A question I often get asked is what’s the difference between Azure policy and Azure initiatives. Why would I use one over the other? In typical IT fashion I answer with “it depends”. This blog will answer those questions by review both azure services and the use cases for each. Before we start answering the questions let’s briefly review what each service does.
Azure Policy is a service in Azure which allows you create polices which enforce and control the properties of a resource. When these policies are used they enforce different rules and effects over your resources, so those resources stay compliant with your IT governance standards.
To summarize, Azure policy is basically 3 components; policy definition , assignment and parameters.
An Azure initiative is a collection of Azure policy definitions that are grouped together towards a specific goal or purpose in mind. Azure initiatives simplify management of your policies by grouping a set of policies together as one single item. For example, you could use the PCI-DSS built-in initiative which has all the policy definitions that are centered around meeting PCI-DSS compliance.
Similar to Azure Policy, initiatives have definitions ( a bunch of policies ) , assignments and parameters. Once you determine the definitions that you want, you would assign the initiative to a scope so that it can be applied.
It depends…in certain scenarios, depending on your organizations requirement it maybe more appropriate to use a single policy. However, in most cases it would be best and probably easier to manage in the future, to start off using Azure initiatives. In fact, it’s recommend by the Product group to use initiatives even for a single policy because once an initiative is assigned/created then any additional policy definitions added to the initiative become part of the assignment which would simply managing policies. For instance. instead of managing 20 separate policies for PCI-DSS compliance, you would only be managing the initiative because all those individuals polices are being evaluated and at the same time. Keep in mind if you have a need to ONLY have 1 policy enforced and evaluated and don’t see it expanding it’s best to use a single policy.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.