
Azure Policy: reading Activity Logs to diagnose a Deny
When an Azure Policy blocks a deployment, the error message in Terraform or in the portal often shows the responsible assignment but not always the full detail of the violated rule. Azure Activity Logs keep a complete trace of every denial. Where to look in the portal Activity Logs are accessible from several places: at the subscription level, resource group level, or directly from a resource. To diagnose a Policy Deny, go to Activity Log. ...
