On this page
Poliy definition files are managed within the the folder policyDefintions
under Definitions
. The Policy definition files are structured based on the official Azure Policy definition structure published by Microsoft. There are numerous definition samples available on Microsoft's GitHub repository for azure-policy.
NOTE: When authoring policy/initiative definitions, check out the Maximum count of Azure Policy objects
The names of the definition JSON files don't matter, the Policy and Initiative definitions are registered based on the name
attribute. It is recommended that you use a GUID
as the name
. The solution also allows the use of JSON with comments by using .jsonc
instead of .json
for the file extension.
"name"
should be a GUID - see https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/new-guid?view=powershell-7.2."category"
should be one of the standard ones defined in built-in Policy definitions.- Do not specify an
id
. - Make the
effect
parameterized. - Whenever feasible, provide a
defaultValue
for parameters, especially for aneffect
parameter. - Policy aliases are used by Azure Policy to refer to resource type properties in the
if
condition and inexistenceCondition
: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#aliases.
{
"name": "Newly created GUID",
"properties": {
"displayName": "Policy Display Name",
"policyType": "Custom",
"mode": "All",
"description": "Policy Description",
"metadata": {
"version": "1.0.0",
"category": "Your Category"
},
"parameters": {
"YourParameter": {
"type": "String",
"metadata": {
"displayName": "YourParameter",
"description": "Your Parameter Description"
}
}
},
"policyRule": {
"if": {
"Insert Logic Here"
},
"then": {
"effect": "Audit, Deny, Modify, etc.",
"details": {
"roleDefinitionIds": [],
"operations": []
}
}
}
}
}
- Setup DevOps Environment .
- Create a source repository and import the source code from this repository.
- Select the desired state strategy
- Copy starter kit pipeline definition and definition folder to your folders.
- Define your deployment environment in
global-settings.jsonc
. - Build your CI/CD pipeline using a starter kit.
- Add custom Policy definitions.
- Add custom Policy Set definitions.
- Create Policy Assignments.
- Import Policies from the Cloud Adoption Framework.
- Manage Policy Exemptions.
- Document your deployments.
- Execute operational tasks.