
close
close
Want to know about the security benefits of Microsoft's E5 license?
Learn how to control the properties users can select when provisioning resources in the Azure cloud.
If you are like me and you regularly deploy servers and other resources in the Azure cloud, you’ll know how quickly things can get out of control if you share a subscription with a team. Azure Policy allows you to create rules that ensure resources conform to standards to remain compliant.
Azure Policy is a service that runs hourly and evaluates your resources to make sure they are compliant with your policies. For example, you could create a policy that limits users to creating virtual machines of a certain SKU size, which could help manage costs. Unlike Role-Based Access Control (RBAC), which controls the actions users can undertake in Azure, policies let you determine the properties that users can set when provisioning or updating resources.
Microsoft has created some built-in policies to help you get started but you can also create your own. As I outlined above, one of the built-in policies, Allowed Virtual Machine SKUs, lets you determine which VM sizes (SKUs) users can deploy. Another, Allowed Resource Type, lets you set what resource types can be provisioned. For example, you might allow users to deploy virtual machines but not backup vaults. Policies can be assigned to resource groups, management groups, and subscriptions.
Let’s start with the basics and assign one of the built-in policies to an Azure subscription. If you don’t already have an Azure subscription, you can sign up for a free trial here.
Create a new policy assignment in Azure (Image Credit: Russell Smith)
Create a new policy assignment in Azure (Image Credit: Russell Smith)
Create a new policy assignment in Azure (Image Credit: Russell Smith)
Within a few seconds, your new policy assignment should appear on the Policy – Assignments screen. Don’t forget that the policy assignment can take up to an hour to be applied. In the example above, users can provision VMs with only the Basic_A4 and Standard_A1 SKUs. If you click the menu to the right of the assignment and click View compliance, you can check if there are any resources that don’t comply with the policy assignment.
Now let’s create a custom policy. To create your own policy, you will need to be familiar with JSON. You can however download Azure Policy templates from GitHub. I’m going to show you two methods for creating policies. Using the first, you must write the JSON yourself. In the second, you go to GitHub, choose a sample policy template and import it into the Azure management portal.
Beginners should skip to method 2, it’s much easier if you don’t know your way around writing JSON templates for Azure.
The new policy will be ready in a few seconds to use in a policy assignment.
In this example, I’ll import a sample policy template from GitHub that allows me to restrict the VM images that users can specify when provisioning VMs.
Create a custom policy in Azure (Image Credit: Russell Smith)
Create a custom policy in Azure (Image Credit: Russell Smith)
The new policy will be ready in a few seconds to use in a policy assignment.
More in Cloud Computing
Microsoft’s New Dev Box Developer Workstation Service Launches in Preview
Aug 15, 2022 | Rabia Noureen
Google to Open Three New Cloud Regions in Malaysia, Thailand, and New Zealand
Aug 10, 2022 | Rabia Noureen
Most popular on petri