The Azure policy builds a strong foundation for your organization’s cloud governance. It reduces the time needed to audit the cloud environment by defining all compliance in a single place. It sets a rule for your resources to ensure compliance, misconfiguration, and resource governance.
In this blog, I will explain how to apply the policy at the Management group level in an Azure cloud environment.
Applying Azure Policy for Management Group:
The below picture is a pictorial representation of my current cloud environment at a high level.
Tenant Root Group is my top-level root management group associated with the Azure subscription and at very low level we have two resource groups Learning and Dev.
What is a Management Group?
Management Group is basically used to organize the subscriptions. It provides a governance scope above the subscription. In my case, I have only one subscription, but still, I created a Management Group to organize it because it is one of the best practices in the cloud adoption framework.
One of the benefits of Management Group is for cloud governance if you apply any Azure policy at the Management Group level, it will be inherited and the policy is applied to all the Management Group or subscription or resource groups under it.
In this blog, we are going to see how to apply the Azure policy (Require a tag and its value on resources) at the Management Group level.
In the Azure portal, go to management user, as shown in the below figure.
Click on the Policy option from the Governance Blade. It will take you to the Policy | Definitions page.
Click on the Definitions option from the Authoring blade and search for a tag, and select the “Require a tag and its value on the resources” option from the list.
In the next policy definitions page click on Assign.
Next, select the scope of the policy. Click on the More button, it will open the Scope blade, select the management scope and the respective subscription and click on Select.
Add the mandatory tag name and value from the parameters section, as shown in the below figure. In my case my Tag Name is ‘Org’ and my Tag Value is ‘TechnoNimbuss’.
For now, we can skip other steps by clicking on Review + create
Successfully assigned the policy to the management group.
Now, whenever you try to create a resource under the resource group that is associated with this Management group, will expect the tag name and value to be defined.
I got a policy validation error message when I tried to create a storage account with the resource group ‘Learning’ which is associated with ‘Tenant Root Group’ Management Group.
Basically, Tags give you the context about the resources associated with applications, ownership, and operation. So, it’s always good to add a resource tagging policy in your cloud governance.
Advantages/Benefits of using Azure policy
- Ensuring and managing security.
- Enforce compliance with standards
- Managing identity.
- Real-time policy enforcement.
In this article, we discussed how to get started with Azure policy for our cloud governance, assigning the policy(Requiring a tag and its value on resources) to the Management group scope, testing it by adding new resources, and finally the advantage of using Azure policies.