From 092346111c7057cc82d85d7a8f2f16e34002330e Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Thu, 21 May 2026 18:53:45 +1000 Subject: [PATCH 1/3] Add policy exemptions for various Azure services in the sandbox environment --- .../dev/pex-d-sbx-sub-cog-002.json | 22 +++++++++++++++++++ .../dev/pex-d-sbx-sub-cosmos-003.json | 22 +++++++++++++++++++ .../dev/pex-d-sbx-sub-kv-004.json | 22 +++++++++++++++++++ .../dev/pex-d-sbx-sub-srch-003.json | 22 +++++++++++++++++++ .../dev/pex-d-sbx-sub-stg-009.json | 22 +++++++++++++++++++ 5 files changed, 110 insertions(+) create mode 100644 policyExemptions/dev/pex-d-sbx-sub-cog-002.json create mode 100644 policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json create mode 100644 policyExemptions/dev/pex-d-sbx-sub-kv-004.json create mode 100644 policyExemptions/dev/pex-d-sbx-sub-srch-003.json create mode 100644 policyExemptions/dev/pex-d-sbx-sub-stg-009.json diff --git a/policyExemptions/dev/pex-d-sbx-sub-cog-002.json b/policyExemptions/dev/pex-d-sbx-sub-cog-002.json new file mode 100644 index 0000000..dffbe3a --- /dev/null +++ b/policyExemptions/dev/pex-d-sbx-sub-cog-002.json @@ -0,0 +1,22 @@ +{ + "$schema": "../policyExemption.schema.json", + "policyExemption": { + "name": "pex-d-sbx-sub-cog-002", + "displayName": "Exempt Sandbox Subscription from Cognitive Service Public Network Access Restriction", + "description": "This is a test exemption for the sub-d-sandbox-01 subscription.", + "metadata": { + "requestedBy": "Eric Cartman", + "approvedBy": "Bart Simpson", + "approvedOn": "2026-05-21", + "ticketRef": "INC234567" + }, + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/CONTOSO-dev/providers/microsoft.authorization/policyassignments/pa-d-cog-service", + "exemptionCategory": "Waiver", + "assignmentScopeValidation": "Default", + "policyDefinitionReferenceIds": [ + "COG-002" + ], + "expiresOn": "2026-12-31T23:59:59Z" + }, + "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" +} diff --git a/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json b/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json new file mode 100644 index 0000000..616247c --- /dev/null +++ b/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json @@ -0,0 +1,22 @@ +{ + "$schema": "../policyExemption.schema.json", + "policyExemption": { + "name": "pex-d-sbx-sub-cosmos-003", + "displayName": "Exempt Sandbox Subscription from Cosmos DB Public Network Access Restriction", + "description": "This is a test exemption for the sub-d-sandbox-01 subscription.", + "metadata": { + "requestedBy": "Eric Cartman", + "approvedBy": "Bart Simpson", + "approvedOn": "2026-05-21", + "ticketRef": "INC234567" + }, + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/CONTOSO-dev/providers/microsoft.authorization/policyassignments/pa-d-cosmos", + "exemptionCategory": "Waiver", + "assignmentScopeValidation": "Default", + "policyDefinitionReferenceIds": [ + "COSMOS-003" + ], + "expiresOn": "2026-12-31T23:59:59Z" + }, + "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" +} diff --git a/policyExemptions/dev/pex-d-sbx-sub-kv-004.json b/policyExemptions/dev/pex-d-sbx-sub-kv-004.json new file mode 100644 index 0000000..58653b4 --- /dev/null +++ b/policyExemptions/dev/pex-d-sbx-sub-kv-004.json @@ -0,0 +1,22 @@ +{ + "$schema": "../policyExemption.schema.json", + "policyExemption": { + "name": "pex-d-sbx-sub-kv-004", + "displayName": "Exempt Sandbox Subscription from Key Vault Public Network Access Restriction", + "description": "This is a test exemption for the sub-d-sandbox-01 subscription.", + "metadata": { + "requestedBy": "Eric Cartman", + "approvedBy": "Bart Simpson", + "approvedOn": "2026-05-21", + "ticketRef": "INC234567" + }, + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/CONTOSO-dev/providers/microsoft.authorization/policyassignments/pa-d-key-vault", + "exemptionCategory": "Waiver", + "assignmentScopeValidation": "Default", + "policyDefinitionReferenceIds": [ + "KV-004" + ], + "expiresOn": "2026-12-31T23:59:59Z" + }, + "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" +} diff --git a/policyExemptions/dev/pex-d-sbx-sub-srch-003.json b/policyExemptions/dev/pex-d-sbx-sub-srch-003.json new file mode 100644 index 0000000..b666e5d --- /dev/null +++ b/policyExemptions/dev/pex-d-sbx-sub-srch-003.json @@ -0,0 +1,22 @@ +{ + "$schema": "../policyExemption.schema.json", + "policyExemption": { + "name": "pex-d-sbx-sub-srch-003", + "displayName": "Exempt Sandbox Subscription from Search Service Public Network Access Restriction", + "description": "This is a test exemption for the sub-d-sandbox-01 subscription.", + "metadata": { + "requestedBy": "Eric Cartman", + "approvedBy": "Bart Simpson", + "approvedOn": "2026-05-21", + "ticketRef": "INC234567" + }, + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/CONTOSO-dev/providers/microsoft.authorization/policyassignments/pa-d-search", + "exemptionCategory": "Waiver", + "assignmentScopeValidation": "Default", + "policyDefinitionReferenceIds": [ + "SRCH-003" + ], + "expiresOn": "2026-12-31T23:59:59Z" + }, + "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" +} diff --git a/policyExemptions/dev/pex-d-sbx-sub-stg-009.json b/policyExemptions/dev/pex-d-sbx-sub-stg-009.json new file mode 100644 index 0000000..cb7593d --- /dev/null +++ b/policyExemptions/dev/pex-d-sbx-sub-stg-009.json @@ -0,0 +1,22 @@ +{ + "$schema": "../policyExemption.schema.json", + "policyExemption": { + "name": "pex-d-sbx-sub-stg-009", + "displayName": "Exempt Sandbox Subscription from Storage Account Public Network Access Restriction", + "description": "This is a test exemption for the sub-d-sandbox-01 subscription.", + "metadata": { + "requestedBy": "Eric Cartman", + "approvedBy": "Bart Simpson", + "approvedOn": "2026-05-21", + "ticketRef": "INC234567" + }, + "policyAssignmentId": "/providers/Microsoft.Management/managementGroups/CONTOSO-dev/providers/microsoft.authorization/policyassignments/pa-d-storage", + "exemptionCategory": "Waiver", + "assignmentScopeValidation": "Default", + "policyDefinitionReferenceIds": [ + "STG-009" + ], + "expiresOn": "2026-12-31T23:59:59Z" + }, + "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" +} From 1ccc776b46ed1662252fb6a40d9466a580516e66 Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Thu, 21 May 2026 19:15:44 +1000 Subject: [PATCH 2/3] Update subscription IDs for sandbox policy exemptions --- policyExemptions/dev/pex-d-sbx-sub-cog-002.json | 2 +- policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json | 2 +- policyExemptions/dev/pex-d-sbx-sub-kv-004.json | 2 +- policyExemptions/dev/pex-d-sbx-sub-srch-003.json | 2 +- policyExemptions/dev/pex-d-sbx-sub-stg-009.json | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/policyExemptions/dev/pex-d-sbx-sub-cog-002.json b/policyExemptions/dev/pex-d-sbx-sub-cog-002.json index dffbe3a..af26bfd 100644 --- a/policyExemptions/dev/pex-d-sbx-sub-cog-002.json +++ b/policyExemptions/dev/pex-d-sbx-sub-cog-002.json @@ -18,5 +18,5 @@ ], "expiresOn": "2026-12-31T23:59:59Z" }, - "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" + "subscriptionId": "f53092aa-5a95-4a18-9e86-ea77b69b9821" } diff --git a/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json b/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json index 616247c..3103683 100644 --- a/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json +++ b/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json @@ -18,5 +18,5 @@ ], "expiresOn": "2026-12-31T23:59:59Z" }, - "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" + "subscriptionId": "f53092aa-5a95-4a18-9e86-ea77b69b9821" } diff --git a/policyExemptions/dev/pex-d-sbx-sub-kv-004.json b/policyExemptions/dev/pex-d-sbx-sub-kv-004.json index 58653b4..d3ac493 100644 --- a/policyExemptions/dev/pex-d-sbx-sub-kv-004.json +++ b/policyExemptions/dev/pex-d-sbx-sub-kv-004.json @@ -18,5 +18,5 @@ ], "expiresOn": "2026-12-31T23:59:59Z" }, - "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" + "subscriptionId": "f53092aa-5a95-4a18-9e86-ea77b69b9821" } diff --git a/policyExemptions/dev/pex-d-sbx-sub-srch-003.json b/policyExemptions/dev/pex-d-sbx-sub-srch-003.json index b666e5d..3b01863 100644 --- a/policyExemptions/dev/pex-d-sbx-sub-srch-003.json +++ b/policyExemptions/dev/pex-d-sbx-sub-srch-003.json @@ -18,5 +18,5 @@ ], "expiresOn": "2026-12-31T23:59:59Z" }, - "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" + "subscriptionId": "f53092aa-5a95-4a18-9e86-ea77b69b9821" } diff --git a/policyExemptions/dev/pex-d-sbx-sub-stg-009.json b/policyExemptions/dev/pex-d-sbx-sub-stg-009.json index cb7593d..55be524 100644 --- a/policyExemptions/dev/pex-d-sbx-sub-stg-009.json +++ b/policyExemptions/dev/pex-d-sbx-sub-stg-009.json @@ -18,5 +18,5 @@ ], "expiresOn": "2026-12-31T23:59:59Z" }, - "subscriptionId": "dc2d72b7-a48d-45e8-91cc-81193ecc659b" + "subscriptionId": "f53092aa-5a95-4a18-9e86-ea77b69b9821" } From 1d7b1663b7a440d605028ffbaed45e79f32d29ec Mon Sep 17 00:00:00 2001 From: Tao Yang Date: Thu, 21 May 2026 19:42:55 +1000 Subject: [PATCH 3/3] Add COSMOS-002 to policy definition reference IDs for sandbox exemption --- policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json | 1 + 1 file changed, 1 insertion(+) diff --git a/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json b/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json index 3103683..2b87c0e 100644 --- a/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json +++ b/policyExemptions/dev/pex-d-sbx-sub-cosmos-003.json @@ -14,6 +14,7 @@ "exemptionCategory": "Waiver", "assignmentScopeValidation": "Default", "policyDefinitionReferenceIds": [ + "COSMOS-002", "COSMOS-003" ], "expiresOn": "2026-12-31T23:59:59Z"