📘
Azure Governance Made Simple
  • Azure Governance made simple
  • Basic Governance Topics
    • Governance Overview
      • Overview of Azure native features for cloud governance
      • Governance Architecture in Azure
    • Azure Active Directory (Entra ID)
    • Naming standards
    • Azure Subscription
      • Overview of Enterprise Scale Landing Zones
    • Resource Groups
    • Resource Tags
    • Role Based Access Control
    • Resource Locks
  • Advanced Governance Topics
    • Azure Policy
      • Azure Policy best practices
      • Governance suggested policies
    • ARM Templates
    • Azure Blueprints
    • Azure Resource Graph
    • Management Groups
    • Cost Management
  • Conclusion
    • Final considerations
Powered by GitBook
On this page
  1. Advanced Governance Topics
  2. Azure Policy

Azure Policy best practices

Ask yourself these 3 questions and work from them when defining your policies

  • What drives your need for policy?

    • Regulatory Compliance

    • Controlling cost

    • Standards & Tagging

    • Maintain security and performance consistency

    • Enforce enterprise-wide design principles

  • Who owns the policy settings?

    • “Initiative" owners

    • Security Architect

    • Cloud Architect

    • Cloud Engineers

  • What is involved in defining a new policy or refining an existing one?

    • Research or gather evidence on the impact of a particular configuration on a particular fundamental (like cost or security)

    • What-if analysis of enforcing configuration in a particular manner

    • Assess the current state of compliance to understand the impact of the new policy and what exceptions are needed

    • Roll out a new policy in phases

    • Understand the applications & teams who are non-compliant

    • Rollout remediation in stages via SafeDeploy practices

These questions need to be asked from time to time as compliance is an evolving thing. You need to adjust your policies according to your current priorities, not only for compliance, but also for different projects that might require more powerful resources deployed that are currently blocked by policy, for example.

PreviousAzure PolicyNextGovernance suggested policies

Last updated 1 year ago