
close
close
Learn how to control the properties users can select when provisioning resources in the Azure cloud.
advertisment
If you are like me and you regularly deploy servers and other resources in the Azure cloud, you’ll know how quickly things can get out of control if you share a subscription with a team. Azure Policy allows you to create rules that ensure resources conform to standards to remain compliant.
Azure Policy is a service that runs hourly and evaluates your resources to make sure they are compliant with your policies. For example, you could create a policy that limits users to creating virtual machines of a certain SKU size, which could help manage costs. Unlike Role-Based Access Control (RBAC), which controls the actions users can undertake in Azure, policies let you determine the properties that users can set when provisioning or updating resources.
Microsoft has created some built-in policies to help you get started but you can also create your own. As I outlined above, one of the built-in policies, Allowed Virtual Machine SKUs, lets you determine which VM sizes (SKUs) users can deploy. Another, Allowed Resource Type, lets you set what resource types can be provisioned. For example, you might allow users to deploy virtual machines but not backup vaults. Policies can be assigned to resource groups, management groups, and subscriptions.
Let’s start with the basics and assign one of the built-in policies to an Azure subscription. If you don’t already have an Azure subscription, you can sign up for a free trial here.
advertisment
Create a new policy assignment in Azure (Image Credit: Russell Smith)
Create a new policy assignment in Azure (Image Credit: Russell Smith)
Create a new policy assignment in Azure (Image Credit: Russell Smith)
Within a few seconds, your new policy assignment should appear on the Policy – Assignments screen. Don’t forget that the policy assignment can take up to an hour to be applied. In the example above, users can provision VMs with only the Basic_A4 and Standard_A1 SKUs. If you click the menu to the right of the assignment and click View compliance, you can check if there are any resources that don’t comply with the policy assignment.
Now let’s create a custom policy. To create your own policy, you will need to be familiar with JSON. You can however download Azure Policy templates from GitHub. I’m going to show you two methods for creating policies. Using the first, you must write the JSON yourself. In the second, you go to GitHub, choose a sample policy template and import it into the Azure management portal.
Beginners should skip to method 2, it’s much easier if you don’t know your way around writing JSON templates for Azure.
The new policy will be ready in a few seconds to use in a policy assignment.
advertisment
In this example, I’ll import a sample policy template from GitHub that allows me to restrict the VM images that users can specify when provisioning VMs.
Create a custom policy in Azure (Image Credit: Russell Smith)
Create a custom policy in Azure (Image Credit: Russell Smith)
The new policy will be ready in a few seconds to use in a policy assignment.
More from Russell Smith
advertisment
Petri Newsletters
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.
advertisment
More in Cloud Computing
Build 2022: Microsoft Introduces New Dev Box Cloud PC Service for Developers
May 24, 2022 | Rabia Noureen
Use Azure ExpressRoute Private Peering & Azure Virtual WAN to Connect Privately to Microsoft 365
Apr 21, 2022 | Flo Fox
Microsoft to Make Changes to Cloud Licensing Restrictions after Customer Complaints
Apr 18, 2022 | Rabia Noureen
Most popular on petri
Log in to save content to your profile.
Article saved!
Access saved content from your profile page. View Saved
Join The Conversation
Create a free account today to participate in forum conversations, comment on posts and more.
Copyright ©2019 BWW Media Group