Azure Resource Policies Management in the Azure Portal

A while back I blogged about Azure Policies. Policies can be used as part of Azure Governance to audit and enforce compliance. For instance, it lets you enforce the use of specific regions, or enforces you to tag your resources. I covered the details already in my previous blog post and will not go into the details again. Meanwhile things have changed and there is a graphical implementation available that can be used to manage policies in the Azure portal.

Policy Definitions

The main procedure is still the same: you need to have a policy definition and assign it to a subscription or resource group to become active. A set of policy definitions are delivered that can be used – this gives you a good kick start into this topic.

image

If you take a look at the JSON definition of the policy definitions, you will see how they are constructed. Lots of the definitions use parameters. That means, that when the definition is assigned, you need to pass parameter values. This way, the same policy definitions can easily be reused for different subscriptions and resource groups only by providing different parameter values during assignment time.

image

Assignments

Assigning a policy definition is pretty much straightforward. After giving the assignment a name, one needs to select the assignment scope. This can be a subscription or a specific resource group. After selection, specific resources could be excluded from the assignment. The pricing tier is an important thing: Using the free tier allows you to manage definitions and assignments. The Standard tier however also allows you to check compliance of your environment. At the time of writing, the pricing details were not yet disclosed.

In this example the allowed locations are passed to the definition as parameters. This is why I need to select the locations I want to allow. In this example I selected two regions in Canada. Once the assignment is completed, it is visible in the portal and will be active.

image

image

Initiative Definitions

As an alternative to policy definitions, initiative definitions can be used. Initiative definitions are groups of policies that you can manage as a single entity which makes assignment easier. Actually, you should always use initiatives, even if you only assign a single policy – this way you stay flexible for future requirements changes.

image

Compliance Monitoring

After assigning policies or initiatives, the compliance gets evaluated. In this example, all my resources are non-compliant because they have been deployed to another region than the Canadas. This is immediately visible and allows me to take action if needed.

clip_image002

image

Happy Azure policy management!
Cheers, Marcel

This entry was posted in Azure and tagged , , , , , , . Bookmark the permalink.

One Response to Azure Resource Policies Management in the Azure Portal

  1. Pingback: Azure Blueprints – Overview | marcelzehner.ch

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s