How can i put Deny Assignment in Azure Subscription or Resource Group level?

I want to put a Deny Rule on the subscription so that the contributor access can be overridden with the custom role with some exceptions.

I found the article on MS portal ( https://learn.microsoft.com/en-us/azure/role-based-access-control/deny-assignments ), though not able to get any example how this can be implemented.

Any guidance will be helpful.

Thanks

Solution

You need to use the Azure Blueprints, you can't directly create your own deny assignments, deny assignments are created and managed by Azure, e.g. Azure Blueprints.

The doc explains that:

Deny assignments are created and managed by Azure to protect resources. For example, Azure Blueprints and Azure managed apps use deny assignments to protect system-managed resources. For more information, see Protect new resources with Azure Blueprints resource locks.

How to configure backend application on Container Apps
WebJob is stopping due to website shutting down
Azure SQL trigger for Functions configuration problem
Does azure blob storage support http2?
Azure Pronunciation Assessment Could not deserialize speech context error
Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
How do I Parse FormData containing a audio file in AZ function app in 2025
Not able to delete Public IP address in azure
Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
Azure Storage accounts container public access level has dissabled
Issue with adding delegated Graph API permission to Enterprise app with Terraform
Getting an error when using the Flexible File Destination Task in Visual Studio 2022 SSIS
Problem with Azure Email Communication Service Custom Domain
How to refresh client assertion in ConfidentialClientApplication?
Using Microsoft Graph Explorer (we have code too) we can GET All Subscriptions, but GET one by ID gives access error
Invalid operands found for operator -eq
nginx - php-fpm - azure container app returns truncated pages
Adding custom headers to Azure Functions response
Azure Queue Trigger is hit but not executing the logic inside of it
az cli not showing redisenterprise keys
Enforce MFA for specific API called from SPFx via AADTokenProvider (Even with SPO MFA)
Azure Devops Server Pipelines: Any way to have a Stage result as "Succeeded" even if a constituent Job reported "SucceededWithIssues"?
YAML strings including special characters % and & were not printed correctly for Windows environment
Azure function returns error: No job functions found. Try making your job classes and methods public
How to view Oldest Query results in Azure Monitor Metrics for an Azure PostgreSQL Flex Server instance
Authenticate to Azure with certificate from Linux
What are the minimum Azure permissions required to publish a Power BI report using "App Owns the Data"?
How to report an Azure Text-to-Speech bug?
Refresh an Azure search index
Best way to clean up resources in StatefulService