameters are there doesn't seem to be a way
We have enabled all Microsoft.Web (including sites), but do not see a way to add privateEndpointConnectionProxies as it does not show up in the parameter list to select when we apply the policy.
Any thoughts?
- The issue you're encountering might be related to the fact that Microsoft.Web/sites/privateEndpointConnectionProxies is not a standalone resource type but rather a sub-resource of Microsoft.Web/sites. To resolve this issue, you can try one of the following approaches:
1- Modify the existing policy to allow private endpoint connections for App Services.
To do this, you can update the list of allowed resource types in your policy to include Microsoft.Network/privateEndpoints and Microsoft.Network/privateLinkServices. This will allow you to create private endpoint connections for all the resources in your subscription, including App Services.
2- Create a custom Azure Policy definition that allows specific resource types and sub-resources.
To create a custom policy definition, follow these steps:
a. In the Azure portal, search for "Policy" and click on the "Policy" service.
b. In the left-hand menu, click "Definitions" under "Authoring."
c. Click the "+ Policy Definition" button.
d. Fill in the required information, such as the policy name, description, and category.
e. In the "Policy Rule" section, add the JSON content for your custom policy. You can use the following example as a starting point:
{
"if": {
"allOf": [
{
"field": "type",
"notIn": [
"Microsoft.Web/sites",
"Microsoft.Network/privateEndpoints",
"Microsoft.Network/privateLinkServices"
]
},
{
"field": "Microsoft.Web/sites/privateEndpointConnectionProxies",
"exists": "false"
}
]
},
"then": {
"effect": "deny"
}
}
This policy rule checks if the resource type is allowed and also checks whether the private endpoint connection proxies sub-resource exists.
f. Click "Save" to create the custom policy definition.
g. Assign the custom policy definition to your desired scope (subscription, management group, or resource group).
By creating a custom policy definition or modifying the existing policy to allow private endpoint connections, you should be able to create App Services with private endpoints without encountering issues.The policy definition '7188d6df-02bf-4ad9-b89b-ba92270e9e55' rule is invalid. The 'field' property 'Microsoft.Web/sites/privateEndpointConnectionProxies' of the policy rule doesn't exist as an alias under provider 'Microsoft.Web' and resource type 'sites'. The supported aliases are 'Microsoft.Web/sites/serverFarmId; Microsoft.Web/sites/clientCertEnabled; Microsoft.Web/sites/hostNameSslStates[*].sslState; Microsoft.Web/sites/httpsOnly; Microsoft.Web/sites/hostNames[*]; Microsoft.Web/sites/usageState; Microsoft.Web/sites/availabilityState; Microsoft.Web/sites/name; Microsoft.Web/sites/state; Microsoft.Web/sites/hostNames; Microsoft.Web/sites/repositorySiteName; Microsoft.Web/sites/enabled; Microsoft.Web/sites/enabledHostNames[*]; Microsoft.Web/sites/enabledHostNames; Microsoft.Web/sites/hostNameSslStates[*].name; Microsoft.Web/sites/hostNameSslStates[*].virtualIP; Microsoft.Web/sites/hostNameSslStates[*].thumbprint; Microsoft.Web/sites/hostNameSslStates[*].toUpdate; Microsoft.Web/sites/hostNameSslStates[*]; Microsoft.Web/sites/hostNameSslStates; Microsoft.Web/sites/lastModifiedTimeUtc; Microsoft.Web/sites/siteConfig.id; Microsoft.Web/sites/siteConfig.name; Microsoft.Web/sites/siteConfig.kind; Microsoft.Web/sites/siteConfig.location; Microsoft.Web/sites/siteConfig.type; Microsoft.Web/sites/siteConfig.tags.additionalProperties; Microsoft.Web/sites/siteConfig.tags; Microsoft.Web/sites/siteConfig; Microsoft.Web/sites/siteConfig.numberOfWorkers; Microsoft.Web/sites/siteConfig.defaultDocuments[*]; Microsoft.Web/sites/siteConfig.defaultDocuments; Microsoft.Web/sites/siteConfig.netFrameworkVersion; Microsoft.Web/sites/siteConfig.phpVersion; Microsoft.Web/sites/siteConfig.pythonVersion; Microsoft.Web/sites/siteConfig.nodeVersion; Microsoft.Web/sites/siteConfig.requestTracingEnabled; Microsoft.Web/sites/siteConfig.requestTracingExpirationTime; Microsoft.Web/sites/siteConfig.remoteDebuggingEnabled; Microsoft.Web/sites/siteConfig.remoteDebuggingVersion; Microsoft.Web/sites/siteConfig.httpLoggingEnabled; Microsoft.Web/sites/siteConfig.logsDirectorySizeLimit; Microsoft.Web/sites/siteConfig.detailedErrorLoggingEnabled; Microsoft.Web/sites/siteConfig.publishingUsername; Microsoft.Web/sites/siteConfig.publishingPassword; Microsoft.Web/sites/siteConfig.appSettings[*].name; Microsoft.Web/sites/siteConfig.appSettings[*]; Microsoft.Web/sites/siteConfig.appSettings; Microsoft.Web/sites/siteConfig.metadata[*].name; Microsoft.Web/sites/siteConfig.metadata[*]; Microsoft.Web/sites/siteConfig.metadata; Microsoft.Web/sites/siteConfig.connectionStrings[*].name; Microsoft.Web/sites/siteConfig.connectionStrings[*].connectionString; Microsoft.Web/sites/siteConfig.connectionStrings[*].type; Microsoft.Web/sites/siteConfig.connectionStrings[*]; Microsoft.Web/sites/siteConfig.connectionStrings; Microsoft.Web/sites/siteConfig.handlerMappings[*].extension; Microsoft.Web/sites/siteConfig.handlerMappings[*].scriptProcessor; Microsoft.Web/sites/siteConfig.handlerMappings[*].arguments; Microsoft.Web/sites/siteConfig.handlerMappings[*]; Microsoft.Web/sites/siteConfig.handlerMappings; Microsoft.Web/sites/siteConfig.documentRoot; Microsoft.Web/sites/siteConfig.scmType; Microsoft.Web/sites/siteConfig.use32BitWorkerProcess; Microsoft.Web/sites/siteConfig.webSocketsEnabled; Microsoft.Web/sites/siteConfig.alwaysOn; Microsoft.Web/sites/siteConfig.javaVersion; Microsoft.Web/sites/siteConfig.javaContainer; Microsoft.Web/sites/siteConfig.javaContainerVersion; Microsoft.Web/sites/siteConfig.appCommandLine; Microsoft.Web/sites/siteConfig.managedPipelineMode; Microsoft.Web/sites/siteConfig.virtualApplications[*].virtualPath; Microsoft.Web/sites/siteConfig.virtualApplications[*].physicalPath; Microsoft.Web/sites/siteConfig.virtualApplications[*].preloadEnabled; Microsoft.Web/sites/siteConfig.virtualApplications[*].virtualDirectories[*].virtualPath; Microsoft.Web/sites/siteConfig.virtualApplications[*].virtualDirectories[*].physicalPath; Microsoft.Web/sites/siteConfig.virtualApplications[*].virtualDirectories[*]; Microsoft.Web/sites/siteConfig.virtualApplications[*].virtualDirectories; Microsoft.Web/sites/siteConfig.virtualApplications[*]; Microsoft.Web/sites/siteConfig.virtualApplications; Microsoft.Web/sites/siteConfig.loadBalancing; Microsoft.Web/sites/siteConfig.experiments.rampUpRules[*].actionHostName; Microsoft.Web/sites/siteConfig.experiments.rampUpRules[*].reroutePercentage; Microsoft.Web/sites/siteConfig.experiments.rampUpRules[*].changeStep; Microsoft.Web/sites/siteConfig.experiments.rampUpRules[*].changeIntervalInMinutes; Microsoft.Web/sites/siteConfig.experiments.rampUpRules[*].minReroutePercentage; Microsoft.Web/sites/siteConfig.experiments.rampUpRules[*].maxReroutePercentage; Microsoft.Web/sites/siteConfig.experiments.rampUpRules[*].changeDecisionCallbackUrl; Microsoft.Web/sites/siteConfig.experiments.rampUpRules[*].name; Microsoft.Web/sites/siteConfig.experiments.rampUpRules[*]; Microsoft.Web/sites/siteConfig.experiments.rampUpRules; Microsoft.Web/sites/siteConfig.experiments; Microsoft.Web/sites/siteConfig.limits.maxPercentageCpu; Microsoft.Web/sites/siteConfig.limits.maxMemoryInMb; Microsoft.Web/sites/siteConfig.limits.maxDiskSizeInMb; Microsoft.Web/sites/siteConfig.limits; Microsoft.Web/sites/siteConfig.autoHealEnabled; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.requests.count; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.requests.timeInterval; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.requests; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.privateBytesInKB; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodes[*].status; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodes[*].subStatus; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodes[*].win32Status; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodes[*].count; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodes[*].timeInterval; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodes[*]; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodes; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequests.timeTaken; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequests.count; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequests.timeInterval; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequests; Microsoft.Web/sites/siteConfig.autoHealRules.triggers; Microsoft.Web/sites/siteConfig.autoHealRules.actions.actionType; Microsoft.Web/sites/siteConfig.autoHealRules.actions.customAction.exe; Microsoft.Web/sites/siteConfig.autoHealRules.actions.customAction.parameters; Microsoft.Web/sites/siteConfig.autoHealRules.actions.customAction; Microsoft.Web/sites/siteConfig.autoHealRules.actions.minProcessExecutionTime; Microsoft.Web/sites/siteConfig.autoHealRules.actions; Microsoft.Web/sites/siteConfig.autoHealRules; Microsoft.Web/sites/siteConfig.tracingOptions; Microsoft.Web/sites/siteConfig.vnetName; Microsoft.Web/sites/siteConfig.cors.allowedOrigins[*]; Microsoft.Web/sites/siteConfig.cors.allowedOrigins; Microsoft.Web/sites/siteConfig.cors; Microsoft.Web/sites/siteConfig.apiDefinition.url; Microsoft.Web/sites/siteConfig.apiDefinition; Microsoft.Web/sites/siteConfig.autoSwapSlotName; Microsoft.Web/sites/siteConfig.localMySqlEnabled; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].ipAddress; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].subnetMask; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*]; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions; Microsoft.Web/sites/trafficManagerHostNames[*]; Microsoft.Web/sites/trafficManagerHostNames; Microsoft.Web/sites/premiumAppDeployed; Microsoft.Web/sites/scmSiteAlsoStopped; Microsoft.Web/sites/targetSwapSlot; Microsoft.Web/sites/hostingEnvironmentProfile.id; Microsoft.Web/sites/hostingEnvironmentProfile.name; Microsoft.Web/sites/hostingEnvironmentProfile.type; Microsoft.Web/sites/hostingEnvironmentProfile; Microsoft.Web/sites/microService; Microsoft.Web/sites/gatewaySiteName; Microsoft.Web/sites/clientAffinityEnabled; Microsoft.Web/sites/hostNamesDisabled; Microsoft.Web/sites/outboundIpAddresses; Microsoft.Web/sites/containerSize; Microsoft.Web/sites/maxNumberOfWorkers; Microsoft.Web/sites/cloningInfo.correlationId; Microsoft.Web/sites/cloningInfo.overwrite; Microsoft.Web/sites/cloningInfo.cloneCustomHostNames; Microsoft.Web/sites/cloningInfo.cloneSourceControl; Microsoft.Web/sites/cloningInfo.sourceWebAppId; Microsoft.Web/sites/cloningInfo.hostingEnvironment; Microsoft.Web/sites/cloningInfo.appSettingsOverrides.additionalProperties; Microsoft.Web/sites/cloningInfo.appSettingsOverrides; Microsoft.Web/sites/cloningInfo.configureLoadBalancing; Microsoft.Web/sites/cloningInfo.trafficManagerProfileId; Microsoft.Web/sites/cloningInfo.trafficManagerProfileName; Microsoft.Web/sites/cloningInfo; Microsoft.Web/sites/resourceGroup; Microsoft.Web/sites/isDefaultContainer; Microsoft.Web/sites/defaultHostName; Microsoft.Web/sites/reserved; Microsoft.Web/sites/possibleOutboundIpAddresses; Microsoft.Web/sites/dailyMemoryTimeQuota; Microsoft.Web/sites/suspendedTill; Microsoft.Web/sites/snapshotInfo.id; Microsoft.Web/sites/snapshotInfo.name; Microsoft.Web/sites/snapshotInfo.kind; Microsoft.Web/sites/snapshotInfo.type; Microsoft.Web/sites/snapshotInfo; Microsoft.Web/sites/snapshotInfo.snapshotTime; Microsoft.Web/sites/snapshotInfo.recoveryTarget.location; Microsoft.Web/sites/snapshotInfo.recoveryTarget.id; Microsoft.Web/sites/snapshotInfo.recoveryTarget; Microsoft.Web/sites/snapshotInfo.overwrite; Microsoft.Web/sites/snapshotInfo.recoverConfiguration; Microsoft.Web/sites/snapshotInfo.ignoreConflictingHostNames; Microsoft.Web/sites/slotSwapStatus.timestampUtc; Microsoft.Web/sites/slotSwapStatus.sourceSlotName; Microsoft.Web/sites/slotSwapStatus.destinationSlotName; Microsoft.Web/sites/slotSwapStatus; Microsoft.Web/sites/isXenon; Microsoft.Web/sites/hyperV; Microsoft.Web/sites/clientCertExclusionPaths; Microsoft.Web/sites/redundancyMode; Microsoft.Web/sites/inProgressOperationId; Microsoft.Web/sites/geoDistributions[*].location; Microsoft.Web/sites/geoDistributions[*].numberOfWorkers; Microsoft.Web/sites/geoDistributions[*]; Microsoft.Web/sites/geoDistributions; Microsoft.Web/sites/networkConfig.virtualNetwork.subnetResourceId; Microsoft.Web/sites/networkConfig.virtualNetwork.swiftSupported; Microsoft.Web/sites/hostNameSslStates[*].hostType; Microsoft.Web/sites/siteConfig.linuxFxVersion; Microsoft.Web/sites/siteConfig.machineKey.validation; Microsoft.Web/sites/siteConfig.machineKey.validationKey; Microsoft.Web/sites/siteConfig.machineKey.decryption; Microsoft.Web/sites/siteConfig.machineKey.decryptionKey; Microsoft.Web/sites/siteConfig.machineKey; Microsoft.Web/sites/siteConfig.push.id; Microsoft.Web/sites/siteConfig.push.name; Microsoft.Web/sites/siteConfig.push.kind; Microsoft.Web/sites/siteConfig.push.type; Microsoft.Web/sites/siteConfig.push; Microsoft.Web/sites/siteConfig.push.isPushEnabled; Microsoft.Web/sites/siteConfig.push.tagWhitelistJson; Microsoft.Web/sites/siteConfig.push.tagsRequiringAuth; Microsoft.Web/sites/siteConfig.push.dynamicTagsJson; Microsoft.Web/sites/siteConfig.http20Enabled; Microsoft.Web/sites/siteConfig.minTlsVersion; Microsoft.Web/sites/cloningInfo.ignoreQuotas; Microsoft.Web/sites/siteConfig.windowsFxVersion; Microsoft.Web/sites/siteConfig.azureStorageAccounts.additionalProperties.type; Microsoft.Web/sites/siteConfig.azureStorageAccounts.additionalProperties.accountName; Microsoft.Web/sites/siteConfig.azureStorageAccounts.additionalProperties.shareName; Microsoft.Web/sites/siteConfig.azureStorageAccounts.additionalProperties.accessKey; Microsoft.Web/sites/siteConfig.azureStorageAccounts.additionalProperties.mountPath; Microsoft.Web/sites/siteConfig.azureStorageAccounts.additionalProperties.state; Microsoft.Web/sites/siteConfig.azureStorageAccounts.additionalProperties; Microsoft.Web/sites/siteConfig.azureStorageAccounts; Microsoft.Web/sites/siteConfig.cors.supportCredentials; Microsoft.Web/sites/siteConfig.managedServiceIdentityId; Microsoft.Web/sites/siteConfig.xManagedServiceIdentityId; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].vnetSubnetResourceId; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].vnetTrafficTag; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].subnetTrafficTag; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].action; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].tag; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].priority; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].name; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].description; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].ipAddress; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].subnetMask; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].vnetSubnetResourceId; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].vnetTrafficTag; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].subnetTrafficTag; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].action; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].tag; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].priority; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].name; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].description; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*]; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictionsUseMain; Microsoft.Web/sites/siteConfig.ftpsState; Microsoft.Web/sites/siteConfig.reservedInstanceCount; Microsoft.Web/sites/cloningInfo.sourceWebAppLocation; Microsoft.Web/sites/siteConfig.appSettings[*].value; Microsoft.Web/sites/siteConfig.metadata[*].value; Microsoft.Web/sites/instances.deployments.id; Microsoft.Web/sites/instances.deployments.status; Microsoft.Web/sites/instances.deployments.message; Microsoft.Web/sites/instances.deployments.author; Microsoft.Web/sites/instances.deployments.deployer; Microsoft.Web/sites/instances.deployments.active; Microsoft.Web/sites/instances.deployments.details; Microsoft.Web/sites/privateAccess.virtualNetworks.virtualNetworks[*].name; Microsoft.Web/sites/privateAccess.virtualNetworks.virtualNetworks[*].key; Microsoft.Web/sites/privateAccess.virtualNetworks.virtualNetworks[*].resourceId; Microsoft.Web/sites/privateAccess.virtualNetworks.virtualNetworks[*].subnets[*].name; Microsoft.Web/sites/privateAccess.virtualNetworks.virtualNetworks[*].subnets[*].key; Microsoft.Web/sites/privateAccess.virtualNetworks.virtualNetworks[*].subnets[*]; Microsoft.Web/sites/privateAccess.virtualNetworks.virtualNetworks[*].subnets; Microsoft.Web/sites/privateAccess.virtualNetworks.virtualNetworks[*]; Microsoft.Web/sites/privateAccess.virtualNetworks.virtualNetworks; Microsoft.Web/sites/siteConfig.apiManagementConfig.id; Microsoft.Web/sites/siteConfig.apiManagementConfig; Microsoft.Web/sites/siteConfig.preWarmedInstanceCount; Microsoft.Web/sites/siteConfig.healthCheckPath; Microsoft.Web/sites/siteConfig.powerShellVersion; Microsoft.Web/sites/siteConfig.acrUseManagedIdentityCreds; Microsoft.Web/sites/siteConfig.acrUserManagedIdentityID; Microsoft.Web/sites/basicPublishingCredentialsPolicies.ftp.allow; Microsoft.Web/sites/siteConfig.ipSecurityRestrictions[*].headers; Microsoft.Web/sites/siteConfig.scmIpSecurityRestrictions[*].headers; Microsoft.Web/sites/clientCertMode; Microsoft.Web/sites/customDomainVerificationId; Microsoft.Web/sites/siteConfig.scmMinTlsVersion; Microsoft.Web/sites/siteConfig.vnetRouteAllEnabled; Microsoft.Web/sites/siteConfig.vnetPrivatePortsCount; Microsoft.Web/sites/siteConfig.push.systemData; Microsoft.Web/sites/siteConfig.push.systemData.createdBy; Microsoft.Web/sites/siteConfig.push.systemData.createdByType; Microsoft.Web/sites/siteConfig.push.systemData.createdAt; Microsoft.Web/sites/siteConfig.push.systemData.lastModifiedBy; Microsoft.Web/sites/siteConfig.push.systemData.lastModifiedByType; Microsoft.Web/sites/siteConfig.push.systemData.lastModifiedAt; Microsoft.Web/sites/storageAccountRequired; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodes[*].path; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequests.path; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequestsWithPath; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequestsWithPath[*]; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequestsWithPath[*].timeTaken; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequestsWithPath[*].path; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequestsWithPath[*].count; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.slowRequestsWithPath[*].timeInterval; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodesRange; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodesRange[*]; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodesRange[*].statusCodes; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodesRange[*].path; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodesRange[*].count; Microsoft.Web/sites/siteConfig.autoHealRules.triggers.statusCodesRange[*].timeInterval; Microsoft.Web/sites/siteConfig.keyVaultReferenceIdentity; Microsoft.Web/sites/siteConfig.functionAppScaleLimit; Microsoft.Web/sites/siteConfig.functionsRuntimeScaleMonitoringEnabled; Microsoft.Web/sites/siteConfig.websiteTimeZone; Microsoft.Web/sites/siteConfig.minimumElasticInstanceCount; Microsoft.Web/sites/siteConfig.publicNetworkAccess; Microsoft.Web/sites/keyVaultReferenceIdentity; Microsoft.Web/sites/virtualNetworkSubnetId; Microsoft.Web/sites/vnetRouteAllEnabled; Microsoft.Web/sites/vnetImagePullEnabled; Microsoft.Web/sites/vnetContentShareEnabled; Microsoft.Web/sites/publicNetworkAccess'. Please open a CSS ticket at https://azure.microsoft.com/support/create-ticket to request new aliases.
- Error - The policy definition '7188d6df-02bf-4ad9-b89b-ba92270e9e55' rule is invalid. The 'field' property 'Microsoft.Web/sites/privateEndpointConnectionProxies' of the policy rule doesn't exist as an alias under provider 'Microsoft.Web' . can you guys give any suggestions on this issue?
josequintinoThank you for the response.
Have a question on approach number 1. To modify the built in policy "Allowed resource types" (https://www.azadvertizer.net/azpolicyadvertizer/a08ec900-254a-4555-9bf5-e42af04b5c5c.html). The policy parameters are generated dynamically(at least from what I have noticed) and that dynamically generated list doesn't have the sub resource which is causing the issue.. Is there a way to modify these parameters to add Microsoft.Web/sites/privateEndpointConnectionProxies?
- To resolve this issue, you may need to check if the Private Endpoint service is available in your Azure subscription and location. You can do this by checking the Azure documentation or contacting Azure support.
Additionally, you may need to ensure that your Azure subscription has the necessary permissions and resource providers enabled to create private endpoint connections and proxies. You can check your subscription's permissions and resource providers by accessing the Azure portal and navigating to the "Access control (IAM)" and "Resource providers" sections, respectively.
