add information to policy structure page regarding usage of requestCo…#128223
add information to policy structure page regarding usage of requestCo…#128223hribeiro-msft wants to merge 1 commit intoMicrosoftDocs:mainfrom
Conversation
…ntext.identity Add information to policy blade regarding one of the caveats of using the function requestContext().identity.
|
@hribeiro-msft : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change. |
|
Learn Build status updates of commit ec2e732: ✅ Validation status: passed
For more details, please refer to the build report. |
There was a problem hiding this comment.
Pull request overview
Adds a documentation warning to the policy rule structure page describing a caveat when using requestContext().identity, specifically its impact on compliance scans/visibility.
Changes:
- Added an
[!WARNING]note aboutrequestContext().identityaffecting scan applicability - Clarified that effects can still be applied even when compliance isn’t shown
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ``` | ||
|
|
||
| > [!WARNING] | ||
| > When using the requestContext().identity function the policy engine will mark the policy as not applicable for scans. Meaning that no compliance will be visible but effects like deny/DeployIfNotExists/Modify will still be applied. |
There was a problem hiding this comment.
This warning is helpful but reads ambiguously and could be misinterpreted. Consider tightening terminology and formatting: wrap the function and effect names in code formatting (e.g., requestContext().identity, Deny, DeployIfNotExists, Modify), clarify what “scans” refers to (e.g., compliance evaluation/scans), and rephrase the second sentence to avoid the fragment starting with “Meaning that…”. Also, “no compliance will be visible” could be clarified as compliance results showing NotApplicable (or similar) rather than implying policy enforcement stops.
| > When using the requestContext().identity function the policy engine will mark the policy as not applicable for scans. Meaning that no compliance will be visible but effects like deny/DeployIfNotExists/Modify will still be applied. | |
| > When you use the `requestContext().identity` function, the policy engine marks the policy as `NotApplicable` for compliance evaluation/scans. As a result, compliance results for that policy show as `NotApplicable`, but enforcement of effects such as `Deny`, `DeployIfNotExists`, and `Modify` still occurs at request time. |
|
Can you review the proposed changes? IMPORTANT: When the changes are ready for publication, adding a #label:"aq-pr-triaged" |
prmerger-automator
bot
added
the
aq-pr-triaged
3 participants
…ntext.identity
Add information to policy blade regarding one of the caveats of using the function requestContext().identity.