Azure policies now let you customize non-compliance messages
@20aman Nov 21, 2021Azure policies now let you customize non-compliance messages. This looks like a small feature but helps a lot whenever a resource is not allowed by the policy. Instead of searching for why the policy denied the operation you can look at the non-compliance message and get a more in-depth idea.
That also means that the message should be descriptive enough in the first place. You should strategize and ensure that every policy assignment has a non-compliance message and that these messages are descriptive enough.
Where to provide the non-compliance message
You provide the non-compliance message when creating or editing the policy assignments. There is now a specific tab for the "Non-compliance messages" where you can provide a single text message. This message will give end-users an idea as to why the operation was denied for them.
Where do you see these in action
When your operation is denied by a policy e.g. creation of a resource group, then you can click on the "View error details ->" link at the top and then go to view the error details in the "Raw Error" tab. Here you will see a message property in the JSON that will have your descriptive non-compliance message.
I hope you will be able to proatively leverage this feature and enrich the end-user experience.