Tuesday, August 16, 2016

Azure Resource Manager Policy management: Usecases and scenarios

I was recently asked to configure certain restrictions in our enterprise Azure Subscription for better utilization of the subscription as well as restrict our members from launching large VMs and potentially avoid evaporating the Azure credits.  The requirements are below.

  • Members must stick to East US and Central US data-centers for launching resources, other data-centers must be denied.
  • Members must tag their resources according to the below guidelines (Click here to learn about Tagging in Azure)
    • Environment : Production or Testing or Development
    • CostCenter : Finance or Engineering or Accounting etc
    • Customer : Contonso or Fabricam etc
  • Only selective Web Hosting Plan SKUs are allowed for Test and Development Purposes
For defining custom policies, we must use Azure Resource Manager Policies, an advanced feature that lets us define our custom policies and  evaluate based on various fields and allow and Deny the execution of the request.

  "if" : {
  "then" : {
      "effect" : "deny | audit | append"