Azure Policy Examples
Explore a collection of practical examples for Azure Policy. These examples cover various scenarios to help you enforce organizational standards, assess compliance, and maintain a consistent Azure environment.
Common Use Cases
Enforce Allowed VM SKUs
Restrict the deployment of virtual machines to a predefined list of approved SKUs to manage costs and ensure compatibility.
Require Tagging for Resources
Ensure that all deployed resources are tagged with specific key-value pairs (e.g., 'Environment', 'Owner') for better organization and cost tracking.
Audit Storage Account Encryption
Audit storage accounts to ensure that encryption at rest is enabled, enhancing data security.
Deny Public IP Addresses
Prevent the creation of network resources with public IP addresses to minimize exposure to the internet.
Deploy Diagnostic Settings
Automatically deploy diagnostic settings to various resource types, sending logs and metrics to a designated Log Analytics workspace.
Restrict Allowed Locations
Limit resource deployments to a specific set of Azure regions to comply with data residency requirements or manage costs.
Getting Started with Examples
Each example provides the following:
- A clear description of the scenario.
- The Azure Policy definition (JSON format).
- Instructions on how to assign the policy.
- Example remediation tasks (where applicable).
Example Policy Definition Snippet
Here's a glimpse of what a policy definition looks like:
{
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"not": {
"field": "Microsoft.Compute/virtualMachines/sku.name",
"in": [ "Standard_D2s_v3", "Standard_D4s_v3", "Standard_D8s_v3" ]
}
}
]
},
"then": {
"effect": "audit" // or "deny"
}
}