Applies to Product - Microsoft Dataverse
What’s happening?
When attempting to create an Enterprise Policy to use Managed Identities with Azure Synapse Link for Dataverse, users may encounter the following error:
Error Code: RequestDisallowedByPolicy
Message: Resource 'TestPolicy' was disallowed by policy. Reasons: 'Allowed locations are UAE North and UAE Central only'.
Reason:
This occurs due to an Azure Policy assignment that restricts resource creation to specific regions (e.g., UAE North, UAE Central). The policy definition enforcing “Allowed locations” is preventing the creation of the Enterprise Policy resource in any region outside the ones explicitly allowed.
Resolution:
Important Warning:
The mitigation described below involve sensitive changes to security and governance policies. You must adhere to your organization’s security and governance best practices before making any changes to Azure Policy assignments. This includes:
- Engaging your Azure Administrator or Cloud Governance team.
- Ensuring changes are approved via change management processes.
- Applying least privilege principles and policy exemptions only when strictly necessary.
- Fully documenting all actions and ensuring traceability for audits.
Mitigation:
Modify Allowed Locations in the Policy Assignment
- Navigate to Azure Policy in the Azure Portal.
- Locate the policy assignment causing the restriction (referenced in the error message).
- Edit the policy parameters and update the “Allowed Locations” to include a region supported for Enterprise Policy. Supported regions include: Full list of supported locations
- Save the updated assignment.
- Retry the Create Enterprise Policy operation.
Additional Resources
Azure Policy Overview
Azure Policy: Create and Manage Assignments
Azure Synapse Link for Dataverse (MSI Support)
