Rajnish, MCT

Rajnish Kumar Jha, MCT: DevOps, Azure, Microsoft Certified Trainer

DevOps, Cloud, Azure resources & blog

You are here :► Rajnish Kumar Jha, MCT: DevOps, Azure, Microsoft Certified TrainerBlogAzure GovernanceWorking with Azure Policy

Working with Azure Policy

Written by

Rajnish Kumar Jha

/

Under the topic

/

Dated:

Table Of Content

Azure Policies are a crucial tool for enforcing governance rules within your Azure environment.

Here’s a step-by-step guide for the key tasks related to managing Azure Policies

  • assigning policies,

  • creating and assigning policy initiatives,

  • checking for compliance,

  • checking remediation tasks,

  • and removing policies and initiatives.

1. Assign a Policy in Azure

Assigning a policy involves selecting a policy definition and applying it to a scope (subscription, resource group, or management group).

Here's how to assign a policy.

Steps to Assign a Policy

1.1. Navigate to Azure Policy:

In the Azure Portal, go to All Services and search for Policy.

Select Policy to open the Azure Policy service.

1.2. Select Policy Definitions:

Under the Authoring section, click Definitions.

Browse through the list of Built-in policies or select + Policy Definition if you want to create a custom policy.

1.3. Assign the Policy:

Select the policy definition you want to assign.

Click Assign at the top of the page.

1.4. Set Assignment Scope:

Choose the Scope (this can be a subscription, resource group, or management group).

You can also filter the scope by Location or apply it to specific resources.

1.5. Configure Parameters (if required):

Some policies require parameters (e.g., specifying allowed regions).

Enter the required parameters for the policy.

1.6. Assign the Policy:

Optionally, select Remediation if you want to trigger a remediation task to correct non-compliant resources.

Review the policy assignment and click Assign.

2. Create and Assign an Initiative Definition

An Initiative is a collection of policies that are grouped together to achieve a common goal (e.g., security, cost management).

You can create a custom initiative and assign it to a scope.

Steps to Create and Assign an Initiative Definition:

2.1. Navigate to Azure Policy:

Go to Azure Policy in the Azure Portal.

2.2. Create an Initiative:

Under Authoring, select Initiatives.

Click + Initiative Definition to create a new initiative.

Provide a Name and Description for the initiative.

2.3. Add Policies to the Initiative:

Click + Add Policy to select the policy definitions that should be part of this initiative.

Add multiple policies based on your organizational needs (e.g., policies for compliance, security, resource management).

2.4. Set the Initiative Parameters (Optional):

If needed, define parameters that will be applied across all the policies in the initiative.

2.5. Save the Initiative:

After adding all the required policies, click Save to create the initiative.

2.6. Assign the Initiative:

To assign the initiative, click Assign at the top of the initiative page.

Choose the Scope (subscription, resource group, or management group).

Optionally, configure Exemptions or Parameters if required.

Review and click Assign to apply the initiative to the selected scope.

3. Check for Compliance

Once a policy or initiative is assigned, Azure continuously evaluates the resources for compliance.

You can check the compliance state of resources assigned to a policy or initiative.

Steps to Check for Compliance:

3.1. Navigate to Azure Policy:

In the Azure Portal, go to Azure Policy.

3.2. View Compliance Dashboard:

Under Compliance, click on Overview.

The dashboard will show the compliance state for each assigned policy or initiative across your resources.

You will see whether the resources are Compliant, Non-compliant, or In progress.

3.3. Check Detailed Compliance Information:

Click on any non-compliant policy or initiative to get more details.

You will see a list of non-compliant resources, along with an explanation of why they are non-compliant.

4. Check for Remediation Tasks

Azure allows you to create remediation tasks that can automatically or manually correct non-compliant resources based on the policy or initiative settings.

Steps to Check for Remediation Tasks:

4.1. Navigate to Azure Policy:

In the Azure Portal, go to Azure Policy.

4.2. Go to the Compliance Page:

Under Compliance, click on Overview or directly on the policy or initiative you want to check.

4.3. View Non-Compliant Resources:

For non-compliant resources, you will have the option to trigger a remediation task.

4.4. Create or Trigger Remediation:

If a remediation task is available (such as DeployIfNotExists or Append), you can click Remediate.

For example, if your policy requires the deployment of a resource (like Azure Security Center), Azure will automatically deploy it to non-compliant resources.

4.5. Monitor the Remediation Task:

After initiating a remediation task, you can monitor its progress in the Remediation Tasks section of Azure Policy.

The task status will be listed as In progress, Succeeded, or Failed.

5. Remove a Policy or Initiative

If you no longer need a policy or initiative or wish to update it, you can remove or unassign it from the scope.

Steps to Remove a Policy:

5.1. Navigate to Azure Policy:

Go to Azure Policy in the Azure Portal.

5.2. Go to Policy Assignments:

Under Assignments, find the policy assignment you want to remove.

5.3. Select the Policy Assignment:

Click on the policy assignment you want to delete.

5.4. Remove the Policy Assignment:

Click Delete at the top of the page to remove the assignment.

The policy will no longer be enforced on the scope (subscription, resource group, etc.).

Steps to Remove an Initiative:

5.1. Navigate to Azure Policy:

Go to Azure Policy in the Azure Portal.

5.2. Go to Initiatives:

Under Authoring, select Initiatives.

5.3. Select the Initiative:

Click on the initiative you want to remove.

5.4. Remove the Initiative Assignment:

Click on Assignments in the initiative overview page.

Find the assignment to remove, click on it, and then select Delete.

The initiative will no longer be applied to the selected scope.

Conclusion

Managing Azure Policies effectively involves several steps: assigning policies, creating and assigning initiatives, checking for compliance, managing remediation tasks, and removing or unassigning policies when no longer needed.

By understanding these core tasks, you can ensure that your resources are compliant with your organization’s governance, security, and cost management strategies.

  • Assign policies to enforce specific rules.

  • Create initiatives for grouping related policies.

  • Monitor compliance to track adherence to governance standards.

  • Use remediation tasks to automatically or manually fix non-compliant resources.

  • Remove or unassign policies and initiatives when they are no longer required.

These practices will help ensure that your Azure environment stays organized, secure, and cost-effective.

Related Articles

Know about RBAC Authentication in Azure

Know about RBAC Authentication in Azure

Role-Based Access Control (RBAC) is a core feature in A…

What is ARM Template in Azure?

What is ARM Template in Azure?

An Azure Resource Manager (ARM) template is a JSON (Jav…

Adding Role assignment in Azure RBAC

Adding Role assignment in Azure RBAC

In Azure, Role-Based Access Control (RBAC) helps manage…

Azure Bicep explained in detail

Azure Bicep explained in detail

Azure Bicep is a powerful and modern domain-specific la…

Tags attached to this Post

About the Author

Rajnish Kumar Jha

MCT, MCSA, MCSE, MCAD, MCPD, MCTS, MCSD

My name is Rajnish Kumar Jha. I am Technical architect on Azure Cloud and .NET since 21+ years. I’ve worked for pioneer companies and as freelance trainer/consultant helping my clients to achieve their IT goals.

I find blogging, a great way to share back what I’ve learned all through my professional journey. You are welcome to connect or share feedback/suggestion here or through an email.

Featured Courses

Learn Azure DevOps from Scratch for Free

Rajnish Kumar Jha

MCT, MCSA, MCSE, MCAD, MCPD, MCTS, MCSD

My name is Rajnish Kumar Jha. I am Technical architect on Azure Cloud and .NET since 21+ years. I’ve worked for pioneer companies and as freelance trainer/consultant helping my clients to achieve their IT goals.

I find blogging, a great way to share back what I’ve learned all through my professional journey. You are welcome to connect or share feedback/suggestion here or through an email.

My MCT card (Microsoft)

My Certifications

Rajnish, MCT

Popular Posts

Popular TAGS

AZ-104 (41) Azure (41) Azure Administration (41) Azure ARM Template (2) Azure Bicep (2) Azure Policy (2) Azure RBAC (4) Azure Solution Expert (41) Cloud (41) Cloud Administration (41) Microsoft Azure (41) Microsoft Entra (11)

Popular Category

Azure Backup (29) Azure Compute (63) Azure DevOps (351) Azure Fundamentals (14) Azure Governance (12) Azure Identity (14) Azure Monitoring (40) Azure Storage (51) Azure Virtual Networks (48)

Table Of Content

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Unlock the full potential of Azure Cloud with me
– Your trusted guide to Azure mastery!

SUBSCRIBE

My newsletter for exclusive content and offers. Type email and hit Enter.

No spam ever. Unsubscribe anytime.
Read the Privacy Policy.

Follow me on social media

Stay ahead of the curve
with the latest Azure tips, trends, and updates.

LinkedIn -|- GitHub -|- YouTube -|- Facebook -|- Twitter-|- Pinterest -|- Instagram