Azure-docs: Set scope to 'Subscription'

Created on 20 Oct 2018  Â·  6Comments  Â·  Source: MicrosoftDocs/azure-docs

Unable to set the scope to the subscription.

$Subscription = Get-AzureRmSubscription -SubscriptionName <Subscription Name>
$Subscription.ResourceId. ---->This is a Null value.

So the below doesn't work
New-AzureRmPolicyAssignment -Name 'Allow resource creation only in United States data centers' -PolicyDefinition $Policy -Scope $Subscription.ResourceId -Verbose

I tried with Subscription id. And that doesn't work either.
Error: The request did not have a provided subscription. All requests must have an associated subscription Id.

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

azure-policsvc cxp doc-enhancement in-progress triaged
Source
picture Ayanmullick

Most helpful comment

To update this item, the issue is that the example is for Resource Groups and uses Get-AzureRmResourceGroup. That cmdlet returns an object with property ResourceId which has the full path resource identifier that the -Scope parameter expects. @Ayanmullick was trying to set the scope to a Subscription. Get-AzureRmSubscription returns a property Id, but it is not the full path. Using it with scope requires prepending it such that /subscriptions/<subId>/ is passed to -Scope on New-AzureRmPolicyAssignment.

I have two actions for this based on suggestion from @Ayanmullick:

  • Add example for scope of Subscription
  • Add example for scope of Management Group

@MicrosoftDocs/azure-cxp-triage Please change this label from 'product-question' to 'doc-enhancement'. I'll leave the issue open until the doc is updated with the two mentioned actions.

picture DCtheGeek on 22 Oct 2018
👍2

All 6 comments

@Ayanmullick Thank you for the detailed feedback. We are actively investigating and will get back to you soon.

Mike-Ubezzi-MSFT picture Mike-Ubezzi-MSFT on 20 Oct 2018

@Ayanmullick Couple quick questions for you to help on this...

  • Are you using Azure PowerShell locally or in Cloud Shell?
  • What version of PowerShell are you using (get with $PSVersionTable.PSVersion)?
  • Have you installed the new 'Az' module (preview) for PowerShell?
  • When you ran the cmdlet for Get-AzureRmSubscription, did you get any errors?

My guess is that you are running PowerShell locally and it looks like the directions are missing performing authentication to Azure first (using Connect-AzureRmAccount). I'd like to verify that with you and then get the article updated with that missing step. Thanks!

@MicrosoftDocs/azure-cxp-triage Please assign to me, and #in-progress.

DCtheGeek picture DCtheGeek on 22 Oct 2018
👍1
  1. Yes, I'm running it locally

  2. Major : 5
    Minor : 1
    Build : 16299
    Revision : 637
    MajorRevision : 0
    MinorRevision : 637

  3. No, I haven't installed it.

  4. No, I didn't get any errors.

I am running it locally. However, I am authenticated into Azure with Login-AzureRMAccount. I get the context of the desired subscription when I run Get-AzureRmContext.

Ayanmullick picture Ayanmullick on 22 Oct 2018

@Ayanmullick Can you validate you having Azure PowerShell 6.3.0+ with Get-Module -Name AzureRM.profile? Please update to the latest, currently 6.10.0, using these directions and see if it is still not working. This might simply be an issue of an old install of Azure PowerShell.

DCtheGeek picture DCtheGeek on 22 Oct 2018

To update this item, the issue is that the example is for Resource Groups and uses Get-AzureRmResourceGroup. That cmdlet returns an object with property ResourceId which has the full path resource identifier that the -Scope parameter expects. @Ayanmullick was trying to set the scope to a Subscription. Get-AzureRmSubscription returns a property Id, but it is not the full path. Using it with scope requires prepending it such that /subscriptions/<subId>/ is passed to -Scope on New-AzureRmPolicyAssignment.

I have two actions for this based on suggestion from @Ayanmullick:

  • Add example for scope of Subscription
  • Add example for scope of Management Group

@MicrosoftDocs/azure-cxp-triage Please change this label from 'product-question' to 'doc-enhancement'. I'll leave the issue open until the doc is updated with the two mentioned actions.

DCtheGeek picture DCtheGeek on 22 Oct 2018
👍2

@Ayanmullick The updated article for this request should post this morning. Note that I didn't update the Quickstart since that is designed to take you through a specific experience. Instead, the update will provide clarity for subscriptions and management groups on Programmatically create policies. The merge will automatically close this, but if you don't feel that update provides the information you were looking for, please respond back and let us know. Thanks again!

DCtheGeek picture DCtheGeek on 29 Oct 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

varma31 picture varma31  Â·  3Comments
bityob picture bityob  Â·  3Comments
mrdfuse picture mrdfuse  Â·  3Comments
jebeld17 picture jebeld17  Â·  3Comments
Agazoth picture Agazoth  Â·  3Comments