Just a heads up this link to the script mentioned as validating custom definitions appears to be broken.
https://github.com/Azure/Community-Policy/blob/master/Submit-PolicyDefinitionFile.ps1
Custom Policy definitions are notoriously hard to design/implement. Debugging issues is even harder. There are a few items which will make the experience easier.
- The name should be a GUID or a unique name within your company. Using a GUID simplifies contributing the Policy to the community or merging multiple tenants, especially in a merger (companies) scenario.
- Create a nested properties structure with only the name outside.
- Supply a displayName for the Policy.
- Description is highly recommended.
- version - in metadata; use semantic versioning.
- category - in metadata, must be one of the categories in the built-in Policies and Policy Sets.
Azure’s community contributed Policy definitions repo (https://github.com/Azure/Community-Policy/blob/master) contains a script which validates the above and corrects the definition if necessary (see https://github.com/Azure/Community-Policy/blob/master/Submit-PolicyDefinitionFile.ps1)
Do not include system generated properties:
- properties.policyType
- properties.metadata
- createdOn
- createdBy
- updatedOn
- updatedBy