Policy requiring NSG for NIC blocks deployment of vm on Azure

Using latest version of azurerm.
Existing policy denies deployment of NIC without NSG. Policy is requirement from Corporation.

This policy will block deployment of vm as Terraform does this by creating the NIC and NSG as 2 independent resources and then creates the association between the NIC and NSG.
Policy will trigger when NIC is deployed, and denying this.

Is there any way around this?