Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
898 questions
Effect of editing custom Azure Policy definition on existing assignments?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 19%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Mark Poole (7805)
0
Reputation points
I am trying to understand how editing a custom Azure policy definition affects existing assignments but can't find any info on this.
Our scenario: We have a custom policy definition for the deployment and configuration of the AMA client on Arc connected machines. The policy was assigned to an RG with Arc connected machines in it. The AMA client was installed and configured, and the machines showed as being compliant with the policy. Unfortunately, the policy definition has a typo in the proxy settings so the machines need updating with the correct value.
I updated the policy definition but clients still reported as being compliant with the policy even though the AMA client reported back the wrong proxy config.
I then tried removing the policy assignments and creating new policy assignments against the updated policy definition. The clients still report back as being compliant with the policy even though the AMA client is still reporting back the wrong proxy config. I have manually triggered a compliance scan to try and rule out the compliance date being stale.
I am expecting the clients to become non-compliant as their AMA config no longer matches the policy definition but this does not seem to be happening. Am I wrong in my expectations?
Sign in to answer