Ensure that a "Not Allowed Resource Types" policy is assigned to your Azure subscriptions in order to deny deploying restricted resources within your Azure cloud account for security and compliance purposes. Microsoft Azure Policy service allows you to enforce organizational standards and assess cloud compliance at-scale. With Azure Policy you can define, assign, and manage policies. These policies enforce different rules and effects over your cloud resources in order to stay compliant with corporate standards and service level agreements (SLAs). An assignment is a policy definition or initiative that has been assigned to a specific scope (e.g. a subscription or a resource group). For compliance, the "Not Allowed Resource Types" policy assignment must use the "Not Allowed Resource Types" built-in policy definition. This policy definition enables you to specify the cloud resource types that your organization cannot deploy.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
optimisation
With "Not Allowed Resource Types" policy assignment in use, you can manage your Azure cloud resources, control costs, and enforce security and compliance requirements for your Microsoft Azure subscriptions.
Audit
To determine if "Not Allowed Resource Types" policy is assigned to your Azure cloud subscriptions, perform the following actions:
Remediation / Resolution
To prevent certain cloud resource types from being deployed within your Azure subscription, create and configure a "Not Allowed Resource Types" policy assignment by performing the following actions:
Note: As example, the cloud resource type that the user cannot deploy within the specified Azure subscription (i.e. policy scope) is Azure Key Vault.References
- Azure Official Documentation
- What is Azure Policy?
- Azure Policy definition structure
- Azure Policy built-in policy definitions
- Quickstart: Create a policy assignment to identify non-compliant resources
- Quickstart: Create a policy assignment to identify non-compliant resources with Azure CLI
- Azure Command Line Interface (CLI) Documentation
- az account list
- az policy assignment list
- az policy definition show
- az policy assignment create