Creating a policy definition
In this section, we will run through the creation of a policy definition. The steps are presented here:
- Search for Policy in the portal main search bar and click Policy in the returned list, as illustrated in the following screenshot:
Figure 3.4 – Selecting Azure Policy in search bar
2. Click on the Definitions blade then click on the + Policy definition button, as illustrated in the following screenshot:
Figure 3.5 – Creating a policy definition
3. On the New Policy definition blade, we will populate values for the following:
- Definition location: This will be the subscription where the policy is to be saved.
- Name: This is the policy definition name.
- Description: A brief description of the policy definition to be created.
- Category: This will align with a set of predefined service categories in Azure, such as App Service, Azure Active Directory, Backup, and so on, or a custom category can be created; this can be used for future definition grouping too.
- POLICY RULE: This will be a rule that determines what the definition will assess, as well as the effect. Policy rules are structured in a JSON format and can be created from scratch or by importing from GitHub.
For this example, we will create a policy definition for allowed locations for resources (this is a predefined definition, therefore the following example is only implemented if additional requirements are needed).
4. Select Definition location by clicking the ellipsis button (…), as illustrated in the following screenshot:
Figure 3.6 – Selecting Definition location
5. Select Subscription from the pane that pops up and click Select, as illustrated in the following screenshot:
Figure 3.7 – Selecting Definition location: Subscription
6. Enter the appropriate details for Name, Description, and Category, as illustrated in the following screenshot:
Figure 3.8 – Policy definition
Then, enter the appropriate policy rule JSON code, as follows (the following screenshot is the remaining half of the same Policy definition page shown previously):
Figure 3.9 – Custom policy definition
7. Click Save upon completing the configuration.
For those that would like to follow along, the JSON code looks like this:
{
“mode”: “All”,
“policyRule”: {
“if”: {
“not”: {
“field”: “location”,
“in”: “[parameters(‘allowedLocations’)]”
}
},
“then”: {
“effect”: “deny”
}
},
“parameters”: {
“allowedLocations”: {
“type”: “Array”,
“metadata”: {
“description”: “The list of allowed locations for resources.”,
“displayName”: “Allowed locations”,
“strongType”: “location”
}
}
} }
8. You will get a notification to signify a policy definition has been created successfully, as illustrated in the following screenshot:
9. Change the Category filter to Custom to view the newly created definition, as illustrated in the following screenshot:
