Azure Blueprints
Overview
Azure Blueprints enable cloud architects and central IT groups to define a repeatable set of Azure resources that implements and adheres to an organization’s standards, patterns, and requirements.
With a blueprint, you can orchestrate the deployment of:
- Role‑based access control (RBAC) policies
- Resource manager templates (ARM)
- Policy assignments
- Resource groups
- Key vaults, log analytics workspaces and more
Once a blueprint is assigned to a subscription or management group, its artifacts are deployed consistently, ensuring compliance from day one.
Key concepts
| Artifact | Description |
|---|---|
| Blueprint | A package that defines a repeatable set of governance tools and resource templates. |
| Artifact | Individual components such as policies, role assignments, or resource groups. |
| Assignment | The act of applying a blueprint to a target scope (subscription or management group). |
| Versioning | Blueprints support versioning, allowing you to evolve governance over time. |
Sample Blueprint definition
{
"properties": {
"description": "Baseline security & compliance for all workloads",
"targetScope": "subscription",
"parameters": {
"location": {
"type": "string",
"metadata": { "description": "Location for resources" }
}
},
"resourceGroups": [
{
"name": "rg‑security",
"location": "[parameters('location')]"
}
],
"policyAssignments": [
{
"name": "audit-vm-sshd-activity",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/xxxx",
"parameters": {}
}
],
"roleAssignments": [
{
"name": "security‑admin‑rg‑security",
"roleDefinitionId": "/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx",
"principalIds": ["xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"]
}
]
}
}
This JSON can be uploaded directly via the Azure portal or deployed using Azure CLI/PowerShell.