Azure Policy
Write and assign Azure Policy definitions to enforce naming conventions, allowed resource types, and location restrictions automatically at subscription or resource group scope.
What Is Azure Policy?
Azure Policy is a governance service that allows you to define, assign, and manage rules — called policy definitions — that control or audit the configuration of Azure resources. Unlike RBAC, which controls who can take actions, Azure Policy controls what the resulting resource configuration is allowed to be. You use it to enforce organisational standards like naming conventions, approved resource types, and required security configurations.
Policy Definitions
A policy definition is a JSON document that defines a condition to evaluate against a resource and an effect to apply when the condition is met. Azure provides hundreds of built-in policy definitions covering common scenarios. You can also create custom policy definitions when built-in policies do not match your requirement. Policy definitions are reusable objects that must be assigned to a scope before they take effect.
// Example built-in policy: require a specific tag on all resources
// Policy definition logic (simplified):
{
'if': {
'field': 'tags[Environment]',
'exists': 'false'
},
'then': {
'effect': 'deny'
}
}