Azure Policy Initiatives and Blueprints

Policy

Azure policy is a collection of rules
Each policy is assigned to a scope such as an Azure subscription
Using Azure policy means that resources will remain compliant with corporate standards
Using Azure policy
- Go to: https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyMenuBlade/Overview
- Definitions > Add Policy definition

Built-in Policies

Storage accounts: Defines which storage SKU sizes can be used
Resource types: Defines which resource types can be used
Allowed locations: Restrict locations that can be used
Enforce tags: Enforces a required tag
Virtual machine SKUs:
- Specifies a set of VMs
- Machine SKUs that can be deployed
Details: https://docs.microsoft.com/en-us/azure/governance/policy/

Blueprints are a way of orchestrating the deployment of resource templates and artifacts
Blueprints maintain a relationship with the deployed resources
Blueprints include Azure policy and initiatives as well as artifacts such as roles
Using Blueprints
- Blueprint definition
- Blueprint publishing
- Blueprint assignment
Details:
- https://docs.microsoft.com/en-us/azure/governance/blueprints/
- Azure Policy Initiatives vs Azure Policies: When should I use one over the other?

Blueprint deifnition:

Create blueprint: https://portal.azure.com/#blade/Microsoft_Azure_Policy/BlueprintsMenuBlade/GetStarted
When we create a blueprint deifnition:
- Resource groups can be defined and created
- Azure resource manager templates can be included to deploy resources
- Azure policy can be included to enforce compliance
- Roles can be assigned to resources that blueprints have created

My own explanation to understand Blueprint easily:

ARM Template + Policy/Innitiative + Role (+ xyz) = Blueprint