Azure Policy: Compliance

Compliance Manager

In a compliance world, we have shared responsibilities related to configuration and compliance as customer and vendor. This is why Microsoft have these compliance solutions that show responsibility splits, enables us to track compliant state of the Microsoft services.

Enforcing the Policy

So when deploy the components or make resource available via pipeline, We need to have all of these different types of base requirement defined. And what I want are these guardrails enforced by the actual fabric, not some specific deployment tool. We want Azure Resource Manager to be enforcing this via PowerShell or CLI or the portal or a JSON template or a Terraform and request should get enforced exactly the same way.

Azure Policy:

Using management groups helps us to manage access, policy, and compliance by grouping multiple subscriptions together. The Azure policies are really built on three main pillars:

  • Enforcement and Compliance
  • Policy at scale
  • Remediation

Azure Policy Structure:

Let’s focus on 4 important details of structure of Azure Policy. Mode, Parameters, When to Apply (if), then. For example, the following JSON shows a policy that limits where resources are deployed:

Azure Policy As Code:

Policy can be managed and deployed as code. But why we want to use policy as code is in organisation?

DevOps Pipeline Controls

The compliance gate is part of the Azure DevOps release pipeline. It is integrating with Azure Policy, but it’s focused around the compliance state.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Milind Chavan

Milind Chavan

An Azurer, Web developer, Technologist, Writer, Poet, Runner. Opinions are my own.