Azure Policy not assigning on tagged VM

Question

Overview: I am trying to assign a policy to VMs by LinuxFamily tag. For example - if the VM has tag LinuxFamily: debian then all policy definitions with policyRule below should be assigned.

I have a policies with the policyRule containing:

and a VM with the following tag:

I've added the policies to an initiative. However, the initiative or policies within the initiative are not picking up the resource:

Edit- Full Policy Code / Steps to re-produce:

The Built-in Azure policy "Linux machines should meet requirements for the Azure compute security baseline" can be duplicated and the policyRule "if" changed to:

Assigning this to an VM with produce the same result (ensure parameters are set to true)

Answer 1

I am trying to audit the resource if the 'LinuxFamily: debian' tag is present on all VM resources with the policy.

Here is the Azure Policy to audit the resources and check if the LinuxFamily: debian tag is present on all Azure VM resources.

{
  "mode": "All",
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Compute/virtualMachines"
        },
        {
          "not": {
            "field": "tags['LinuxFamily']",
            "equals": "debian"
          }
        }
      ]
    },
    "then": {
      "effect": "audit"
    }
  },
  "parameters": {}
}

I have 3 Linux VMs in my azure subscription. out of these, 2 have the tag LinuxFamily: debian, and 1 has a different tag.

The VM resource are having tag LinuxFamily: debian which are mark as complain and other non-complain.

Policy compliance result:

You can filter the VM resources by selecting the compliance state option in the policy compliance section.

For example : To filter compliant resources, select only compliant, and you will get all compliant resources as per the tag.