Azure Policies first announced in Ignite 2017 and its in private preview until 20th November 2017, now its in public preview and we can try it for experiment purpose.
What is Azure Policy?
Azure policy enable Azure administrators to manage policies easily across all of the subscriptions in single place. Administrators can monitor compliance state of the resources according to policies. This is very useful if you have large number of resources existed before applying the policies.So we can easily group which resources are compliance and non-compliance.
To start with Azure policy first we have to register the subscription for policy.
In policy we can find built-in policy definitions for this I use “Not allow resource type”, you can select a prefer policy and proceed.
We can assign policy by select assign from context menu in policy end.
Then we have to provide Name, Scope & Parameters the UI will differ according to the selected policy. In the scope we can select which subscriptions, resource group should I assign this policy.
In parameter you can define which resources we need to deny for this I used Microsoft.Compute/virtualMachines. For scope I gave a RG I created for this test. Following is the screen capture it.
Click Assign to apply policy,now we can see it in the assignments tab in policy service as below.
Even through we can check the policy is compliance with the scope.
We can verify the policy working by creating a VM in the policy applied RG, when we try to create it fails in the VM validation saying its not allow by the policy.