Control your environment with Azure policy



Building a secure environment is one of the most important aspects of the Public Cloud. Azure policy is a service that you can use to create, assign and manage policy definition whilst also easily controlling your Azure environment.

These policy definitions can be used to enforce a desirable state of newly created services or to audit current infrastructure. You can use built-in policies or create using JSON syntax to create new policy appropriate to the requirements.

With Azure policies you can achieve results:

  • Audit
  • Deny
  • Append
  • AuditifNotExists
  • DeployifNotExists

Example policy –  enforces a specific NSG (Network Security Group) on every new network interface.

{   "policyRule": {     "if": {       "allOf": [         {           "field""type",           "equals""Microsoft.Network/networkInterfaces"         },         {           "not": {             "field""Microsoft.Network/networkInterfaces/",             "equals""[parameters('nsgId')]"           }         }       ]     },     "then": {       "effect""deny"     }   },   "parameters": {     "nsgId": {       "type""String",       "metadata": {         "displayName""Network Security Group Id",         "description""Resource Id of the Network Security Group",         "strongType""networksecuritygroup"       }     }   },   "metadata": {     "category""LabCategorySecurity"   } }

The above example protects the environment before creating a network card without an assigned Network Security Group.

To create policy definition you can choose:

  • Azure portal
  • Powershell
  • Azure CLI

Sample Powershell assignment:

$rg = Get-AzureRmResourceGroup -Name <RG name>

$definition = Get-AzureRmPolicyDefinition -Id /providers/Microsoft.Authorization/policyDefinitions/<id definition>

New-AzureRMPolicyAssignment -Name <policy name> Assignment -Scope $rg.ResourceId -PolicyDefinition $definition

Azure policy gives the opportunity to deploy policies from a community like Github.


You can assign the policy to a specific place, ranging from a management group to a resource group. Also, you can exclude some scope if you need to, which allows you to assign policy at a high level and then exclude scopes within it.

For a grouping of services, you can create the initiative where you can then collect polices.

Azure policy

Initiative Compliance

For using compliance evaluation standard price tiers are required.

The Azure Policy services are currently in the preview state. This is a service that will most likely be constantly developed, but it could be one of the important services ensuring security in the public cloud environment, making it definitely worth some attention.


Starter for 10: Meet Jonna Iljin, Nordcloud’s Head of Design

When people start working with Nordcloud, they generally comment on 2 things. First, how friendly and knowledgeable everyone is. Second,...


Building better SaaS products with UX Writing (Part 3)

UX writers are not omniscient, and it’s best for them to resist the temptation to work in isolation, just as...


Building better SaaS products with UX Writing (Part 2)

The main purpose of UX writing is to ensure that the people who use any software have a positive experience.

Get in Touch

Let’s discuss how we can help with your cloud journey. Our experts are standing by to talk about your migration, modernisation, development and skills challenges.