Azure Policy weird behaviour while creating resource group without tag
I've applied Azure policy which forces the user to assign a tag while creating a Resource Group.
When i create a new VM and then fill in all the fields, i create a new Resource Group in the same wizard and then click review and create button. This time azure policy is triggered properly and blocks me as the newly created RG is not created with tag.
But when I go to resource group policy and click on Add to create a new RG. that time i don't fill Tags then too policy doesn't get trigger. I'm little surprise why the first time this policy is working but not the second time.
{
"if": {
"allOf": [
{
"field": "tags",
"exists": "false"
},
{
"field": "type",
"equals": "Microsoft.Resources/subscriptions/resourceGroups"
}
]
},
"then": {
"effect": "deny"
}
}
Seems figure it out, it is not related to the Azure policy, your policy should work fine, it may be a bug of the blade of creating the resource group in the portal.
I try to create a resource group via powershell several times, the policy works fine.
My test policy:
If it is necessary, you could open an issue in the Github.