David Pazdera
David Pazdera
+1 on this issue. I tried to alter the default "new Azure Virtual Network" flow and manually removed the "default" subnet but such VNet cannot be deployed via the Portal...
**Update** The same issue (with managed VNets) is valid for `Deploy a flow log resource with target network security group` policy as well, this time it is about the inability...
> Thanks for raising awareness of this @pazdedav. > > Do you get any error messages when trying to remediate the policy or enable DDoS on the VNET manually? (share...
I got write access to the environment, so I could reproduce the error and provide more input / info, @jtracey93 . I will update this issue with more details 👍.
Hello @jtracey93 I was able to reproduce the error (about a "deny assignment") when trying to remediate that non-compliant VNet:  It is important to note, we are testing a...
Thanks for your input, Jack. Yes, the VNet is locked, and I believe this is expected behavior. This VNet is managed by Azure Databricks service, so nobody should fiddle with...
Thanks for the guidance @jtracey93. Much appreciated.
Hi @jtracey93: - I can confirm that the `objectID` from the screenshot/error message was the user owning the LZ with standard Contributor role in that subscription (but no permissions on...
Thanks for additional input. I misunderstood you first, but I got it now. You would like the PG to create a new built-in DINE policy that would enable a centralized...
Thank you @jtracey93. I am however still struggling to see, how the "DINE route" alone would work without assigning a custom role with `join` permissions to users. This is how...