Introduction
Ever wondered if you can put policies on the deployment of resources in Azure? Yes you can via “Resource Policies“.
This used to be only possible via JSON deployments like the following ;
{
"properties": {
"parameters": {
"allowedLocations": {
"type": "array",
"metadata": {
"description": "The list of locations that can be specified when deploying resources",
"strongType": "location",
"displayName": "Allowed locations"
}
}
},
"displayName": "Allowed locations",
"description": "This policy enables you to restrict the locations your organization can specify when deploying resources.",
"policyRule": {
"if": {
"not": {
"field": "location",
"in": "[parameters('allowedLocations')]"
}
},
"then": {
"effect": "deny"
}
}
}
}
The good news is that the preview portal shows a public preview shows that this feature will be available via the portal!
Let’s take a quick look
Now let’s take a look to see what we can expect… Browse to your resource group and you’ll see an item called “Policies”. Here you can add assignments ;
Adding an assignment shows the current capabilities ;
You can limit the location to which we can deploy ;
Or limit the type of resources ; 
Enforce given storage types ; 
Ensure that a given type of VM is not being deployed ; 
Or block certain resource types (the opposite of allowing a specific resource type, which we saw a few screenshots back) ;
Once added, we can see the details for each rules ;
Closing Thoughts
Governance is often a starting discussion on Azure. Resource policies already provide IT departments with a toolbox to control the resource deployments.
Where JSON deployments already provided this capability, it is now very good to see that this possibility has become more publically available via the portal!
Karim Vaes 