I am trying to deny users from creating a vms with public ip addresses.
I am getting the following error - value not accepted on this - "field": "Microsoft.Network/publicIPAddresses.ipConfiguration.id",
{
"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Network/publicIPAddresses"
},
{
"not": {
"field": "Microsoft.Network/publicIPAddresses.ipConfiguration.id",
"exists": "true"
}
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {}
}
The policy you are using will deny any resource with a public IP, and the field in policy also is not correct.
Here is the correct field:
Here is the updated policy to deny users from creating a VMS with public ip addresses.
After assigning the policy to the specified scope, it denies the creation of VMS with public IPs, as shown below.