Preview of the Policy Management UX

Azure Resource Manager policies provide the ability to manage risks within a Azure environment. To implement this so called policies can be created to enforce specific circumstances.

One of my previous post: “Define Azure Resource Manager Policies” describe what policies are. Some key features are:

  • Polices are a settings that are default set to allow.
  • Policies are described by policy definitions in a policy definition language (if-then conditions).
  • Polices are defined with JSON formatted files.

Policy Management UX

As of today policies can be managed within the  Preview Azure Portal. Before this you needed to use PowerShell (If you prefer PowerShell you can read my previous post: “Define Azure Resource Manager Policies”). For a couple situations you still need to use PowerShell because certain functions are not yet available within Azure.

With the Policies UX you can view the policy assignments on two levels:

  • Subscription
  • Resource Group

A option “Policies” is added to the settings blade of the specified levels. Clicking on the setting will show the assigned policies.

Policy Management UX

By clicking “Add assignment” you can add policy assignments. The policy UX offers a couple of build-in options:

  • SQL Server version 12.0 required.
  • Allowed resource types.
  • Not allowed resource types.
  • Storage account SKU’s.
  • Storage account encryption required.
  • Virtual Machines SKU’s.
  • Allowed locations.

The build-in options provide you with the ability to add the specific allowed items directly from the interface for example the SKUs of Virtual Machines.

image

 

Besides the build-in policies the drop down also shows custom policies that are uploaded via PowerShell.

Conclusion

The policy management UX is a great starting point for doing more with policies. Policies are not used that often and this UX will help to get started. In the near future the UX should be extended because it is lacing some commonly used functionalities. Besides the UX I hope that they enhance the policy definitions. In my opinion some enhancements should be:

  • Better error messages within the portal, that reference the policies.
  • A way to edit the policies within the portal.
  • Management across subscriptions.
  • Tagging with policy definitions.
  • Uploading custom policies.
  • Regular expression possibility within policies. This can come in use for naming conventions.

Related Posts

Azure Managed Service Identity and Local Development Instead of storing user credentials of an external system in a configuration file, you should store them in the Azure Key Vault. Before MSI (Managed S...
The securitydata Azure resource group Most of the times companies have rules in place for managing their Azure environment. The main rules that should be in place are “Azure Policies” and ...
Point to Site VPN Client won’t install To connect an Azure App Service to a on-premise database you can make use of different solutions. Two of those solutions are: Hybrid Connection ...
Invoke Azure Function in your Visual Studio Team Services CI/CD pipeline A utility task is available for Visual Studio Team Services (VSTS) to invoke an http triggered Azure function. The ability to invoke a Function from y...
VSTS Extension for Azure Role Based Access Control Today I published an extension for Visual Studio Team Services (VSTS) that gives you the ability to add and remove role based access assignments in Az...
Listing Azure Services within a CSV file In some situations you will look into a current Azure Environment and the setup/governance of it and need to migrate or move resources around. The ...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.