policyAssignments/CAF-Sandbox-Default.json
|
{
"nodeName": "/Sandbox/", "scope": { "tenant1": [ "/providers/Microsoft.Management/managementGroups/sandbox" ] }, "children": [ { "nodeName": "Guardrails", "assignment": { "name": "Enforce-ALZ-Sandbox", "displayName": "Enforce ALZ Sandbox Guardrails", "description": "This initiative will help enforce and govern subscriptions that are placed within the Sandbox Management Group. See https://aka.ms/alz/policies for more information." }, "definitionEntry": { "policySetName": "Enforce-ALZ-Sandbox" }, "parameters": { "listOfResourceTypesNotAllowed": [ "microsoft.network/expressroutecircuits", "microsoft.network/expressroutegateways", "microsoft.network/virtualwans", "microsoft.network/virtualhubs", "microsoft.network/vpngateways", "microsoft.network/vpnsites" ] }, "nonComplianceMessages": [ { "Message": "ALZ Sandbox Guardrails must be enforced." } ] } ] } |