Azure Policy

Azure Policy is a service in Azure that you use to create, assign and, manage policy definitions. Policy definitions enforce different rules and actions over your resources, so those resources stay compliant with your corporate standards and service level agreements. Azure Policy runs an evaluation of your resources, scanning for those not compliant with the policy definitions you have.

Ref: https://docs.microsoft.com/en-us/azure/azure-policy/azure-policy-introduction

Mentioned below are the steps required for configuring Azure policies to monitor tags

Step 1 : Login on to the Azure Portal and search for Policy.

1

Step 2: Click on Definitions in the next screen.

2

Step 3 : Click on +Policy Definition.

3

Step 4: Enter the following details in the next screen.

  • Definition Location
  • Policy Name
  • Category

4

 

Step 5: Paste the below mentioned code in the Policy rules and Parameters section

( The code checks for all VMs with tags , and selects the VMS which do not have the tags mentioned in the script configured ).

Step 6 : Click on Save

{
 "policyRule": {
    "if": {
        "allof": [
            {
            "field": "type",
            "equals": "Microsoft.Compute/VirtualMachines"
             },
            {
            "anyOf": [
            {
             "field": "tags.Tag1Name",
             "exists": "false"
             },
            {
            "field": "tags.Tag2Name",
            "exists": "false"
             },
            {
             "field": "tags.Tag3Name",
             "exists": "false"
            },
            {
            "field": "tags.Tag4Name",
             "exists": "false"
             },
             {
             "field": "tags.Tag5Name",
             "exists": "false"
             }
         ]
     }
    ]
 },
 "then": {
    "effect": "audit"
    }
 }
}

Step 7 : Click on Assignments

5

Step 8 : Click on Assign Policy

Step 9 : Complete the form with the following values.

  • Scope ( Subscription / Resource Group/ Management Group )
  • Exclusions ( Exclusions within the selected Scope )
  • Select the policy definition just created.
  • Enter an Assignment name
  • Description of the Assignment.
  • Name of the User ( by default it takes the name of the user account used for the assignment process.

6

Step 10 : Click on Assign

Category:
Azure Platform, Uncategorized
Tags:
,

Join the conversation! 2 Comments

  1. Can you also describe the user experience and behavior of the policy. In my experience using policies have stopped admins manually deploying items into a resource group without using full ARM templating. i.e using the portal.

    Reply
    • Hi Rob,

      If the policy denies the creation of resources without TAGs, then that would indeed be the case.

      In Azure , the resource creation wizard doesn’t provide an option for assigning tags due to which the validation check for the resource fails.

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: