• Stars
    star
    1,485
  • Rank 31,644 (Top 0.7 %)
  • Language Open Policy Agent
  • License
    MIT License
  • Created over 7 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Repository for Azure Resource Policy built-in definitions and samples

Azure Policy Samples

This repository contains the direct representation of built-in definitions published to Azure. For easy search of all built-in with descriptions, see Policy samples on docs.microsoft.com.

For custom policy samples, check out our Community repo! (https://github.com/Azure/Community-Policy)

Contributing

To contribute, please submit your policies to our Community repo! (https://github.com/Azure/Community-Policy)

Reporting Issues

The support for addressing built-in definition issues is handled by Azure Customer Support. Open a new Azure Customer Support ticket if you believe a definition has a bug or error.

Azure Policy Known Issues

Check here for a current list of known issues for Azure Policy.

Azure Policy Resources

Articles

References

Getting Support

The general Azure Policy support role of this repository has transitioned to standard Azure support channels. See below for information about getting support help for Azure Policy.

Alias Requests

An alias enables you to restrict what values or conditions are permitted for a property on a resource. Each alias maps to the paths in different API versions for a given resource type. During policy evaluation, the policy engine gets the property path for that API version. See the documentation page on aliases here. For additional information about Azure Policy and aliases, visit this blog post.

Support for requesting aliases is handled by Azure Customer Support. Open a new Azure Customer Support ticket if you believe you need new aliases to be published.

This page documents the commands for discovering existing aliases.

General Questions

If you have questions you haven't been able to answer from the Azure Policy documentation, there are a few places that host discussions on Azure Policy:

If your questions are more in-depth or involve information that is not public, open a new Azure Customer Support ticket.

Documentation Corrections

To report issues in the Azure Policy online documentation, look for a feedback area at the bottom of the page. If you don't see a place to enter feedback, you can also directly open a new issue at the Microsoft Docs GitHub.

Other Support for Azure Policy

If you are encountering livesite issues or difficulties in implementing new policies that may be due to problems in Azure Policy itself, open a support ticket at Azure Customer Support. If you want to submit an idea for consideration, add an idea or upvote an existing idea at Azure Governance Ideas.

Known Issues

Azure Policy operates at a level above other Azure services by applying policy rules against PUT requests and GET responses of resource types going between Azure Resource Manager and the owning resource provider (RP). In a few cases, the behavior of a given RP is unexpected or incompatible in some way with Azure Policy. The Azure Policy team works with the RP teams to close these gaps as soon as possible after they are discovered. Usually aliases for properties of these resource types will be removed after the anomalous behavior is discovered. Issues of this nature will be documented here until final resolution.

All cases of known resource types with anomalous policy behavior are listed here. Currently there is no way to make these resource types invisible at policy authoring time, so writing policies that attempt to manage these resource types cannot be prevented, despite the fact that the results of such policies may be either incomplete or incorrect.

Resource Type query results incomplete, missing, or non-standard format

In some cases, certain RPs may return incomplete or otherwise limited or missing information about resources of a given type. The Azure Policy engine is unable to determine the compliance of any resources of such a type. Below are listed the known resource types exhibiting this problem.

  • Microsoft.Web/sites/config/* (except Microsoft.Web/sites/config/web)
  • Microsoft.Web/sites/slots/config/* (except Microsoft.Web/sites/slots/config/web)

Currently, there is no plan to change this behavior for the above Microsoft.Web resource types. If this scenario is important to you, please open a support ticket with the Web team.

  • Microsoft.HDInsights/clusters/computeProfile.roles[*].scriptActions
  • Microsoft.Sql/servers/auditingSettings
    • This type will work correctly as the related resource in AuditIfNotExists and DeployIfNotExists policies, as long as a name for the resource is provided, e.g:
              "details": {
                "type": "Microsoft.Sql/servers/auditingSettings",
                "name": "default"
              }
    
  • Microsoft.DataLakeStore/accounts
    • This type behaves similarly to Microsoft.Sql/servers/auditingSettings. Compliance of some fields cannot be determined except in AuditIfNotExists and DeployIfNotExists policies.
  • Microsoft.DataLakeStore/accounts/encryptionState
    • This property of this type is populated differently when queried than when created or updated unless non-standard parameters are provided. This means deny policies will work, but compliance audits will generally not be correct.
  • Microsoft.Sql 'master' database
    • This type behaves similarly to Microsoft.Sql/servers/auditingSettings. Compliance of some fields cannot be determined except in AuditIfNotExists and DeployIfNotExists policies.
  • Microsoft.Compute/virtualMachines/instanceView
    • Collection query of this type is missing many properties, which means compliance checks may not work.
  • Microsoft.Network/virtualNetworks/subnets
    • The routeTable property of this type is populated differently when queried than when created or updated unless non-standard parameters are provided. This means deny policies will work, but compliance audits will generally not be correct.
  • Microsoft.Insights/workbooks
    • The collection GET API call for this type doesn't return all workbooks, which could result in some or all workbook resources being incorrectly flagged as non-compliant.

Resource Type not correctly published by resource provider

In some cases, a resource provider may implement a resource type, but not correctly publish it to the Azure Resource Manager. The result of this is that Azure Policy is unable to discover the type in order to determine compliance. In some cases, this still allows deny policies to work, but compliance results will usually be incorrect. Currently, all resource types known to have this behavior have been corrected.

In some cases the unpublished resource type is actually a subtype of a published type, which causes aliases to refer to a parent type instead of the unpublished type. Evaluation of such policies fails, causing the policy to never apply to any resource.

These resource types previously exhibited this behavior but have been fixed:

  • Microsoft.EventHub/namespaces/networkrulesets
  • Microsoft.ServiceBus/namespaces/networkrulesets
  • Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies
  • Microsoft.ApiManagement/service/portalsettings/delegation
  • Microsoft.Storage/storageAccounts/blobServices

Resource management that bypasses Azure Resource Manager

Resource providers are free to implement their own resource management operations outside of Azure Resource Manager ("dataplane" operations). In almost every Azure resource type, the distinction between resource management and dataplane operations is clear and the resource provider only implements resource management one way. Occasionally, a resource provider may choose to implement a type that can be managed both ways. In this case, Azure Policy controls the standard Azure Resource Manager API normally, but operations on the direct resource provider API to create, modify and delete resources of that type bypass Azure Resource Manager so they are invisible to Azure Policy. Since policy enforcement is incomplete, we recommend that customers do not implement policies targeting such a resource type. This is the list of known such resource types:

  • Microsoft.Storage/storageAccounts/blobServices/containers

The storage team has implemented blob public access control on storage accounts to address this scenario. Per-account public access control of blobs can be controlled by Azure Policy using the new alias Microsoft.Storage/storageAccounts/allowBlobPublicAccess.

  • Microsoft.Sql/servers/firewallRules

Firewall rules can be created/deleted/modified via T-SQL commands, which bypasses Azure Policy. There is currently no plan to address this.

  • Microsoft.ServiceFabric/clusters/applications

Service Fabric applications created via direct requests to the Service Fabric cluster (i.e. via New-ServiceFabricApplication) will not appear in the Azure Resource Manager representation of the Service Fabric cluster. Policy will not be able to audit/enforce these applications.

Note that Azure policies for dataplane operations of certain targeted resource providers is also supported or under active development. Please see the Resource Provider modes.

Nonstandard creation pattern

In a few instances, the creation pattern of a resource type doesn't follow normal REST patterns. In these cases, deny policies may not work or may only work for some properties. For example, certain resource types may PUT only a subset of the properties of the resource type to create the entire resource. With such types the resource provider selects the values for properties not provided in the payload. Such a resource might be created with a non-compliant value even though a deny policy exists to prevent it. A similar result may occur if a set of resource types can be created using a collection PUT. Known resource types that exhibit this class of behavior:

  • Microsoft.Automation/certificates
  • Microsoft.Security/securityContacts

There is currently no plan to change this behavior for these types. If this scenario is important to you, please open a support ticket with the Azure SQL or Automation team.

Nonstandard update pattern through Azure Portal

In some cases, a resource provider can choose not to follow normal REST patterns when a resource is updated via the portal. In these cases, a partial PUT request is done instead of a PATCH request causing the policy engine to evaluate as if some properties do not have values.

  • Microsoft.Web/sites

Provider pass-through to non Azure Resource Manager resources

There are examples where a resource provider publishes a resource type to Azure Resource Manager, but the resources it represents cannot be managed by Azure Resource Manager. For example, Microsoft.Web has published several resource types to Azure Resource Manager that actually represent resources of the customer's site rather than Azure Resource Manager resources. Such resources cannot or should not be managed by Azure policy, and are explicitly excluded. All known examples are listed here:

  • Microsoft.Web/sites/deployments
  • Microsoft.Web/sites/functions
  • Microsoft.Web/sites/instances/deployments
  • Microsoft.Web/sites/siteextensions
  • Microsoft.Web/sites/slots/deployments
  • Microsoft.Web/sites/slots/functions
  • Microsoft.Web/sites/slots/instances/deployments
  • Microsoft.Web/sites/slots/siteextensions
  • Microsoft.Web/sites/sourcecontrols
  • Microsoft.Web/sites/slots/sourcecontrols
  • Microsoft.Web/sites/privateaccess

Legacy or incorrect aliases

Since custom policies use aliases directly, it is usually not possible to update them without causing unintended side effects to existing custom policies. This means that aliases referring to incorrect information or following legacy naming conventions must be left in place, even though it may cause confusion. In certain cases where an alias is known to refer to the wrong information, another alias may be created as a corrected alternative to the known bad one. In these cases, the new alias will be given the name of the bad alias with .v2 appended. For example a bad alias named Microsoft.ResourceProvider/someType/someAlias would result in the addition of a corrected version named Microsoft.ResourceProvider/someType/someAlias.v2. If an alias is added to correct a .v2 alias it will be named by replacing v2 with v3. All known corrected aliases are listed here:

  • Microsoft.Sql/servers/databases/requestedServiceObjectiveName.v2

To enforce around SQL databases transparentDataEncryption, please use both the legacy alias (api versions between 2014-04-01 and 2022-05-01-preview) Microsoft.Sql/transparentDataEncryption.status and the new alias (post api version 2022-05-01-preview) Microsoft.Sql/servers/databases/transparentDataEncryption/state.

Resource property names that include symbols or numbers such as dashings '-' or slashes '/' are a nonstandard creation pattern and alias for those properities are not generated.

Optional or auto-generated resource property that bypasses policy evaluation

In a few instances, when creating a resource from Azure Portal, the property is not set in the PUT request payload. When the request reaches the resource provider, the resource provider generates the property and sets the value. Because the property is not in the request payload, the policy cannot evaluate the property. Known resource fields that exhibit this class of behavior:

  • Microsoft.Storage/storageAccounts/networkAcls.defaultAction
  • Microsoft.Authorization/roleAssignments/principalType
  • Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType
  • Microsoft.Compute/virtualMachines/storageProfile.osDisk.diskSizeGB
  • Microsoft.Compute/virtualMachineScaleSets/virtualMachineProfile.storageProfile.osDisk.diskSizeGB
  • Microsoft.Compute/virtualMachineScaleSets/virtualMachines/storageProfile.osDisk.diskSizeGB
  • Microsoft.Authorization/roleAssignmentScheduleInstances/* (all aliases)
  • Microsoft.Cache/Redis/privateEndpointConnections[*]
  • Microsoft.Cache/Redis/privateEndpointConnections[*].provisioningState
  • Microsoft.Cache/Redis/privateEndpointConnections[*].privateLinkServiceConnectionState.status

Using this type of alias in the existence condition of auditIfNotExists or deployIfNotExists policies works correctly. These two kinds of effects will get the full resource content to evaluate the existence condition. The property is always present in GET request payloads.

Using this type of alias in audit/deny/append effect policies works partially. The compliance scan result will be correct for existing resources. However, when creating/updating the resource, there will be no audit events for audit effect policies and no deny or append behaviors for deny/append effect policies because of the missing property in the request payload.

  • Microsoft.Databricks/* (Creation time only)

All Databricks resources bypass policy enforcement at creation time. Databricks resources will have policy enforcement post-creation. To provide feedback on this, please leverage the Databricks UserVoice.

Resources that are exempt from policy evaluation

  • Microsoft.Resources/*, except resource groups and subscriptions.
    • For example, Microsoft.Resources/deployments and Microsoft.Resources/templateSpecs are not evaluated by policy.
  • Microsoft.Billing/*
  • Microsoft.Capacity/reservationOrders/*
  • Microsoft.Help/*
  • Microsoft.Diagnostics/*

Resource types that exceed current enforcement and compliance scale

There some resource types that are generated at very high scale. These are not suitable for management by Azure Policy because the enforcement and compliance checks create overhead that can negatively impact the performance of the API itself. Most of these are not significant policy scenarios, but there are a few exceptions.

These are resource types that have significant policy scenarios, but are not supported by Azure Policy due to the above scalability considerations:

  • Microsoft.ServiceBus/namespaces/topics
  • Microsoft.ServiceBus/namespaces/topics/authorizationRules
  • Microsoft.ServiceBus/namespaces/topics/subscriptions
  • Microsoft.ServiceBus/namespaces/topics/subscriptions/rules

Work to increase the scale that policy can be performantly applied to resource types is in progress. Planned availability date is not yet determined.

Alias changes

May 2020: Microsoft.DocumentDB/databaseAccounts/ipRangeFilter updated from a string property to an array. Please re-author your custom definitions to support the property as an array.
July 2020: The alias Microsoft.Sql/servers/securityAlertPolicies/emailAddresses[] and related policies were deprecated.

Resource types that do not display non-compliance messages in the portal during preflight validation

There are resource types that do not properly display non-compliance messages in the portal during preflight validation, but instead they show a link to the activity log.

This behavior is seen in the following resource types:

  • Microsoft.Kusto/clusters
  • Microsoft.Cdn/profiles
  • Microsoft.ContainerRegistry/registries
  • Microsoft.Cache/Redis

This behavior is also seen in resource types from the following RPs:

  • Microsoft.DataLakeAnalytics
  • Microsoft.DataLakeStore
  • Microsoft.DBforMySQL
  • Microsoft.HDInsight

Azure Policy Extension for Arc is not compatible on Kubernetes 1.25 (preview) version

Policy extension for Arc installation will fail on 1.25 clusters with the following error code and message: Code: ExtensionOperationFailed "err [unable to build kubernetes objects from release manifest: unable to recognize "": no matches for kind "PodSecurityPolicy" in version "policy/v1beta1"]} occurred while doing the operation :"

Mitigation: Avoid using K8s 1.25 (preview) with the Azure Policy Extension for Arc. The extension can be used with any GA supported version such as 1.22, 1.23, or 1.24. Feature team is actively working on fixing this issue. We will update this known issue once the resolution is available.

For support involving these compliance message issues, please first follow up with the respective RP listed above.

Resource types that do not support creation of Policy exemptions

These resource types do not allow Policy exemptions on resources due to deny assignments. Workaround is to use exclusions at the assignment level.

  • Microsoft.Databricks/*

Resource types with unsupported property names

Currently Azure Policy supports only alphanumeric characters for property and alias names. There are a handful of resource types with property names containing non-alphanumeric characters. These properties cannot currently be onboarded to Azure Policy:

Microsoft.Cache/Redis/

  • redisConfiguration.rdb-backup-enabled
  • redisConfiguration.rdb-backup-frequency
  • redisConfiguration.rdb-backup-max-snapshot-count
  • redisConfiguration.rdb-storage-connection-string
  • redisConfiguration.aof-storage-connection-string-0
  • redisConfiguration.aof-storage-connection-string-1
  • redisConfiguration.maxfragmentationmemory-reserved
  • redisConfiguration.maxmemory-policy
  • redisConfiguration.maxmemory-reserved
  • redisConfiguration.maxmemory-delta
  • redisConfiguration.aof-backup-enabled
  • redisConfiguration.zonal-configuration
  • redisConfiguration.preferred-data-archive-auth-method
  • redisConfiguration.preferred-data-persistence-auth-method

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

More Repositories

1

azure-quickstart-templates

Azure Quickstart Templates
Bicep
13,949
star
2

azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
C#
5,256
star
3

autorest

OpenAPI (f.k.a Swagger) Specification code generator. Supports C#, PowerShell, Go, Java, Node.js, TypeScript, Python
TypeScript
4,594
star
4

Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.
Jupyter Notebook
4,559
star
5

azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
Python
4,540
star
6

azure-powershell

Microsoft Azure PowerShell
C#
4,178
star
7

MachineLearningNotebooks

Python notebooks with ML and deep learning examples with Azure Machine Learning Python SDK | Microsoft
Jupyter Notebook
4,090
star
8

DotNetty

DotNetty project – a port of netty, event-driven asynchronous network application framework
C#
4,087
star
9

azure-cli

Azure Command-Line Interface
Python
3,930
star
10

draft-classic

A tool for developers to create cloud-native applications on Kubernetes.
Go
3,925
star
11

bicep

Bicep is a declarative language for describing and deploying Azure resources
Bicep
3,240
star
12

azure-rest-api-specs

The source for REST API specifications for Microsoft Azure.
HCL
2,634
star
13

azure-sdk-for-java

This repository is for active development of the Azure SDK for Java. For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/java/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-java.
Java
2,305
star
14

azure-sdk-for-js

This repository is for active development of the Azure SDK for JavaScript (NodeJS & Browser). For consumers of the SDK we recommend visiting our public developer docs at https://docs.microsoft.com/javascript/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-js.
TypeScript
2,051
star
15

AKS

Azure Kubernetes Service
HTML
1,965
star
16

azure-functions-host

The host/runtime that powers Azure Functions
C#
1,871
star
17

golua

A Lua 5.3 engine implemented in Go
Go
1,850
star
18

Azurite

A lightweight server clone of Azure Storage that simulates most of the commands supported by it with minimal dependencies
TypeScript
1,823
star
19

azureml-examples

Official community-driven Azure Machine Learning examples, tested with GitHub Actions.
Jupyter Notebook
1,733
star
20

Microsoft-Defender-for-Cloud

Welcome to the Microsoft Defender for Cloud community repository
PowerShell
1,677
star
21

Enterprise-Scale

The Azure Landing Zones (Enterprise-Scale) architecture provides prescriptive guidance coupled with Azure best practices, and it follows design principles across the critical design areas for organizations to define their Azure architecture
PowerShell
1,603
star
22

azure-sdk-for-go

This repository is for active development of the Azure SDK for Go. For consumers of the SDK we recommend visiting our public developer docs at:
Go
1,594
star
23

Stormspotter

Azure Red Team tool for graphing Azure and Azure Active Directory objects
Python
1,525
star
24

durabletask

Durable Task Framework allows users to write long running persistent workflows in C# using the async/await capabilities.
C#
1,516
star
25

iotedge

The IoT Edge OSS project
C#
1,421
star
26

aztfexport

A tool to bring existing Azure resources under Terraform's management
Go
1,335
star
27

review-checklists

This repo contains code and examples to operationalize Azure review checklists.
Python
1,187
star
28

azure-sdk-for-node

Azure SDK for Node.js - Documentation
JavaScript
1,187
star
29

azure-functions-core-tools

Command line tools for Azure Functions
C#
1,128
star
30

Azure-Functions

PowerShell
1,108
star
31

acs-engine

WE HAVE MOVED: Please join us at Azure/aks-engine!
Go
1,031
star
32

aks-engine

AKS Engine: legacy tool for Kubernetes on Azure (see status)
Go
1,027
star
33

data-api-builder

Data API builder provides modern REST and GraphQL endpoints to your Azure Databases and on-prem stores.
C#
912
star
34

terraform-azurerm-caf-enterprise-scale

Azure landing zones Terraform module
HCL
856
star
35

coco-framework

The Confidential Consortium Blockchain Framework is an open-source system that enables high-scale, confidential blockchain networks that meet all key enterprise requirements—providing a means to accelerate production enterprise adoption of blockchain technology.
834
star
36

azure-iot-sdks

SDKs for a variety of languages and platforms that help connect devices to Microsoft Azure IoT services
829
star
37

GPT-RAG

Sharing the learning along the way we been gathering to enable Azure OpenAI at enterprise scale in a secure manner. GPT-RAG core is a Retrieval-Augmented Generation pattern running in Azure, using Azure Cognitive Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
Bicep
822
star
38

AzurePublicDataset

Microsoft Azure Traces
Jupyter Notebook
790
star
39

azure-sql-database-samples

Azure SQL Database Samples and Reference Implementation Repository
Python
781
star
40

Azure-Network-Security

Resources for improving Customer Experience with Azure Network Security
Python
768
star
41

caf-terraform-landingzones

This solution, offered by the Open-Source community, will no longer receive contributions from Microsoft. Customers are encouraged to transition to Microsoft Azure Verified Modules for continued support and updates from Microsoft. Please note, this repository is scheduled for decommissioning and will be removed on July 1, 2025.
HCL
763
star
42

azure-search-vector-samples

A repository of code samples for Vector search capabilities in Azure AI Search.
Jupyter Notebook
750
star
43

azure-service-operator

Azure Service Operator allows you to create Azure resources using kubectl
Go
741
star
44

azure-functions-durable-extension

Durable Task Framework extension for Azure Functions
C#
714
star
45

azure-webjobs-sdk

Azure WebJobs SDK
C#
712
star
46

ResourceModules

This repository includes a CI platform for and collection of mature and curated Bicep modules. The platform supports both ARM and Bicep and can be leveraged using GitHub actions as well as Azure DevOps pipelines.
Bicep
710
star
47

ALZ-Bicep

This repository contains the Azure Landing Zones (ALZ) Bicep modules that help deliver and deploy the Azure Landing Zone conceptual architecture in a modular approach. https://aka.ms/alz/docs
Bicep
694
star
48

azure-sdk-for-rust

This repository is for active development of the *unofficial* Azure SDK for Rust. This repository is *not* supported by the Azure SDK team.
Rust
692
star
49

terraform

Source code for the Azure Marketplace Terraform development VM package.
HCL
690
star
50

azure-api-management-devops-resource-kit

Azure API Management DevOps Resource Kit
C#
684
star
51

application-gateway-kubernetes-ingress

This is an ingress controller that can be run on Azure Kubernetes Service (AKS) to allow an Azure Application Gateway to act as the ingress for an AKS cluster.
Go
668
star
52

CCOInsights

Welcome to the Continuous Cloud Optimization Power BI Dashboard GitHub Project. In this repository you will find all the guidance and files needed to deploy the Dashboard in your environment to take benefit of a single pane of glass to get insights about your Azure resources and services.
Mathematica
668
star
53

SimuLand

Understand adversary tradecraft and improve detection strategies
PowerShell
664
star
54

DeepLearningForTimeSeriesForecasting

A tutorial demonstrating how to implement deep learning models for time series forecasting
Jupyter Notebook
655
star
55

azure-xplat-cli

For ARM-based service please go to CLI 2.0.
JavaScript
651
star
56

azure-cosmos-dotnet-v3

.NET SDK for Azure Cosmos DB for the core SQL API
C#
637
star
57

node-sqlserver

C++
625
star
58

azure-devops-cli-extension

Azure DevOps Extension for Azure CLI
Python
621
star
59

azure-storage-fuse

A virtual file system adapter for Azure Blob storage
Go
613
star
60

Community-Policy

This repo is for Microsoft Azure customers and Microsoft teams to collaborate in making custom policies.
Open Policy Agent
612
star
61

azure-resource-manager-schemas

Schemas used to author and validate Resource Manager Templates. These schemas power the intellisense and syntax completion in our ARM Tools VSCode extension, as well as the Export Template API
TypeScript
610
star
62

azure-storage-azcopy

The new Azure Storage data transfer utility - AzCopy v10
Go
607
star
63

counterfit

a CLI that provides a generic automation layer for assessing the security of ML models
Python
599
star
64

azure-iot-sdk-c

A C99 SDK for connecting devices to Microsoft Azure IoT services
C
587
star
65

azure-cosmos-dotnet-v2

Contains samples and utilities relating to the Azure Cosmos DB .NET SDK
577
star
66

azure-service-bus

☁️ Azure Service Bus service issue tracking and samples
571
star
67

aad-pod-identity

[DEPRECATED] Assign Azure Active Directory Identities to Kubernetes applications.
Go
569
star
68

Azure-Sentinel-Notebooks

Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
Jupyter Notebook
541
star
69

draft

A day 0 tool for getting your app on k8s fast
Go
541
star
70

AzureStack-QuickStart-Templates

Quick start ARM templates that deploy on Microsoft Azure Stack
PowerShell
540
star
71

azure-openai-samples

Azure OpenAI Samples is a collection of code samples illustrating how to use Azure Open AI in creating AI solution for various use cases across industries. This repository is mained by a community of volunters. We welcomed your contributions.
Jupyter Notebook
540
star
72

WALinuxAgent

Microsoft Azure Linux Guest Agent
Python
538
star
73

AI-in-a-Box

AI-in-a-Box leverages the expertise of Microsoft across the globe to develop and provide AI and ML solutions to the technical community. Our intent is to present a curated collection of solution accelerators that can help engineers establish their AI/ML environments and solutions rapidly and with minimal friction.
Jupyter Notebook
529
star
74

iot-edge-v1

Azure IoT Edge
C
524
star
75

Industrial-IoT

Azure Industrial IoT Platform
C#
521
star
76

MS-AMP

Microsoft Automatic Mixed Precision Library
Python
516
star
77

Mission-Critical

This repository provides a design methodology and approach to building highly-reliable applications on Microsoft Azure for mission-critical workloads.
510
star
78

static-web-apps-cli

Azure Static Web Apps CLI ✨
TypeScript
509
star
79

mlops-v2

Azure MLOps (v2) solution accelerators. Enterprise ready templates to deploy your machine learning models on the Azure Platform.
Shell
505
star
80

azure-docs-powershell-samples

Azure Powershell code samples, often used in docs.microsoft.com/Azure developer documentation
PowerShell
503
star
81

azqr

Azure Quick Review
Go
503
star
82

bicep-registry-modules

Bicep registry modules
Bicep
501
star
83

azure-storage-node

Microsoft Azure Storage SDK for Node.js
JavaScript
495
star
84

api-management-developer-portal

Developer portal provided by the Azure API Management service.
TypeScript
487
star
85

kubelogin

A Kubernetes credential (exec) plugin implementing azure authentication
Go
486
star
86

Azure-TDSP-ProjectTemplate

TDSP: Data science project template repository with standardized directory structure and document templates to support efficient project execution and collaboration.
R
483
star
87

azure-sdk

This is the Azure SDK parent repository and mostly contains documentation around guidelines and policies as well as the releases for the various languages supported by the Azure SDK.
PowerShell
478
star
88

azure-mobile-services

Mobile Services is deprecated - Use Mobile Apps instead
HTML
472
star
89

azure-devtestlab

Azure DevTestLab artifacts, scripts and samples
PowerShell
458
star
90

azure-iot-sdk-csharp

A C# SDK for connecting devices to Microsoft Azure IoT services
C#
455
star
91

actions-workflow-samples

Help developers to easily get started with GitHub Action workflows to deploy to Azure
Pug
450
star
92

azure-devops-utils

Azure DevOps Utilities
Shell
450
star
93

AzureDatabricksBestPractices

Version 1 of Technical Best Practices of Azure Databricks based on real world Customer and Technical SME inputs
446
star
94

app-service-announcements

Subscribe to this repo to be notified about major changes in App Service
446
star
95

azure-storage-net

Microsoft Azure Storage Libraries for .NET
C#
445
star
96

Azure-DataFactory

C#
444
star
97

arm-ttk

Azure Resource Manager Template Toolkit
PowerShell
442
star
98

RDS-Templates

ARM Templates for Remote Desktop Services deployments
PowerShell
427
star
99

Copilot-For-Security

Microsoft Copilot for Security is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale, while remaining compliant to responsible AI principles
PowerShell
426
star
100

enterprise-azure-policy-as-code

Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline)
PowerShell
423
star