Azure Governance – Policies in public preview on the portal

Introduction

Ever wondered if you can put policies on the deployment of resources in Azure?  Yes you can via “Resource Policies“.

This used to be only possible via JSON deployments like the following ;

{
  "properties": {
    "parameters": {
      "allowedLocations": {
        "type": "array",
        "metadata": {
          "description": "The list of locations that can be specified when deploying resources",
          "strongType": "location",
          "displayName": "Allowed locations"
        }
      }
    },
    "displayName": "Allowed locations",
    "description": "This policy enables you to restrict the locations your organization can specify when deploying resources.",
    "policyRule": {
      "if": {
        "not": {
          "field": "location",
          "in": "[parameters('allowedLocations')]"
        }
      },
      "then": {
        "effect": "deny"
      }
    }
  }
}

The good news is that the preview portal shows a public preview shows that this feature will be available via the portal!

 

Let’s take a quick look

Now let’s take a look to see what we can expect… Browse to your resource group and you’ll see an item called “Policies”. Here you can add assignments ;

Adding an assignment shows the current capabilities ;

You can limit the location to which we can deploy ;

Or limit the type of resources ; 

Enforce given storage types ; 

Ensure that a given type of VM is not being deployed ; 

Or block certain resource types (the opposite of allowing a specific resource type, which we saw a few screenshots back) ;

Once added, we can see the details for each rules ;

 

Closing Thoughts

Governance is often a starting discussion on Azure. Resource policies already provide IT departments with a toolbox to control the resource deployments.

Where JSON deployments already provided this capability, it is now very good to see that this possibility has become more publically available via the portal!

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s