Is it possible to create an Azure Policy Exemption at the same as as the resource being exempted?

Question

Azure Policy can be used to define conventions that, when Policy Enforcement is enabled, will prevent non-compliant resources from being created.

In scenarios where non-compliant resources need to be exempted this leads to having to coordinate several steps:

1. Disable policy Enforcement
2. Create the non-compliant resource
3. Add the exemption for the non-compliant resource to the Policy Assignment
4. Re-enable Enforcement
5. Review if any unexpected changes occurred during the period of time Enforcement was disabled -- and how to bring things back to compliance

While the above is acceptable, I'm curious if there is an ability to simultaneously create the non-compliant resource and the exemption without the need to coordinate other steps and create the chance for other issues to be introduced.

Is there a way to create a resource and an policy assignment exemption for it simultaneously? Is this potentially in a preview or private preview feature?

Answer 1

Short of the workaround shared by Roderick Bant (creating a Resource Group, exempting it, then creating Resources within it) it is not possible.

The resources must be created while the policy is not enforced, otherwise the exempt resources cannot be created at all. Creating a resource which will require an exception requires a series of steps:

• Disabling Policy Enforcement
• Creating the new resource
• Creating the Policy Exception
• Re-enabling Policy Enforcement
• Validating and responding to any violations that occurred while the policy was not in effect