Preview of the Policy Management UX

Azure Resource Manager policies provide the ability to manage risks within a Azure environment. To implement this so called policies can be created to enforce specific circumstances.

One of my previous post: “Define Azure Resource Manager Policies” describe what policies are. Some key features are:

  • Polices are a settings that are default set to allow.
  • Policies are described by policy definitions in a policy definition language (if-then conditions).
  • Polices are defined with JSON formatted files.

Policy Management UX

As of today policies can be managed within the  Preview Azure Portal. Before this you needed to use PowerShell (If you prefer PowerShell you can read my previous post: “Define Azure Resource Manager Policies”). For a couple situations you still need to use PowerShell because certain functions are not yet available within Azure.

With the Policies UX you can view the policy assignments on two levels:

  • Subscription
  • Resource Group

A option “Policies” is added to the settings blade of the specified levels. Clicking on the setting will show the assigned policies.

Policy Management UX

By clicking “Add assignment” you can add policy assignments. The policy UX offers a couple of build-in options:

  • SQL Server version 12.0 required.
  • Allowed resource types.
  • Not allowed resource types.
  • Storage account SKU’s.
  • Storage account encryption required.
  • Virtual Machines SKU’s.
  • Allowed locations.

The build-in options provide you with the ability to add the specific allowed items directly from the interface for example the SKUs of Virtual Machines.

image

 

Besides the build-in policies the drop down also shows custom policies that are uploaded via PowerShell.

Conclusion

The policy management UX is a great starting point for doing more with policies. Policies are not used that often and this UX will help to get started. In the near future the UX should be extended because it is lacing some commonly used functionalities. Besides the UX I hope that they enhance the policy definitions. In my opinion some enhancements should be:

  • Better error messages within the portal, that reference the policies.
  • A way to edit the policies within the portal.
  • Management across subscriptions.
  • Tagging with policy definitions.
  • Uploading custom policies.
  • Regular expression possibility within policies. This can come in use for naming conventions.

Related Posts

Restricting access to your Azure Web Application As you may know almost everything that is deployed to Azure is publicly available. As with Azure SQL Database you do not have a firewall available for...
Configure access to a private network for a Azure App Services On-Premise connections for Azure App Services can be created by using Hybrid Connections. Hybrid connections do not need any development or re-configu...
Extensions and Tips for deploying with Azure Resource Templates Working with Azure Services in different subscriptions means that the Azure Services need to run in different subscriptions. This often occurs when we...
Part 2 – Azure API Application to query the Azure SQL Database This post is the second in a series of three posts and will help you with the creation of identity pass-through authentication from a client applicati...
Part 1 – Azure SQL Database with Azure Active Directory Authentication This post is the first post in a series of three posts and will help you with the creation of identity pass-through authentication from a client appli...
Pass-Through Authentication with Azure Active Directory, Azure SQL, Azure API an... In situations you need to login to an application and use that identity to access an API (pass-through identity) and also get data from Azure SQL Serv...

Leave a Reply

Your email address will not be published. Required fields are marked *