Forum Discussion
How to import Azure Policy from GitHub
I see Azure Policy policy as two parts
- Policy Definition
- Policy Assignments
If the Policy Definitions are exactly the same, then create it once by defining it at the highest Management Group Level possible.
If your organization is not using Management Groups and placing Subscriptions under a Management Group Tree, they should rethink their approach on how to use Azure.
Yes you may have two subscriptions under two different Level 1 management groups. In that case, you have to create a Policy Definition under each Level 1 Management group.
How you plan to create a policy definition using automation will determine what is needed to prepare the necessary properties and values. The choices are using ARM Templates, Azure REST APIs, PowerShell, and CLI.
Personally, I do not use the MS Open Source Policy-as-Code (PaC) approach but a different PaC Git Repo approach we developed in 2018 where the Policy Definitions & Assignments are destructed into Folder (one for each policy) and the properties & values are organized into PSD1 & JSON files.
The second part is the Policy Assignment which can be created at the Management Group, Subscription, or Resource Group.
If you have all your policy assignments at a Subscription, then query all the assignments, loop through them, build a Splat (HashTable of Property Names and Values), and change the subscription references to the new subscription, and call New-AzPolicyAssignment @splat.
I might be able to provide better guidance if I know better how things are organized and what policy deployment method you are comfortable with.
If you have had success using the MS PaS Approach and tools, then you should be able to copy the folder and files in GitHub to a folder to be used for the new subscription, then search and replace the old Subscription Ids with the new Subscription Id in each of the files. You may have to do that too with the Policy Definition Id if they are different.
Regards...