Azure Policy is a service in Azure that helps you to create, assign, and manage policies. Policies are rules that can be assigned to resources in your Azure environment. You can use Azure Policy to enforce standards and to assess compliance. You can also use policies to prevent or (automatically) remediate non-compliant resources.
Azure provides an aggregated view of the state of your environment through the compliance dashboard, which shows the overall state of the environment and allows you to view the state of individual resources or policies.
It also helps to bring your resources to compliance through bulk remediation for existing resources and automatic remediation for new resources.
There are two types of policies:
- Built-in policies are policies that are provided by Azure. These policies are available in the Azure Policy service and can be assigned to your environment.
- Custom policies are policies that you create yourself. These policies can be assigned to your environment.
Policy definitions are the building blocks of policies. A policy definition is a JSON document that defines the policy. A policy definition can be assigned to a scope. A scope can be a management group, subscription, resource group, or resource. Policy iniatives are a collection of policy definitions that can be assigned to a scope. A policy iniative can be assigned to a scope. A scope can be a management group, subscription, resource group, or resource.