Azure Policy

Implement corporate governance and standards at scale.

Web Resources

5/22/2024, Azure PaaS Blog
A common challenge when updating app service apps with the standard App service ARM template is the mandatory "serverFarmId" property. The policy engine is unable to dynamically extract properties from the resource being evaluated during runtime for deployment, making it infeasible to update any App Service property with the conventional App service ARM template in the deployIfNotExists (DINE) policy.   However, managed identity can be enabled with the Azure PowerShell command: Set-AzWebApp -AssignIdentity. Furthermore, this command can be executed by utilizing a unique resource type...
5/22/2024, Azure PaaS Blog
Introduction and Current Challenges: Policy remediation is a critical aspect in Azure Policy, a service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so they stay compliant with your corporate standards and service level agreements.   As part of testing policy initiative, you might encounter an inconvenience where you cannot create remediation tasks for all policies inside an initiative assignment with a single click. Instead, you need to manually select and remediate each policy, which could be...
3/26/2024, Azure PaaS Blog
Azure provides a comprehensive list of built-in policy definitions (grouped by the category property defined in the metadata) which are owned and maintained by Microsoft (where the azure-policy repository contains the direct representation of these).   Built-in policy definitions usually cover a specific scenario although some flexibility might be provided through parameters that can be configured. However, customers might have specific needs not covered by an available built-in policy definition and a custom policy definition might be needed.   As a rule of thumb, if there is a built-in...
10/19/2023, Azure PaaS Blog
Managing Azure Policies through Python SDK   Azure Policy helps to enforce organizational standards and to assess compliance at-scale. It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for added resources.   Common use cases for Azure Policy include implementing governance for resource consistency, regulatory compliance, security, cost, and management. Policy definitions for these common use cases are already available in your Azure environment as built-ins to help you get started. Specifically, some useful...
12/26/2022, Azure PaaS Blog
Recently, a new feature called “Manual effect” popped out to users, but it is still in the PREVIEW stage. It allows users to self-attest the compliance of resources or scopes. In another word, it gives users a chance to determine the evaluation result of the specific resource and the reason. Currently, it is mostly used inside the Security related built-in policies and initiatives. You may check more details from the following doc.   Understand how effects work - Azure Policy | Microsoft Learn   There are multiple built-in policies under the Security category to check the subscription...