Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.zenable.io/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Azure Policy enforces compliance on Azure resources at the resource provider level. Policies evaluate resource properties during creation, updates, and on a regular compliance cycle, ensuring resources meet organizational standards.

Capabilities

  • Enforce compliance at the Azure subscription or management group level
  • Multiple effects: Deny, Audit, Modify, Append, DeployIfNotExists, AuditIfNotExists, DenyAction, and Disabled
  • Built-in and custom policy definitions
  • Initiative (policy set) grouping for compliance standards

Limitations

  • Requires an Azure subscription
  • Only applicable to Azure cloud environments — check out AWS SCP for AWS environments

Generated Format

  • Language: JSON
  • Structure: Azure Policy definition with policyRule containing if/then conditions
  • Execution: Applied via Azure Portal, CLI, ARM templates, Bicep, Terraform, or REST API

Example Guardrail

{
  "properties": {
    "displayName": "Require minimum TLS 1.2 on storage accounts",
    "policyType": "Custom",
    "mode": "All",
    "parameters": {},
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Storage/storageAccounts"
          },
          {
            "field": "Microsoft.Storage/storageAccounts/minimumTlsVersion",
            "notEquals": "TLS1_2"
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  }
}
Learn more at Azure Policy documentation and policy definition structure.