> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zenable.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure Policy

> Azure resource compliance enforcement

## Overview

Azure Policy enforces compliance on Azure resources at the resource provider level. Policies evaluate resource properties during creation, updates, and on a regular compliance cycle, ensuring resources meet organizational standards.

## Capabilities

* Enforce compliance at the Azure subscription or management group level
* Multiple effects: `Deny`, `Audit`, `Modify`, `Append`, `DeployIfNotExists`, `AuditIfNotExists`, `DenyAction`, and `Disabled`
* Built-in and custom policy definitions
* Initiative (policy set) grouping for compliance standards

## Limitations

* Requires an Azure subscription
* Only applicable to Azure cloud environments -- check out [AWS SCP](/integrations/guardrails/aws-scp) for AWS environments

## Generated Format

* **Language:** JSON
* **Structure:** Azure Policy definition with `policyRule` containing `if`/`then` conditions
* **Execution:** Applied via Azure Portal, CLI, ARM templates, Bicep, Terraform, or REST API

## Example Guardrail

```json theme={null}
{
  "properties": {
    "displayName": "Require minimum TLS 1.2 on storage accounts",
    "policyType": "Custom",
    "mode": "All",
    "parameters": {},
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Storage/storageAccounts"
          },
          {
            "field": "Microsoft.Storage/storageAccounts/minimumTlsVersion",
            "notEquals": "TLS1_2"
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  }
}
```

Learn more at [Azure Policy documentation](https://learn.microsoft.com/en-us/azure/governance/policy/overview) and [policy definition structure](https://learn.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure-basics).