Create and Manage Azure Policy
It is crucial to have a good understanding of how to create and manage policies in Azure Environment. This helps to stay complaisant with the corporate standards and service level agreements. We shall now highlight the steps to use Azure Policy to create, assign, and manage policies across an organization.
Before you begin it is important to have Azure subscription, else it is suggested to create a free account before you begin.
Steps to Assign a Azure Policy
Before we begin assigning a policy it is important to enforce compliance with Azure Policy by assigning a policy definition. The policy definition primarily defines under what condition policy is enforced and what effect to take.
- Go to the Azure portal to assign policies. Search for and select Policy.
- Select Assignments on the left side of the Azure Policy page. An assignment is a policy that has been assigned to take place within a specific scope.
- Select Assign Policy from the top of the Policy – Assignments page.
- On the Assign Policy page and Basics tab, select the Scope by selecting the ellipsis and selecting either a management group or subscription.Then select Select at the bottom of the Scope page.
- Resources can be excluded based on the Scope. Exclusions start at one level lower than the level of the Scope. Exclusions are optional.
- Select the Policy definition ellipsis to open the list of available definitions. You can filter the policy definition Type to Built-in to view all and read their descriptions.
- Select Inherit a tag from the resource group if missing. If you can’t find it right away, type inherit a tag into the search box and then press ENTER or select out of the search box.
- Select the Select option at the bottom of the Available Definitions page once you have found and selected the policy definition.
- The Assignment name is automatically populated with the policy name you selected, but you can change it.
- Leave Policy enforcement as Enabled. When Disabled, this setting allows testing the outcome of the policy without triggering the effect.
- Assigned by is automatically filled based on who is logged in. This field is optional, so custom values can be entered.
- Select the Parameters tab at the top of the wizard.
- For Tag Name, enter Environment.
- Select the Remediation tab at the top of the wizard.
- Leave Create a remediation task unchecked. This box allows you to create a task to alter existing resources in addition to new or updated resources.
- Create a Managed Identity is automatically checked since this policy definition uses the modify the effect. Permissions are set to Contributor automatically based on the policy definition. For more information, see managed identities and how remediation security works.
- Select the Review + Create Tab at the top of the wizard.
- Review your selections, then select Create at the bottom of the page.
Steps to implement a New Custom Policy
We can create a new custom policy and thereby save costs by validating that virtual machines created in your environment. In this way, every time a user in the organization plans to create a virtual machine in the G series, the request is denied.
- Select Definitions under Authoring in the left side of the Azure Policy page.
- Select + Policy definition at the top of the page. This button opens to the Policy definition page.
- Enter the information including management group or subscription, name of the policy definition, policy definition, Copy the following JSON code and then update.
- Select Save Option
Reference: Microsoft Documentation