Azure Policy

Azure Policy enables you to create, assign, and manage policy definitions that enforce rules and effects over your resources, ensuring those resources stay compliant with your corporate standards and service level agreements.

Key concepts

• Policy definition – A reusable logic statement that describes a condition and an effect.
• Policy assignment – The binding of a definition to a specific scope (subscription, resource group, or resource).
• Initiative (policy set) – A collection of policy definitions that are managed as a single entity.

Quick start

Use the Azure portal, Azure CLI, or PowerShell to create a policy that enforces tagging on resources.

az policy definition create \
  --name "require-tag-environment" \
  --display-name "Require a tag 'environment'" \
  --description "Ensures that all resources have a tag named 'environment'." \
  --rules '{
    "if": {
      "field": "tags.environment",
      "equals": ""
    },
    "then": {
      "effect": "deny"
    }
  }' \
  --mode All

Resources

• Policy definitions
• Policy assignments
• Best practices
• CLI reference