Azure Enterprise Policy as Code – A New Approach
We work closely with customers using Azure Policy and have seen many different methods of deploying and maintaining it, from manual to over-complicated automated methods, everyone has a unique way of doing it. This code was developed to make policy deployment and management simpler while providing full flexibility for complex environments.Software Installation Using Machine Configuration and Azure Policy
I did a post a while ago on installing software onto virtual machines using policy state change events as the trigger. Now with the general availability of Azure Automanage Machine Configuration (formerly Azure Policy Guest Configuration) it’s time for a bit of an update to that post.Infrastructure as Code Testing with Azure Policy
Have you ever wanted to test an ARM template or Bicep template against Azure Policy deployed in your environment – so that you could determine if the resource was going to be compliant or non-compliant? Or develop some tests against deployed policy to ensure that the policies themselves were working? Until now this would require long testing cycles where resources would be deployed, you would trigger a policy scan and then wait until a result was returned before deciding if the test was successful.Software Installation Using Azure Policy State Change Events
Azure Policy can give us the ability to audit settings inside a virtual machine using Guest Configuration. However, at this time we can’t remediate those machines because the feature is not yet available. But then how do install the software based on the non-compliant policy result?Reporting on Storage Account Access Tier Statistics
Customers can use Blob Lifecycle Management rules to control when blobs are moved to a lower tier (hot -> cool -> archive), but they can also use blob inventory rules to analyze the blobs contained in that storage account. Each blob has an access tier property which denotes which type of storage that blob is present in. This post helps to automate the retrieval of those details and publish it into a Log Analytics workspace for analysis and reporting.
