Blog Post

Azure Governance and Management Blog
1 MIN READ

Generally available: Secure critical infrastructure from accidental deletions at scale with Policy

akanksha_agrawal's avatar
Sep 27, 2023

We are thrilled to announce the general availability of DenyAction, a new effect in Azure Policy! With the introduction of Deny Action, policy enforcement now expands into blocking request based on actions to the resource. These deny action policy assignments can safeguard critical infrastructure by blocking unwarranted delete calls 

 

Azure Policy expands its at-scale enforcement capabilities to assess requests based on action. Previously, Policy only supported the ‘deny’ effect which blocks requests based on resource configurations or properties. Now a newly added effect, Deny Action, extends that functionality to block based on intended request.  

 

Deny Action effect can be leveraged in the existing policy definitions schema. This allows for the conditional flexibility that comes with the “If” structure of a policy definition. Further, by assigning these definitions at subscription or management group level, deny action can help block these actions at-scale. Applicable resources will show a “Protected” compliance state to signify that the resource is protected from an unwanted action.  

 

 

Get started  

 

Here’s a sample Custom Deny Action Definition:  

 

 

 

Related Resources 

 

To keep learning about this exciting new capability of Azure Policy: 

 

Updated Sep 27, 2023
Version 2.0
No CommentsBe the first to comment