Use descriptive policy exemptions
March 21, 2025 ยท View on GitHub
SYNOPSIS
Policy exemptions should use a display name and description.
DESCRIPTION
Policy assignments can be configured with a display name and description. Use these additional properties to clearly convey the reason for the policy exemption. Additionally, consider providing a link or reference to track exemption conditions and approval.
RECOMMENDATION
Consider setting a display name and description for each policy exemption.
EXAMPLES
Azure templates
To deploy policy exemptions that pass this rule:
- Set the
properties.displayNameproperty with a valid value. - Set the
properties.descriptionproperty with a valid value.
For example:
{
"comments": "An example exemption.",
"name": "exemption-001",
"type": "Microsoft.Authorization/policyExemptions",
"apiVersion": "2020-07-01-preview",
"properties": {
"policyAssignmentId": "<assignment_id>",
"policyDefinitionReferenceIds": [],
"exemptionCategory": "Waiver",
"expiresOn": "2021-04-27T14:00:00Z",
"displayName": "Exemption 001",
"description": "An example exemption.",
"metadata": {
"requestedBy": "Apps team",
"approvedBy": "Security team",
"createdBy": "DevOps pipeline"
}
}
}