Azure Policy is a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules over your resources, so those resources stay compliant with your corporate standards and service level agreements.
Azure Policy does this by running evaluations of your resources and scanning for those not compliant with the policies you have created.
The main advantages of Azure policy are in the areas of enforcement and compliance, scaling, and remediation.
● Enforcement and compliance. Turn on built-in policies or build custom ones for all resource types. Real-time policy evaluation and enforcement. Periodic and on-demand compliance evaluation.
● Apply policies at scale. Apply policies to a Management Group with control across your entire organization. Apply multiple policies and aggregate policy states with policy initiatives. Define an exclusion scope.
● Remediation. Real-time remediation, and remediation on existing resources
Elements of a Policy Definition:
You use JSON to create a policy definition. The policy definition contains elements for:
- Display name
- Policy rule
- Logical evaluation
I realize that some of you prefer a visual explanation over a textual description, so I actually created a screen share video that goes over exactly how to create a parameterized policy.
Let’s learn more about policy definition elements & create a parameterized policy enforcing:
- Selective locations
- Selective VM SKU (Size)
- Selective resource type
So without further adieu here is my video explanation:
Azure policy reduces the time needed to audit your environments by having all your compliance data in a single place. It set guardrails throughout your resources to help ensure cloud compliance, avoid misconfigurations, and practice consistent resource governance.