I am looking for an option to enforce user to use specific image, i am trying to modify below code to use HuB image
. Below is the code I am trying to modify to enforce windows HuB
"if": {
"allOf": [
{
"field": "type",
"in": [ "Microsoft.Compute/virtualMachines", "Microsoft.Compute/VirtualMachineScaleSets" ]
},
{
"field": "Microsoft.Compute/licenseType",
"exists": Windows_Server
}
]
},
"then": {
"effect": "deny"
}
} }
If my understanding is right, you could firstly find Hub images's SKU.
For Windows Server:
PS C:\Program Files\> Get-AzureRmVMImagesku -Location westus -PublisherName MicrosoftWindowsServer -Offer WindowsServer-Hub|select Skus
Skus
----
2008-R2-SP1-HUB
2012-Datacenter-HUB
2012-R2-Datacenter-HUB
2016-Datacenter-HUB
For Windows Client:
PS C:\Program Files> Get-AzureRMVMImageSku -Location "West US" -Publisher "MicrosoftWindowsServer" -Offer "Windows-HUB"|select Skus
Skus
----
Windows-10-HUB
More information about this please refer to this blog and this link.
According to the official document. Maybe you could modify your policy as below:
{
"if":{
{
"anyOf": [
{
"field": "Microsoft.Compute/imageSku",
"like": "2016-Datacenter-HUB*"
},
{
"field": "Microsoft.Compute/imageSku",
"like": "Windows-10-HUB*"
},
{
.....
}
]
}
},
"then": {
"effect": "deny"
}
}