Let’s walkthrough how a lab administrator can allow only non-GPU SKUs, so educators can create only non-GPU SKU labs.
1. In Azure Portal, go to your subscription.
2. Select Policies under Settings.
3. Select Assignment under Authoring.
4. Select Assign Policy.
5. Select the Scope which you would like to assign the policy to. Optionally, you can select a resource group if you would like to apply it to a specific resource group.
6. Select the Policy Definition and search for “Lab Services” and select Lab Services should restrict allowed virtual machine SKU sizes.
7. Select Next.
8. Uncheck the Only show parameters that need input or review to show all parameters.
9. The Allowed SKU names parameter shows SKU names and by default the SKU names applicable are selected . Uncheck the SKUs that shouldn’t be allowed. In our case we will check the following non-GPU SKUs: CLASSIC_FSV2_2_4GB_128_S_SSD, CLASSIC_FSV2_4_8GB_128_S_SSD, CLASSIC_FSV2_8_16GB_128_S_SSD, CLASSIC_DSV4_4_16GB_128_P_SSD, CLASSIC_DSV4_8_32GB_128_P_SSD.
Use the table below to determine which SKU names to apply.
VM Size Details
2vCPUs, 4GB RAM, 128GB, Standard SSD
4vCPUs, 8GB RAM, 128GB, Standard SSD
8vCPUs, 16GB RAM, 128 GB, Standard SSD
Medium (Nested virtualization)
4 vCPUs, 16GB RAM, 128 GB, Premium SSD
Large (Nested virtualization)
8vCPUs, 32GB RAM, 128GB, Premium SSD
Small GPU (Compute)
6vCPUs, 112GB RAM, 128GB, Standard SSD
Small GPU (Visualization)
8vCPUs, 28GB RAM, 128GB, Standard SSD
Medium GPU (Visualization)
12vCPUs, 112GB RAM, 128GB, Standard SSD
10. For the Effect, choose the Deny Choosing deny will prevent a lab from even being created if an educator tries to create a lab with a GPU SKU.
11. Select Next.
12. On the Remediation tab, select Next.
13. For the Non-compliance message, provide a non-compliance message of your choice. For example, "selected SKU is not allowed".
14. Select Next.
15. On the Review + Create tab, select Create to create the policy assignment.
We have successfully created a policy assignment for “Lab Services should restrict allowed virtual machine SKU sizes” and allowed only to use non-GPU SKUs for labs. Creating a lab with any other SKU will fail and would not be created. The policy assignment takes 30 minutes to take effect.
When applying a built-in policy, you can choose to exclude certain resources. For example, if the scope of your policy assignment is a subscription, you can exclude resources in a resource group. This is set using the Exclusions property on the Basics tab when creating a policy definition.
However, if you need to exclude a lab plan from a policy assignment the steps are different. The exclusions scope shown in the Basics tab while assigning the policy doesn’t support lab plans.
If you would like to exclude a lab plan resource, you will first need to get the resource id of the lab plan. To get the resource id for the lab plan resource that you want to exclude, do the following:
1. Open the lab plan resource in the Azure portal.
2. Under Settings, select the Properties page.
3. Under the Essentials, copy the Id property.
When creating a policy assignment, enter the lab plan to exclude on the Parameters tab.
4. On the Parameters tab, uncheck Only show parameters that need input or review. For Lab Plan Id to exclude, enter the previously copied resource id of the lab plan.