Applies to Product -Dynamics 365 Customer Insights - Data
What’s happening?
While running the CreateIdentityEnterprisePolicy.ps1 script to set up Enterprise Policy for Azure Synapse Link for Dataverse, the following error was encountered:
Error: Code=InvalidTemplateDeployment; Message=The template deployment failed because of policy violation.
Resource was disallowed by policy. Policy identifiers: { "id": "/providers/Microsoft.Authorization/policyAssignments/xxxxxxxxx" },
"policyDefinition": { "name": "Allowed locations" }
Reason:
This error occurs because the user’s Azure tenant has a policy assignment restricting allowed locations (via an Azure Policy definition named "Allowed locations"). The script attempts to deploy resources in a location not permitted by that policy.
Resolution:
1. Review Azure Policy Assignments:
- Identify the "Allowed locations" policy assignment associated with your subscription or resource group.
- Determine the list of locations currently allowed under that policy.
Compare the allowed locations with the list of regions supported for Azure Synapse Link for Dataverse with enterprise policy, available here: Supported Locations for Enterprise Policy
If there is a common location between what's allowed and what's supported:
- Re-run the CreateIdentityEnterprisePolicy.ps1 script with that location.
3. Request an Exemption (if needed)
Work with your organization’s Cloud Governance or Policy Admin team to:
- Evaluate whether an exemption can be safely granted for this deployment scenario.
- Reference the official Azure documentation on exemptions: Azure Policy Exemption Structure
