Exam AZ-400: Use policies to enforce standards


You’re organizing your resources better in resource groups, and you’ve applied tags to your resources to use them in billing reports and in your monitoring solution. Resource grouping and tagging have made a difference in the existing resources, but how do you ensure that new resources follow the rules? You’ll take a look at how policies can help you enforce standards in your Azure environment.


What is Azure Policy?

Azure Policy is a service you can use to create, assign, and manage policies. These policies apply and enforce rules that your resources need to follow. These policies can enforce these rules when resources are created, and can be evaluated against existing resources to give visibility into compliance.

Policies can enforce things such as only allowing specific types of resources to be created, or only allowing resources in specific Azure regions. You can enforce naming conventions across your Azure environment. You can also enforce that specific tags are applied to resources. You’ll take a look at how policies work.


Create a policy

You’d like to ensure that all resources have the Department tag associated with them and block creation if it doesn’t exist. You’ll need to create a new policy definition and then assign it to a scope; in this case the scope will be our msftlearn-core-infrastructure-rg resource group. Policies can be created and assigned through the Azure portal, Azure PowerShell, or Azure CLI. This exercise takes you through creating a policy in the portal.


Create the policy definition

  1. Navigate to the Azure portal in a web browser if you haven’t already. In the search box in the top navigation bar, search for Policy and select the Policy service.
  2. Select the Definitions pane from the Authoring section in the left menu.
  3. You should see a list of built-in policies that you can use. In this case, you’re going to create our own custom policy. Click + Policy definition in the top menu.
  4. This button brings up the New policy definition dialog. To set the Definition location, click the blue . Select the subscription for the policy to be stored in, which should be the same subscription as our resource group. Click Select.
  5. Back on the New policy definition dialog, for Name give your policy a name of Enforce tag on resource.
  6. For the Description, enter This policy enforces the existence of a tag on a resource.
  7. For Category select Use existing and then select the General category.
  8. For the Policy rule, delete all text in the box and paste in the following JSON.

Create a policy assignment

You’ve created the policy, but you haven’t actually put it into effect yet. To enable the policy, you need to create an assignment. In this case, you’ll assign it to the scope of your msftlearn-core-infrastructure-rg resource group, so that it applies to anything inside the resource group.

  1. In the policy pane, select Assignments from the Authoring section on the left.
  2. Select Assign policy at the top.
  3. In the Assign policy pane, you’ll assign your policy to your resource group. For Scope, click the blue . Select your subscription and the msftlearn-core-infrastructure-rg resource group, then click Select.
  4. For Policy definition, click the blue . In the Type drop-down, select Custom, select the Enforce tag on resource policy you created, then click Select.
  5. Select Next to go to the Parameters pane.
  6. On the Parameters pane, for Tag name enter Department.
  7. Select Review + create then select Create to create the assignment.


Popunite niže tražene podatke ili kliknite na neku od ikona za prijavu:

WordPress.com Logo

Ovaj komentar pišete koristeći vaš WordPress.com račun. Odjava /  Izmijeni )

Google photo

Ovaj komentar pišete koristeći vaš Google račun. Odjava /  Izmijeni )

Twitter picture

Ovaj komentar pišete koristeći vaš Twitter račun. Odjava /  Izmijeni )

Facebook slika

Ovaj komentar pišete koristeći vaš Facebook račun. Odjava /  Izmijeni )

Spajanje na %s