Microsoft learn Labs - Template deployment failed because of policy violation.
How to diagnose and fix the Azure error "The template deployment failed because of policy violation. Please see details for more information"
If you're studying for Microsoft Certifications it's likely that you need to activate a sandbox to do a lab. If you don't use the sandbox you cannot proceed past that page at the "knowledge check" stage. Therefore if anything goes wrong you're stuck!
The following will also help anyone else who isn't doing labs to diagnose policy issues in Azure.
My error message is
Strangly, clicking the message or arrow which both act like links don't do anything!
How to find the policy violation message
Find the resource group that has the policy violation. For my lab, the resource group was already created by the sandbox.
Then click "Activity Logs". In this screenshot you can see some errors and then some successes once I had fixed the issue.
Open up the most recent or most relevant error and then click the JSON tab. Scroll down the JSON and find the errors. In my case it manifested itself as a BadRequest. It doesn't matter if you don't know JSON, just read it. We are looking for the ID of the policyDefinitions so we can go and find it.
In the screenshot above you'll see the policyDefinitions ID (which is a GUID) near the bottom of the message. Copy the GUID so we can use it for a Policy Search.
In the Azure Portal, type "Policy" into the search box and open Policy.
Open the Policy Definitions.
When all the definitions are showing, paste and search for your policy ID and the lkist should filter to show only the policy you're interested in.
Click to open the offending policy. The definition will again be JSON. You should be able to read it. Below is my offending policy (yours will be different). It basically says "if the type is not in F1 or D1 or if not in Free or Shared (and some other stuff that is not relevant) then Deny", see if you can read it:
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Web/serverFarms"
},
{
"anyOf": [
{
"not": {
"field": "Microsoft.Web/serverfarms/sku.name",
"in": [
"F1",
"D1"
]
}
},
{
"not": {
"field": "Microsoft.Web/serverFarms/sku.tier",
"in": [
"Free",
"Shared"
]
}
},
{
"field": "Microsoft.Web/serverFarms/sku.skuCapacity.maximum",
"greater": 2
},
{
"field": "Microsoft.Web/serverFarms/sku.skuCapacity.default",
"greater": 2
},
{
"field": "Microsoft.Web/serverFarms/sku.skuCapacity.minimum",
"greater": 2
},
{
"field": "Microsoft.Web/serverFarms/maximumNumberOfWorkers",
"greater": 2
},
{
"field": "Microsoft.Web/serverfarms/sku.capacity",
"greater": 2
},
{
"field": "Microsoft.Web/serverFarms/maximumElasticWorkerCount",
"greater": 2
}
]
}
]
},
"then": {
"effect": "Deny"
}
}So, in my case the tutorial does not cater for the "Consumption Plan".
How to fix (my issue)
I needed to change FROM consumption plan to a App Service Plan with a free server.
I had to create a new App Service Plan Be careful, by default it will give you a server that will cost you money! Click "Chnage size" under the server (SKU Size)
In the spec picker screen I had to click the Dev/Test tab and then choose F1 size which has free minutes. (Note: Remember in my policy JSON it secifically said "deny when NOT F1 or D1" - go and have another read of the JSON above)
Once I had done this it then allowed me to continue to create my Function and continue the lab for Microsoft learn.