Azure Policy is a Microsoft service in Azure used for creating and managing policies , assignments and definition and it is used to force some roles on some resources in case of some actions.
- Policy definition: is the conditions of the policy
- Policy assignment: in the part we can define which resource or services you need to apply this policy on it , add in your note that the policy assignment by default inherited so for example if you applied Policy on Subscription it will be inherited on all of the resource under this subscription
- Policy parameters: it will give you the availability to custom your policy
- Azure initiative Policy: it the like Azure policy but we can use when you need to do group of policy in one step and it is containing the 3 parts (initiative definition, initiative assignment, initiative parameters) “Policy Combo
Today we will create Azure policy to enforce any new resource for using tag let’s go to see how we can create this policy using PowerShell Command.
IF you need to check all of my azure posts ➡ Latest Microsoft Azure Articles and Posts
- Create Resource Group “IF you need it is not mandatory”
- Save the Resource Group in PowerShell variable ($resource)
- Call the Resource Group ID
- Get the Azure Policy definition of required to assign tag for any new resource will be created
- Save the Azure policy information into PowerShell variable ($Policy)
- Create Azure Policy
After Executing the last PowerShell command for creating new Azure policy you will be asked to add the Tag name and Tag value as it shows in below image.
---Create Resource Group
New-AzResourceGroup -Name azureadmincourse -Location "East US 2"
---Save the Resource Group in PowerShell variable ($resource)
$resource = Get-AzResourceGroup -Name azureadmincourse
---Call the Resource Group ID (Test)
$resource.resourceid
---Get the Azure Policy definition to assign tag for any new resource will be created
Get-AzPolicyDefinition | Where-Object { $_.Properties.displayname -eq "Require a tag and its value on resources" }
---Save the Azure policy information into PowerShell variable ($Policy)
$policy = Get-AzPolicyDefinition | Where-Object { $_.Properties.displayname -eq "Require a tag and its value on resources" }
---Create Azure Policy
New-AzPolicyAssignment -Name "Should add tag for new resource" -DisplayName "Tag is mandatory" -Scope $Resource.resourceid -PolicyDefinition $Policy
- IF you open the azure policy and Click on Overview in the left: you will see the Azure Policy (Tag is mandatory) if you click on it you will be able to check the Assignment Details and from the top you can check the policy definition and you can edit it or assign it to another scope or delete it
- IF you click on the assignments in the left side: you will see the policy assignment we created it with name “Tag is mandatory”
IF you try now to create any resource without adding the tag we mentioned it in the policy for example Azure SQL under the resource group we crated it (azureadmincourse) or under the resource group you assigned this policy to it the resource create process will not be completed because it will failed in the validation process and you should received error like below
Deployment validation failed.
Additional details from the underlying API that might be helpful: The template deployment failed with multiple errors. Please see details for more information.
IF you open the activity log on the resource group you will find all of the details of the issue like below
DB Cloud TECH 