Share via

This policy remediation task re-evaluates before remediating. How is it failing to find evaluation results?

Philip Hamlin (Quadrant Technologies LLC) 20 Reputation points Microsoft External Staff
2026-01-20T21:38:50.72+00:00

I've created an Azure policy that remediates any PaaS resources that aren't associated with a Network Security Perimeter, by associating the non-compliant resource with a NSP matching the resource's region (using the NSPs' names for selection). I've created remediation tasks to bring existing resources into compliance, but they fail; each resource's failure message says: "No policy evaluation result was found. The policy assignment's exclusions may have changed or it no longer exists. Please retry the remediation with 'ResourceDiscoveryMode' set to 'ReEvaluateCompliance'."

The remediation task's ResourceDiscoveryMode is already "ReEvaluateCompliance."

What am I doing wrong here?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
0 comments
Answer accepted by question author
  1. Siva shunmugam Nadessin 5,205 Reputation points Microsoft External Staff Moderator
    2026-01-20T23:12:19.4333333+00:00

    Hello Philip Hamlin (Quadrant Technologies LLC),

    Thank you for reaching out to the Microsoft Q&A forum.

    Let's go through a checklist to troubleshoot the situation.

    1. Check the Scope of Policy Assignment

    Policy Scope: Ensure that your policy is assigned to the correct scope (Management Group, Subscription, Resource Group, etc.), and that it's targeting the appropriate resources. If the scope has changed, this might be causing the compliance results not to be found.

    Exclusions: Even if the ResourceDiscoveryMode is set correctly, exclusions in the policy assignment could be impacting which resources are evaluated. Double-check to ensure the exclusions haven’t been altered or mistakenly added.

    2. Ensure Compliance Evaluation Has Been Done

    First Evaluation: Before remediation tasks can work, Azure Policy must have evaluated the resources for compliance. The error message indicates that no compliance result was found, so it could be possible that the compliance evaluation for your resources hasn’t been completed yet.

    You can manually trigger a compliance evaluation or ensure that there’s been a recent one. This can be done by reviewing the Policy Compliance dashboard in the Azure portal.

    Steps:

    • Go to Azure Policy.
    • Navigate to Compliance and check if resources are non-compliant.
    • If necessary, manually trigger a compliance evaluation for your resources.

    3. Review the Remediation Task Configuration

    • ResourceDiscoveryMode: Since the ResourceDiscoveryMode is already set to ReEvaluateCompliance, this tells Azure to re-evaluate the compliance of resources before the remediation task is run. But also ensure that the correct remediation action is being applied to the resources.

    In your scenario, the remediation task should be linking the non-compliant resources with the correct Network Security Perimeter (NSP) based on the region of the resource.

    Verify that the NSP selection criteria (using NSP names based on the region) are correctly mapped and that they are accessible for all the non-compliant resources.

    4. Check for Dynamic or Recently Created Resources

    • If the resources in question are dynamic (e.g., newly created after the policy was assigned), ensure that they have been included in the policy evaluation and are not excluded due to a timing issue.
    • Resource Discovery: When resources are dynamically created, they may not be discovered immediately by the policy evaluation process. Consider verifying whether those resources are included in the current evaluation window.

    5. Investigate the Remediation Task Logs

    • Review Remediation Logs: You can dive deeper into the Remediation Task Logs in the Azure portal to see if any more specific error messages are provided. This may help identify whether the problem is related to resource discovery, policy assignment, or NSP selection.

    6. Check If the Policy Is Still Assigned and Active

    • Ensure that the policy is active and hasn’t been deleted or disabled after the remediation task was created. A disabled or deleted policy could result in compliance evaluations failing or being incomplete.

    You can check the Azure Policy overview to confirm that the policy assignment is active and that it has the correct parameters and settings.

    7. Try Manual Remediation (if possible)

    • Sometimes, running manual remediation tasks or reapplying a policy might help clear issues with existing remediation tasks. You can try manually associating the resources with the correct NSP as a temporary workaround and then retry the remediation task.

    8. Check the Policy Remediation Mode

    • Mode of the Remediation: The policy remediation itself could be running in a mode that doesn’t align with the desired task. You can confirm if the policy's remediation mode is set to Automatic (which applies changes automatically) or if it requires manual approval. If it's the latter, you may need to manually approve the remediation task.

    Moreover It's failing because the NSPs is supposed to be associate with resources with don't exist yet.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.