Hi,
We have a case with restore VMs from VBR into a customer Azure subscription. The customer has a subscription-wide strict Azure Policy that requires mandatory tags on every resource with a deny effect, so any untagged resource gets rejected.
In the restore wizard, Add VM tags only tags the VM itself. The managed disks (and NIC, NSG, etc.) are created without tags, so Azure Policy blocks the disk creation and the whole restore fails. You can see the denial clearly in the Azure Activity Log.
Right now the only workaround is to relax the policy or add a temporary policy exemption for the target scope, which customers with strict governance don't want to do.
It would be great if the same step that offers Add VM tags could also apply tags to the other resources created during restore, at least the managed disks, ideally all of them (NIC, NSG, etc). A simple "apply these tags to all created resources" checkbox would cover most cases but advanced tag options per resource would be nice.
Mandatory tagging with deny is very common in enterprise Azure tenants, so this would let Direct Restore to Azure work without weakening the customer's policy.
Thanks.
If needed, Case # 08133083
-
alen88
- Influencer
- Posts: 16
- Liked: 3 times
- Joined: Jul 03, 2025 7:15 am
- Full Name: Alen
- Contact:
Who is online
Users browsing this forum: EviLin, Google [Bot], IvanK, Mildur, Semrush [Bot] and 857 guests