azure:azure_policy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
azure:azure_policy [2024/10/03 13:02] – [Azure Policy] mmuzeazure:azure_policy [2024/10/04 14:13] (current) – [Effect Order Of Evaulation] mmuze
Line 28: Line 28:
  
 ==== Effect Order Of Evaulation ==== ==== Effect Order Of Evaulation ====
 +There is an order of precedence for the possible policy //effects//.
   * [[https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-basics#order-of-evaluation]]   * [[https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-basics#order-of-evaluation]]
  
Line 33: Line 34:
   * append and modify   * append and modify
   * deny   * deny
 +    * The Deny effect prevents a resource from being created or modified (including deleted) if it violates a policy rule. 
   * audit   * audit
   * manual   * manual
   * auditIfNotExists   * auditIfNotExists
   * denyAction   * denyAction
 +    * It prevents the deletion of resources that match a specified condition, such as a specific resource type or tag value.
  
- +<callout type="info"> 
- +//Deny// effect applies to all actions (create, update, delete), while //DenyAction// effect only applies to deletion actions. 
 +  * Use Deny effect when you want to block all unauthorized actions (create, update, delete) on a resource that does not support tags and locations. 
 +  * Use DenyAction effect when you want to specifically prevent the deletion of resources that support tags and locations, such as virtual networks or storage accounts. 
 +</callout>
  • azure/azure_policy.1727960534.txt.gz
  • Last modified: 2024/10/03 13:02
  • by mmuze