Azure Policy is a governance tool in Azure that allows you to control or audit the resources within your environment. It can be used either to stop something from happening (enforcement) or to simply report on it (audit). This makes it a key component of managing large-scale cloud environments, ensuring resources meet organizational standards and compliance requirements.
Scopes and Locations
An Azure Policy is always assigned to one or more scopes. A scope defines where the policy applies and can include:
- Management groups,
- Subscriptions, or
- Resource groups.
The location of a policy is either at the subscription level or at the management group level. Once defined, it can only be used within that same scope.
Examples of Policies
Policies can be very powerful and flexible. Some common examples include:
- Restricting which types of virtual machines can be created.
- Restricting the regions in which resources can be deployed, ensuring compliance with legal or company standards.
- Requiring tags to be automatically inherited from resource groups down to the individual resources.
Responses to Non-Compliant Resources
When a resource does not comply with a policy, Azure can respond in several different ways:
- Deny the resource change outright.
- Log the change for audit purposes.
- Alter the resource either before or after the change to bring it into compliance.
- Deploy related compliant resources automatically.
These flexible options mean that Azure Policy is not just about prevention, but also about guiding resources back into compliance.
Policy Initiatives
A Policy Initiative is a collection of multiple individual policies grouped together. Initiatives make it easier to manage related policies as a single unit, often aligned to a regulatory or business standard. For example, you could create an initiative for all compliance requirements under Microsoft Purview, applying them consistently across your environment.
Learn More
More details and examples are available on the official Azure Policy page.
Next Steps
Azure Policy is a cornerstone of Azure governance, working alongside features like Tags and Microsoft Purview to keep your resources compliant and organized. If you want to see more about Microsoft Azure and learn how to prepare for the AZ-900 exam, join me in my AZ-900 video course where I walk through live demonstrations and examples – or click here to go back to the Microsoft AZ-900 list of topics.
Please click here to find out more about Microsoft’s AZ-900 exam.
