Part 08

Azure Policy

Azure Policy is a governance tool in Microsoft Azure that helps organizations enforce compliance with organizational standards and regulatory requirements across their resources. It ensures resources within Azure environments adhere to defined rules and controls.

Key Features of Azure Policy:

  • Policy Definition: Create or use built-in rules to govern Azure resources.
  • Initiative Definition: Group multiple policies into a single initiative for broader compliance enforcement.
  • Compliance Assessment: Monitor and assess resource compliance in real-time.
  • Policy Assignments: Apply policies at different scopes, including subscription, resource group, or individual resources.
  • Deny or Audit Non-Compliance: Block resource creation or generate alerts for non-compliant resources.
  • Remediation Tasks: Automatically fix non-compliant resources where possible.

Common Use Cases:

  • Enforcing resource tagging for better cost management.
  • Restricting virtual machine (VM) sizes to specific SKUs.
  • Enabling security controls, such as encryption and firewalls, by default.
  • Restricting resource locations to specific Azure regions.
  • Ensuring resources use managed disks instead of unmanaged disks.

Components of Azure Policy:

  1. Definition: A policy rule, written in JSON, describing conditions to enforce.
  2. Assignment: Applying the policy definition to a specific scope.
  3. Parameters: Allow flexibility in policy definitions for reuse.
  4. Effects: The action Azure Policy takes, such as:
    • Deny: Prevent non-compliant resource creation or modification.
    • Audit: Log non-compliant resources for visibility.
    • AuditIfNotExists: Audit resources missing specific conditions.
    • DeployIfNotExists: Deploy required configurations automatically.

Examples:

  • Enforce all resources to have a tag like Environment=Production.
  • Restrict deployment to certain Azure regions.
  • Ensure storage accounts have secure transfer enabled.

Benefits:

  • Simplifies governance at scale.
  • Ensures compliance with organizational or regulatory requirements.
  • Enhances security and resource consistency.

Getting Started:

  1. Navigate to Azure Policy in the Azure portal.
  2. Select or create a Policy Definition.
  3. Assign the policy to a specific scope (e.g., subscription or resource group).
  4. Monitor compliance and take remediation actions as needed.