In March 2017, I published an article Restricting Azure Resource Deployment by Region which provided some insight into Azure Resource Policies. In that post, I provided a link to my GitHub repository azure-resource-policy-templates. Today, I am pleased to announce that I have updated this repository with more templates for you to use. The repository has been updated with the following new templates:
- Force Mandatory Azure Resource Manager Tags to Resources
- Force Mandatory Storage Service Encryption (SSE) on Storage Accounts
- Force Azure Virtual Machine Naming Convention
- Restrict Azure Virtual Machine Sizes Available
- Restrict Storage Account Types Available
Unlike the previous templates I provided which were designed to be applied individually to restrict the region in which resources could be deployed, these templates can be layered up to provide a complete resource management strategy. In this post, I will show how you can additively apply the Restrict Storage Account Types and the Force Mandatory SSE policies to Storage Accounts; and how you can apply the Restrict Azure Virtual Machine Sizes and Force Azure Machine Machine Naming Convention policies to VMs.
I won’t rehash how to import the policies in this post as that was covered in my previous article. I will jump straight into showing you how they work in the real-world.