![Conditions
“equals”: “value”
“like”: “value”
“match”: “value”
“contains”: “value”
“in”: [“val1”, “val2”]
“containsKey”: “keyName”
“exists”: “bool”
+ “not*” variants
Accessors
“field”: “fieldname”
“source”: “action”
Fields
name
kind
type
location
fullName
tags
tags.*
aliases](https://image.slidesharecdn.com/thr2030-180508191559/85/Govern-your-Azure-environment-through-Azure-Policy-13-320.jpg)
!["properties": {
"displayName": "Allowed VM Skus",
"description": "This policy enables you to specify a set of virtual machine SKUs that your
organization can deploy.“
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines“
},
{
"not": {
"field":"Microsoft.Compute/virtualMachines/sku.name",
"in": ["Basic_A0”,”Basic_A1”,”Basic_A2”,”Basic_A3”,”Basic_A4”]
}
}
]
},
"then": {
"effect": "Deny“
}
}](https://image.slidesharecdn.com/thr2030-180508191559/85/Govern-your-Azure-environment-through-Azure-Policy-16-320.jpg)
!["properties": {
"displayName": "Allowed VM Skus",
"description": "This policy enables you to specify a set of virtual machine SKUs that your
organization can deploy.",
"parameters": {
"listOfAllowedSKUs": {"type": "array"}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines“
},
{
"not": {
"field":"Microsoft.Compute/virtualMachines/sku.name",
"in": "[parameters('listOfAllowedSKUs’)]”
}
}
]
},
"then": {
"effect": "Deny“
}
}](https://image.slidesharecdn.com/thr2030-180508191559/85/Govern-your-Azure-environment-through-Azure-Policy-17-320.jpg)
Govern your Azure environment through Azure Policy
- 4. Block Dev/Ops from directly accessing the cloud (portal/api/cli) to attain control Developers Operations Cloud Custodian / Engineers responsible for Cloud environment
- 5. Removing barriers to compliance and enabling velocity Developers Built-in controls through policy instead of workflow Operations Cloud Custodian Team
- 6. Remediation Enforcement & Compliance Apply policies at scale Turn on built-in policies or build custom ones for all resource types Real-time policy evaluation and enforcement Periodic & on-demand compliance evaluation Apply policies to a Management Group with control across your entire organization Apply multiple policies and & aggregate policy states with policy initiative Real time remediation Remediation on existing resources (Coming Soon) Exclusion Scope
- 9. User Code ARM–CentralizedControlPlane AzurePolicy Resource Config Requests Declarative Always On: On Change On Periodic Cadence On Demand (coming soon)
- 13. Conditions “equals”: “value” “like”: “value” “match”: “value” “contains”: “value” “in”: [“val1”, “val2”] “containsKey”: “keyName” “exists”: “bool” + “not*” variants Accessors “field”: “fieldname” “source”: “action” Fields name kind type location fullName tags tags.* aliases
- 14. $policy = New-AzureRmPolicyDefinition -Name costCenterTagPolicyDefinition -Description "Policy to deny resource creation if no costCenter tag is provided" -Policy '{ "if": { "not" : { "field" : "tags", "containsKey" : "costCenter" } }, "then" : { "effect" : "deny" } }'
- 15. { "if": { "not": { "field": "name", "like": "namePrefix*nameSuffix" } }, "then": { "effect": "deny" } }
- 16. "properties": { "displayName": "Allowed VM Skus", "description": "This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.“ }, "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Compute/virtualMachines“ }, { "not": { "field":"Microsoft.Compute/virtualMachines/sku.name", "in": ["Basic_A0”,”Basic_A1”,”Basic_A2”,”Basic_A3”,”Basic_A4”] } } ] }, "then": { "effect": "Deny“ } }
- 17. "properties": { "displayName": "Allowed VM Skus", "description": "This policy enables you to specify a set of virtual machine SKUs that your organization can deploy.", "parameters": { "listOfAllowedSKUs": {"type": "array"} } }, "policyRule": { "if": { "allOf": [ { "field": "type", "equals": "Microsoft.Compute/virtualMachines“ }, { "not": { "field":"Microsoft.Compute/virtualMachines/sku.name", "in": "[parameters('listOfAllowedSKUs’)]” } } ] }, "then": { "effect": "Deny“ } }
- 21. Organizational alignment for your Azure subscriptions through custom hierarchies and grouping Enables targeting of policies and spend budgets across all subscriptions and inheritance down the hierarchies Enables compliance and cost reporting by organizations (business/teams)