Preview of the Policy Management UX

Azure Resource Manager policies provide the ability to manage risks within a Azure environment. To implement this so called policies can be created to enforce specific circumstances.

One of my previous post: “Define Azure Resource Manager Policies” describe what policies are. Some key features are:

  • Polices are a settings that are default set to allow.
  • Policies are described by policy definitions in a policy definition language (if-then conditions).
  • Polices are defined with JSON formatted files.

Policy Management UX

As of today policies can be managed within the  Preview Azure Portal. Before this you needed to use PowerShell (If you prefer PowerShell you can read my previous post: “Define Azure Resource Manager Policies”). For a couple situations you still need to use PowerShell because certain functions are not yet available within Azure.

With the Policies UX you can view the policy assignments on two levels:

  • Subscription
  • Resource Group

A option “Policies” is added to the settings blade of the specified levels. Clicking on the setting will show the assigned policies.

Policy Management UX

By clicking “Add assignment” you can add policy assignments. The policy UX offers a couple of build-in options:

  • SQL Server version 12.0 required.
  • Allowed resource types.
  • Not allowed resource types.
  • Storage account SKU’s.
  • Storage account encryption required.
  • Virtual Machines SKU’s.
  • Allowed locations.

The build-in options provide you with the ability to add the specific allowed items directly from the interface for example the SKUs of Virtual Machines.



Besides the build-in policies the drop down also shows custom policies that are uploaded via PowerShell.


The policy management UX is a great starting point for doing more with policies. Policies are not used that often and this UX will help to get started. In the near future the UX should be extended because it is lacing some commonly used functionalities. Besides the UX I hope that they enhance the policy definitions. In my opinion some enhancements should be:

  • Better error messages within the portal, that reference the policies.
  • A way to edit the policies within the portal.
  • Management across subscriptions.
  • Tagging with policy definitions.
  • Uploading custom policies.
  • Regular expression possibility within policies. This can come in use for naming conventions.

Related Posts

VSTS Extension for Azure Role Based Access Control Today I published an extension for Visual Studio Team Services (VSTS) that gives you the ability to add and remove role based access assignments in Az...
Listing Azure Services within a CSV file In some situations you will look into a current Azure Environment and the setup/governance of it and need to migrate or move resources around. The ...
Azure Event Grid with Custom Events As of yesterday (16-8-2017) the public preview of Azure Event Grid is live. Azure Event Grid is a fully managed event routing service. Azure Event Gri...
Removing the Classis Hybrid Connections from Azure (Azure BizTalk Service) As you know the classic hybrid connections that are build upon Azure BizTalk Services are deprecated. These connection will have to be replaced by the...
Restricting access to your Azure Web Application As you may know almost everything that is deployed to Azure is publicly available. As with Azure SQL Database you do not have a firewall available for...
Configure access to a private network for a Azure App Services On-Premise connections for Azure App Services can be created by using Hybrid Connections. Hybrid connections do not need any development or re-configu...

Leave a Reply

Your email address will not be published. Required fields are marked *