Microsoft Azure Administrator：Exam Guide AZ-103

上QQ阅读APP看书，第一时间看更新

Configuring Azure subscription policies

With Azure Policy, you can create, assign, and manage policies. These policies can be used so that you stay compliant with your corporate standards and SLAs by enforcing different rules and effects over your Azure resources. Your resources are evaluated by the assigned policies for non-compliance. For instance, you can create a policy that only allows virtual machines from a certain SKU size in your environment. When this policy is assigned, all new and existing resources are evaluated for compliance with this policy.

To configure subscription policies, perform the following steps:

Navigate to the Azure portal by opening https://portal.azure.com.
In the left-hand menu, select Subscriptions (this is if you added it to your favorites; otherwise, take the steps that we described in the previous demonstration).
In the Subscriptions overview blade, in the left-hand menu under Settings, select Policies:

Selecting subscription policies

In the Policies overview blade, select Assign policy to create a new policy:

Creating a new policy

On the next screen, we're going to create a definition for our policy. Add the following values to create the policy so that resources for this subscription can only be created in selected regions:
- Scope: The subscription name.
- Exclusions: Leave this blank; we are going to create a policy that applies to the entire subscription.
- Policy definition: When you select this, you can choose from a number of available policies that you can apply to your subscription. Microsoft has created these JSON templates for you, based on the best practices from different enterprises. You can create your own templates here as well. Select a policy from the list (for instance, Allowed locations), and then click Select.
- Assignment name: This is automatically filled in after selecting the policy.
- Parameters: Here, you can select the allowed locations where users can deploy their resources. For instance, select Central US, East US, East US 2, West US, and West US 2.

After selecting the different regions, click the Assign button:

Assigning a new policy

After applying this policy, resources for this subscription can only be created in the selected regions. If you want to add additional regions or remove regions from this policy, you can edit this later.

You can apply policies at the resource group level as well. This works exactly the same as adding policies at the subscription level. Once you have created a resource group, you can go to the overview blade and select Policies from the left-hand menu. In there, you can apply policies at the resource group level.

In the next section, we're going to implement a resource group and add a tag to it.

本周热推：

Hands-On Reactive Programming with Python Xamarin.Forms Projects Learn OpenShift Linux Mint Essentials Embedded Systems Architecture