Azure Policy

Service that helps organizations implement governance and monitor standards : Azure Policy documentation | Microsoft Learn

Enforce standards → provide supported options that adhere to company standards.
Prevent non-compliance → deny operations that do not adhere to standards.
Report on compliance → audit and report on resources and their adherence to standards.

Configuration

Conditions help to define standards :

→ Look at resource property for a given value; Specified within a policy definition; Handle the resource location; etc.

Effects means that trigger an effect if the condition is met → block the opration (DENY); report if an item is missing (AUDITIFNOTEXIST), etc.

Assignment → Policies must be assigned to a scope : it can include a resource, resource group, subscription or management group.

{
  "properties": {
    "displayName": "Require encryption on Data Lake Store accounts",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "This policy ensures encryption is enabled on all Data Lake Store accounts",
    "metadata": {
      "version": "1.0.0",
      "category": "Data Lake"
    },
    "parameters": {},
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.DataLakeStore/accounts"
          },
          {
            "field": "Microsoft.DataLakeStore/accounts/encryptionState",
            "equals": "Disabled"
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "a7ff3161-0087-490a-9ad9-ad6217f4f43a"
}

Azure cloud Architecture App Innovation

Azure Policy

Analytics