Awesome Azure Policy

A curated list of AWESOME blogs, videos, tutorials, code, tools, scripts… anything which can help you learn Azure Policy and quickly get started with designing, planning, and implementing governance controls to your resources.

---

Community contributions are most welcome! Check out our contribution guide today and submit a pull request with any adds/removes/changes to content!

Official

Links below are from official Microsoft sources, websites, and channels.

Official Learn

---

• Address Tangible Risks With The Govern Methodology Of The Cloud Adoption Framework For Azure
• Azure Kubernetes Services Governance with Azure Policy
• Build Cloud Governance Strategy On Azure
• Configure Azure Policy
• Design An Enterprise Governance Strategy
• Design Governance
• Intro to Azure Policy
• Manage security operations in Azure

Official Videos

---

• Azure Governance & Deployments Quarterly Customer Panel December 2021
• Azure Governance and Deployments Quarterly Customer Panel Feb 2021
• Azure Governance and Deployments Quarterly Customer Panel May 2021
• Azure Governance and the latest updates on Azure Policy
• Azure Governance for ISVs, Session 02: Policies, Initiatives, and Blueprints
• Azure Policy and Kubernetes
• Azure Policy on Azure Kubernetes Service
• AzureFunBytes – Intro to Azure Policy
• Compliance with Azure Policy
• Deep dive into Implementing governance at scale through Azure Policy
• Enforcement with Azure Policy
• Getting started with Azure Policy
• Global Azure – Notes from the field: Policy-driven Governance
• Govern Azure Arc-enabled K8S Clusters with Azure Policy | KubeCon NA 2021
• On Prem To The Cloud: Everything As Code
• Performing Remediation on Resources with Azure Policy
• Using Management Group with Azure Policy
• What is Azure Policy

Official Announcements and Articles

---

• 7 steps to author, develop, and deploy custom recommendations for Windows using Guest Configuration
• Aligning CMMC Controls with your Azure Landing Zone
• Announcing Azure Resource Policy general availability
• Apply GitOps configurations on AKS as an Azure Arc Connected Cluster using Azure Policy for Kubernetes
• Azure Backup Center – Backups and Good Governance
• Azure Policy – Perform policy operations through Azure DevOps
• Azure Policy for Kubernetes releases support for custom policy
• Azure Policy glossary
• Azure Policy introduces user assigned MSI support, faster DINE deployment, and more!
• Azure Unblogged – Azure Policy
• Centralized Policy Management in Microsoft Defender for Cloud using Management Groups
• Configure Security Center bundle pricing with Azure Policy
• Continuously Export Microsoft Defender for Cloud Alerts and Recommendations via Policy
• Controlling Release Pipelines with Gates and Azure Policy Compliance
• Deploy Monitoring Agent Extension to Azure Arc Linux and Windows servers using Azure Policy
• Eliminate Password-Based Attacks on Azure Linux VMs
• Enable HTTPS setting on Azure App service using Azure policy
• Enforcing Policy for Zero Trust with Azure Policy
• Enterprise-Scale and Azure Policy for policy-driven governance
• Field Notes: Remediating Resources Using User-Assigned Managed Identity with Azure Policy
• GA: Policy add-on for Azure Kubernetes Service
• General availability: Built-in Azure Policy support for Network Watcher Traffic Analytics
• Generally available: Apply settings inside machines using Automanage machine configuration
• Generally available: Azure API Management – expanded support for Azure Policy definitions
• Generally available: Azure Policy support for Azure Site Recovery
• Guest configuration renames to machine configuration
• How Does Azure Policies In Enterprise-Scale Landing Zone Help?
• How to build an audit Azure Policy with multiple parameters
• How to debug unexpected Azure Policy compliance status for Azure resources?
• How to update Azure Policy parameters in Azure Blueprints
• How to use PowerShell & Azure Policy to check settings inside a VM
• Implementing Azure Policy using Terraform
• Important change released for Guest Configuration audit policies
• Managing Security Center at scale using ARM templates and Azure Policy
• Microsoft cloud security benchmark: Azure compute benchmark is now aligned with CIS!
• More resource policy aliases
• New and updated regulatory compliance policy initiatives for NIST, FedRAMP, DoD in Azure, Azure Government
• On Prem To the Cloud: Everything As Code
• OPS114: Governing baselines in hybrid server environments using Azure Policy Guest Configuration
• Policy Distribution Dashboard for Microsoft Defender for Cloud
• Portal Preview of Azure Resource Policy
• Public preview of new Azure Policy features
• The impact of conflicting Azure Policies
• Trigger Condition and Evaluation Workflow of Azure Policy
• Use Azure Policy on an Azure-Arc enabled Kubernetes cluster for applying ingress/egress rules with Calico network policy
• Using GitHub for Azure Policy as Code
• What’s the difference between Group Policy and Azure Policy?

Official Repositories and Tools

---

• azure cyber security maturity model (CMMC) policy mapping
• azure policy visual studio code extension
• azure/azure-policy
• azure/community-policy
• azure/enterprise-azure-policy-as-code
• azure/manage-azure-policy
• azure/policy-compliance-scan
• azure/regulatory-compliance-initiatives
• microsoft/azurepolicytestframework

Official Forums and Feedback

---

• Azure Governance Ideas
• Microsoft Q&A for Azure Policy

Community

Links below are from community sources, websites, and channels.

Community Videos

---

• A summary of the Diagnostic Settings
• Admission Control on AKS with Azure Policy
• Anatomy of Azure Policy
• Authoring Custom Azure Policy Definitions
• Automatically Tag Azure Resources using Azure Policy
• Automating Infrastructure Governance with Azure Policy
• AZ-900 Episode 31 | Azure Policy
• Azure Back To School: Bicep Builders: Azure Sentinel and Policy as Code
• Azure Governance – #3 – Policy & Blueprints
• Azure Governance And Security | Secure Azure Key Vault Using Azure Policy
• Azure Key Vault RBAC and Policy Deep Dive
• Azure Policy – Non-Compliance Messages
• Azure Policy as Code – Zero to Hero in 60 minutes
• Azure Policy Remediation Deep Dive
• Azure Policy
• Azure Spring Clean: Some points to remember about Azure Governance
• Build Your Tagging Strategy with Azure Policy and Automation
• Custom Policy for Azure Governance – How to create custom Azure Policy from Scratch
• Detailed look at Azure Policy Exemption Permission Requirements
• Festive Tech Calendar: Day 1 – Azure Governance
• Festive Tech Calendar: Day 6 – Azure Governance: Azure customized Policies
• Flexing Your Security Governance with Azure Policy As Code
• Get Visibility Into Your Environment With Azure Governance Visualizer
• GitOps with Azure Arc Kubernetes via Azure Policy
• Global Azure: Policy as Code with Bicep for Enterprise Scale
• Inside Azure Governance – You in Control
• Microsoft Azure Master Class Part 3 – Governance
• Organizational Governance and Best Practices for Control
• Regain Control with Azure Governance
• Understanding Organizational Governance and Best Practices for Control
• Using Azure Security Center for Policy and Regulatory Compliance
• Virtual Machine Scale Sets Logs With An Azure Policy
• Writing DSC Resources for Azure Policy Guest Configuration – For Linux

Community Podcasts

---

• 057 – Azure Policy and Azure Key Vault integration
• 109 – Azure Policy as Code with Jesse Loudon
• S01 E16 – Azure Security Podcast – Azure Policy
• S01 E43 – Everything you need to know about Azure Policy

Community Books

---

• Policy Design in the Age of Digital Adoption: Explore how PolicyOps can drive Policy as Code adoption in an organization’s digital transformation
• Pro Azure Governance and Security: A Comprehensive Guide to Azure Policy, Blueprints, Security Center, and Sentinel

Community Articles

---

• AKS Policy Reference Overriding Or Disabling Of Containers Apparmor Profile Should Be Restricted
• An Azure Policy Journey
• Audit Azure Web App Against NotLegit Vulnerability
• Audit and enable Azure Hybrid Benefit with Azure Policy
• Audit Publicly Accessible Azure App Services With Azure Policy
• Audit Server Settings With Azure Policy Guest Configuration
• Audit Subnets That Do Not Have Network Security Group Associated
• Auditing For Disaster Recovery With Azure Policy
• Auditing GPOs with Azure Guest Configuration Policy
• Auto Install Azure Monitor Agent with Azure Policy
• Automatic Tagging For Azure Resources
• Automatically Enable Microsoft Defender For Cloud Enhanced Security Features
• Automatically Tag Azure VM’s Behind A Load Balancer
• Automating Backup Onboarding Using Azure Policy
• AzGovViz With Azure DevOps
• Azure GitHub Export and Visual studio code
• Azure Policy – Add Date/Time Resource Group Tag
• Azure Policy – Audit And Deploy CanNotDelete Lock On Resource Group Based On Tags
• Azure Policy – Export Azure Policy Definitions
• Azure Policy – How Precedence Works
• Azure Policy A Love Story
• Azure Policy As Code – Accelerate Governance In Cloud
• Azure Policy As Code With Terraform Part 1
• Azure Policy As Code With Terraform Part 2
• Azure Policy As Code
• Azure Policy Compliance Remediate Azure DevOps
• Azure Policy Definitions for Controlling ARM API versions
• Azure Policy Deploy MS Antimalware Ext For SQL VM
• Azure Policy For Kubernetes Custom Policies On Azure Arc Enabled Kubernetes
• Azure Policy for Kubernetes: Contraints and ConstraintTemplates
• Azure Policy ideas for Azure Governance
• Azure policy initiatives for Microsoft Defender for Cloud and Microsoft Sentinel workload protections
• Azure Policy Policies Not Evaluated Right Away
• Azure Policy Search with Azure Graph
• Azure Policy Where To Start
• Azure Policy: Kubernetes pod security baseline explained
• Azure Policy: Starter Guide
• Azure Policy: What If We Use Bicep ?
• Azure Policy: What If You Test Your Policies ?
• Azure Spring Clean: Azure Policy For AKS
• Azure Spring Clean: Azure Policy For Managing Your Subscription
• Azure Spring Clean: Diagnostic Settings
• Azure Spring Clean: DINE To Automate Your Monitoring Governance With Azure Monitor Metric Alerts
• Azure Spring Clean: Replacing Kubernetes Pod Security Policies With Azure Policy On AKS
• Azure Spring Clean: Using Azure Policy And Security Center For Organizational Governance
• Build Azure Policy Compliance Workbook
• Cloud Governance With Azure Policy Part 1
• Cloud Governance With Azure Policy Part 2
• Controlling Azure SQL Firewall Rules
• Create And Assign Custom Azure Policies For Azure Governance
• Create Custom Security Center Recommendation With Azure Policy
• Creating and Deploying Azure Policy via Terraform
• Custom Azure Policy for Kubernetes (AKS)
• Demystify Azure DDoS Protection Azure Policy
• Deny Azure Role Assignment With Azure Policy
• Deny Resource Type Creation with Azure Policy
• Deploy And Assign Azure Policy Via Azure DevOps Pipelines
• Deploy Azure Monitor Agent at Scale
• Deploy Azure Policy To ManagementGroup With Bicep
• Deploy Azure Policy Using Azure DevOps CI/CD Pipeline
• Deploy Azure Policy Using Terraform
• Diagnostic Settings Storage Accounts Event Hub
• Duplicate Azure Policy Definition and Initiative
• Enable Azure SQL Auditing With Azure Policy
• Enable FTPS On Azure App Services With Azure Policy
• Enable HTTPS On Azure App Services With Azure Policy
• Enable Managed Identity For Web App Azure Policy
• Enable Purge Protection Key Vault Azure Policy
• Enable Resource Logs In Virtual Machine Scale Sets With An Azure Policy
• Enable Vulnerability Assessment On SQL Servers
• Enforce API Management Product Subscriptions With Azure Policy
• Enforce CanNotDelete Resource Lock using Azure Policy
• Enforce TLS 1.2 on Web Apps with Azure Policy
• Enhancing PCI Compliance In Your Azure Environment By Using Azure Policy Custom Initiatives
• Enterprise Scale Policy Driven Governance
• Global Azure: Policy As Code With Bicep For Enterprise Scale
• Govern Azure Virtual Network VNET CIDR Ranges With Azure Policy
• Help My Azure Policy Is Not Firing
• How To Azure Policy Via ARM Template
• How To Choose An Azure Naming Convention
• How To Control DDOS Plan Deployment Using Azure Policy
• How To Create Own Azure Custom Policy
• How To Deploy Azure Policies With ARM Templates
• How To Deploy Azure Policy From An Azure DevOps Pipeline
• How To Deploy Azure Policy With Bicep
• How to Deploy Azure Policy with Bicep?
• How To Dynamically Assign Azure Policy via Terraform
• How To Enforce Naming Convention For Azure Resources
• How To Ensure Proper Configuration For Your Azure Resources
• How To Export And Backup Azure Policy Definitions
• How To Win Vs Azure Policy Non-Compliance
• Implementing and troubleshooting a custom Azure Policy Definition [Step-by-step Guide]
• Improving The User Experience Of Azure Policy
• Keep Control Of Your Azure Environment With Azure Policy
• Lessons Learned Developing A Custom Policy
• Lessons Learned Testing The Configure Backup On VMs Azure Policy
• Manage Azure Policy with Terraform
• Managing Azure Resource Tags Using Azure Policy Modify Effect
• Monitoring Azure Policy Compliance States 2021 Edition
• Notes On Azure Policy Exemption
• November 2020 Update For Azure Diagnostic Settings Policy Definitions
• October 2020 Update For Azure Diagnostic Settings Policy Definitions
• Persistence with Azure Policy Guest Configuration
• Policy as Code: Using Azure Bicep to deploy Azure Policies
• Policy as Code: Using Modules and defining Custom Roles using Azure Bicep
• Security Posture Management With Azure Policy And Microsoft Defender For Cloud
• Talking Azure Policy As Code On CtrlAltAzure Podcast
• Terraforming Azure Policy
• Test Azure Policies
• Tips On Creating Azure Policies For Azure SQL Databases
• Trigger An On Demand Azure Policy Compliance Evaluation Scan
• Trigger An On Demand Azure Policy Evaluation Scan At Management Group Scope
• Trigger Azure Policy Scan Multiple Subscriptions
• Understanding Azure Policies With Visual Studio Code
• Understanding Azure Policy For Regulatory Compliance
• Updated Azure Policy Definitions For Azure Diagnostics Settings Again
• Use Azure Policies to Require Resource Tags with PowerShell
• Use Azure Policy to audit if Azure Arc-enabled servers meet security baseline requirements
• Using ARM Templates To Deploy Azure Policy Initiative
• Using Azure Policy To Audit Resource Group Resource Locks
• Using Azure Policy to configure your resources
• Using Azure Policy To Implement Tagging Inheritance
• Using Conftest For Azure Policy For Kubernetes
• VNet peering using Azure Policy
• Walkthrough Using Azure Policy To Audit And Enforce Compliance
• Writing A Custom Azure Policy

Community Tools

---

• AzAdvertizer
• AzGovViz
• Azure Policy Intellisense
• Azure Policy and Governance Pipelines Tasks
• Cloud Guardrails
• Search and find Azure Policy Aliases

Community Repositories

---

• andrewcluey/terraform-azurerm-policy-definition
• andrewmatveychuk/azure.policy
• azsec/azure-policy
• charotamine/azurepolicy_bicep
• charotamine/policytests
• claranet/terraform-azurerm-policy
• faridabharmal/azuregovernance
• fawohlsc/azure-policy-samples
• fawohlsc/azure-policy-testing
• gettek/terraform-azurerm-policy-as-code
• globalbao/azure-policy-as-code
• globalbao/terraform-azurerm-policy-exemptions
• jamesdld/azure-policies
• jimgbritt/azurediagnosticspipeline
• jimgbritt/azurepolicy
• john-joyner/azure-policy
• jtracey93/tf-az-dine-policy-assignment
• julianhayward/azure-mg-sub-governance-reporting
• kudelskisecurity/azure-policy-tester
• mattfeltonma/azure-custom-policies
• matthiasguentert/azure-naming-convention-initiative
• ricmmartins/azure-governance-made-simple
• robinchapas/converttopolicy
• salesforce/cloud-guardrails
• stefanrothnet/azure-policy
• tyconsulting/azure.policy.monitor
• tyconsulting/azurepolicy
• yangdeal/azure_policy_deployment

Community Forums

---

• Reddit – Azure Policy
• Stack Overflow – Azure Policy

The Azure Policy is a github repository by GlobalBao

---