Azure Policy

by

Rupesh Kumar

@rupeshwitter

https://rupesh.blog

https://github.com/rupeshtech

What is Azure Policy

  • Azure service
  • Define rules and Policies for your organization
  • Enforce policies
  • Get compliance report

It helps in

  • To audit resources
  • To enforce rules
  • To stay complaint
  • To save cost

54 Regions and 140 Countries

Azure Services

Sample Policy 

{
  "properties": {
    "displayName": "xxxxxxxxxxxxxxxxx",
    "policyType": "Custom",
    "mode": "All",
    "description": "xxxxxxxxxxxxxxx",
    "metadata": {
      "category": "xxxxxxxxxxxxx",
      "createdBy": "xxxxxxxxxxx",
      "createdOn": "xxxxxxxxxxxxxxxxxxxxxxxxxx",
      "updatedBy": null,
      "updatedOn": null
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Storage/storageAccounts"
          },
          {
            "not": {
              "field": "Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly",
              "equals": "true"
            }
          }
        ]
      },
      "then": {
        "effect": "audit"
      }
    }
  }
}

Effects

AuditIfNotExists

AuditIfNotExists enables auditing on resources doesn't have components specified in the condition.

Deny

Deny is used to prevent a resource request that doesn't match defined standards through a policy definition and fails the request.

**During evaluation of existing resources, resources that match a deny policy definition are marked as non-compliant.

DeployIfNotExists

Deploys the resource (thru ARM template) if there are no related resources

Demo

Thank you