This is an old revision of the document!
Azure Policy
-
- Azure Policy helps to enforce organizational standards and to assess compliance at-scale.
- Policies can be grouped together into Initiatives or policySet.
- Azure Policy Guest Configuration agent is the service that runs on a VM to audit and remediate configuration issues
Examples of Using Policy
- Require newly created resources to have certain tags.
- Disallow creation of certain resource types
- Constrain the regions where resources can be deployed
- Require virtual machines to be configured with encryption at rest for disk storage
Policy Evaluation
Times or events when policies are evaluated:
- A resource is created or updated in a scope with a policy assignment.
- A policy or initiative is newly assigned to a scope.
- A policy or initiative already assigned to a scope is updated.
- During the standard compliance evaluation cycle, which occurs once every 24 hours.