In this post, we’ll talk about how you can quickly implement governance controls in your Azure environment using Azure Policy.
What is Azure Policy?
Azure Policy helps you enforce your organization’s compliance requirements over your Azure resources. This could help with things like:
- restricting access to specific resources for security
- reducing costs by limiting virtual machine creation
- keeping data in a specific region of the world
Your keys to a better career
Get started with ACG today to transform your career with courses and real hands-on labs in AWS, Microsoft Azure, Google Cloud, and beyond.
Using Azure Policy built-in policies
To quickly apply policies in Azure, you’ll want to first start with the built-in policies already provided by Microsoft.
There’s no need to reinvent the wheel here. Most of the policies you’ll need to get you started are already available. You can quickly deny, log, alter, or deploy resources. This will happen as soon as a resource is created, updated, deleted, or during the normal evaluation cycle of Azure Policy, which is every 24 hours.
First, navigate over to Azure Policy by typing in “policy” at the top navigation menu in Azure. Azure Policy will automatically populate in the search menu, and you can click “Policy” from there.
Next, you will click “Assignments” on the left navigation menu just under “Authoring.” This should seemingly be intuitive as you are trying to “assign” a “policy” so technically that makes you an “author” as you have the ability to create or author policies.
From here you’ll see at the top “Assign policy” or “Assign initiative.”
Side note: Initiatives are just like policies except they help you manage a collection of policies a bit easier that have the same goal. For example, if you have a dozen policies that all govern virtual machine compliance, you could create a VM initiative and add, subtract, and manage the initiative policies rather than apply one policy at a time.
We’ll click “Assign policy” for our purposes.
You’ll see a few tabs and drop-downs you will need to fill in. We want to only focus on the Policy definition “dropdown box” — and by “dropdown box” I mean the ellipsis or meatball menu box to the right of the text box. Clicking here will bring up the “Available Definitions” blade where you will see all the wonderful built-in policies.
To find the policy you want to start with, you can filter through the policy in the search menu next to “Type.”
If you begin by typing the resource you want to govern (e.g., virtual machines) you’ll begin to see all the policies related to that resource that are available. Once you have the policy you want, click “Select” and you will be back at your Basics tab.
At the Basics tab, you can change the scope of your policy as it will default to your subscription. You have the option to change it to a higher scope such as a management group, or a lower scope such as a resource group. You can leave it at the default selection for now.
Go ahead and give your policy a different name if you like or leave it as it is.
Finally, write a cool definition, and voila! You’ve quickly applied your first policy in Azure. That is of course once you click “Review + create” and then “Create.”
Learn more about governance and compliance on Azure
If you found this article helpful, check out my course, Introduction to Governance and Compliance on Azure.
This introductory course is designed to give you an overview of Microsoft best practices and approaches needed to effectively use Azure native tools and frameworks for compliance and governance in your cloud environment. It covers the five native tools within Azure to implement governance on Azure and touches on some common governance pitfalls.
Start a free trial or check out this month’s free cloud training. You can also subscribe to A Cloud Guru on YouTube for weekly cloud news, like us on Facebook, follow us on Twitter, and join the conversation on Discord.