DataBytzAI">
Click here to Skip to main content
14,970,849 members
Articles / Hosted Services / Azure
Article
Posted 24 Dec 2018

Tagged as

Stats

3.1K views

Policy Management with Azure

Rate me:
Please Sign up or sign in to vote.
5.00/5 (1 vote)
24 Dec 2018CPOL3 min read
Managing policy and procedure with Azure in the cloud

Introduction

Every organisation has a set of regulations and compliances that it must comply with. Some of these are regulatory and are imposed by external organisations; for example, GDPR legislation, while others may vary from sector to sector. The regulations imposed on financial organisations will be different from those imposed on manufacturers and if an organisation wants to achieve certification; for example, ISO certification, then there’s a set of regulations that need to be complied with. Apart from external regulations and compliances, organisations will also have their own policies to comply with. "Azure Policy" is a service that helps organisations comply and manage policy and procedures to meet regulatory requirements.

Image 1

What Does It Do?

Azure Policy makes it easier for companies to comply with policies and regulations, whether they’re externally imposed or generated internally. Azure Policy can help you to design, create, assign and manage policies. Also, it runs evaluations of your resources and scans for breaches of your policies.

Creating Policy Definitions

This is the first thing you’ll have to do. Every policy definition includes conditions under which it’s enforced. If the conditions are met, then there is an effect. You can create your own policies, but Azure Policy has a number of built-in policies including:

  • Require SQL Server 12.0 – This is to ensure that all users use this version of the SQL server
  • Allowed location – This policy is a part of enforcing geo-location compliance requirements
  • Allowed resource type – This policy lists which are the allowed resource types and will deny access to any resource type not on the list
  • Not allowed resource type – With this policy, you can specify what types of resources your organisation is not allowed to deploy.

Any of these policies can be implemented using PowerShell, Azure CLI or Azure portal.

Assigning Policy

Image 2

Once a policy is defined, it needs to be assigned to take place within a specific scope before it can be implemented. A scope is all the subscriptions, management groups or resource groups that a policy definition is assigned to. Also, policy assignments are inherited by all child resources; for example, if a policy is assigned to a resource group, then it is applied to all the resources in the resource group.

Policy Parameters

Parameters can be defined when creating a policy definition in order to make the definition more generic. A relatively generic definition can be used in a number of different scenarios, by passing in different values when assigning the policy definition. Each time a parameter is defined, it’s given a name and a value. The value can then be changed when the policy is assigned to a different area.

Defining an Initiative

A collection of policy definitions that are working towards one overall goal is known as an initiative definition. Managing and assigning policy definitions is simplified by grouping a set of policies together in an initiative definition. Like a policy definition, a initiative definition is assigned to a specific scope and it also has parameters which can be defined.

Policy Management Recommendations

When you start creating policy definitions, it’s better to start with an audit effect instead of a deny effect. This will allow you to keep track of the impact of your policy definitions on your environment. Using a deny effect may have a negative impact on any automated tasks that you already have in place.

Try to remember to create definitions at higher levels; for example, at the management group of subscription level. Then, assignment can be carried out at the child level.

Image 3

Policy and procedure management is becoming very important due to increasing focus on data privacy and Azure policy makes it easy to implement - it's worth checking out.

History

  • 24th December, 2018 - Version 1

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

DataBytzAI
Chief Technology Officer The DataWorks
United Kingdom United Kingdom
Allen is a consulting architect with a background in enterprise systems. His current obsessions are IoT, Big Data and Machine Learning. When not chained to his desk he can be found fixing broken things, playing music very badly or trying to shape things out of wood. He runs his own company specializing in systems architecture and scaling for big data and is involved in a number of technology startups.

Allen is a chartered engineer, a Fellow of the British Computing Society, and a Microsoft MVP. He writes for CodeProject, C-Sharp Corner and DZone. He currently completing a PhD in AI and is also a ball throwing slave for his dogs.

Comments and Discussions

 
-- There are no messages in this forum --