This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"parameters": { | |
"tagAllowedValues": { // List of allowed tag values | |
"type": "Array", // An array of strings in the format like ["internal", "confidential", "restricted"] | |
"metadata": { | |
"displayName": "Tag allowed values", | |
"description": "List of allowed options" | |
} | |
} | |
// Other policy parameters... | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"policyRule": { | |
"if": { | |
"field": "[[concat('tags[', parameters('tagName'), ']')]", // For example, 'owner' as the tag name | |
"notLike": "*@contoso.com" // To match the corporate email address pattern | |
// The 'notLike'operator doesn't support multiple wildcards, so '*.*@contoso.com' won't work if you want to use the pattern like 'Name.Surname@contoso.com'. | |
}, | |
"then": { | |
// Some policy effect... | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"policyRule": { | |
"if": { | |
"field": "[[concat('tags[', parameters('tagName'), ']')]", // For example, 'documentation' as the tag name | |
"notLike": "https://wiki.contoso.com/*" // To match the URL pattern to an internal Wiki | |
// The 'notLike'operator doesn't support multiple wildcards, so 'https://*.contoso.com/*' won't work. | |
// If your internal documentation is spread across different sources, then use 'https://*' as a pattern or provide a few possible patterns using logical operators | |
}, | |
"then": { | |
// Some policy effect... | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"policyRule": { | |
"if": { | |
"field": "[[concat('tags[', parameters('tagName'), ']')]", // For example, 'application' as the tag name | |
"notMatch": "??##-??????????" // To match pattern like 'AC01-FinanceApp' | |
}, | |
"then": { | |
// Some policy effect... | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resources | |
| where type =~ 'microsoft.compute/virtualmachines' | |
and tostring(properties.storageProfile.imageReference.publisher) =~ 'MicrosoftWindowsServer' | |
and tostring(properties.['licenseType']) == 'Windows_Server' | |
| summarize Count=count(type) by VMSize = tostring(properties.hardwareProfile.vmSize) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//... | |
"parameters": { | |
"effect": { | |
"type": "String", | |
"metadata": { | |
"displayName": "Effect", | |
"description": "Enable or disable the execution of the policy" | |
}, | |
"allowedValues": [ | |
"Audit", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"policyRule": { | |
"if": { | |
// Rule conditions | |
}, | |
"then": { | |
"effect": "Audit" | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"if": { | |
"allOf": [ | |
{ | |
"field": "type", | |
"equals": "Microsoft.SqlVirtualMachine/SqlVirtualMachines" | |
}, | |
{ | |
"field": "Microsoft.SqlVirtualMachine/SqlVirtualMachines/sqlImageSku", | |
"in": [ | |
"Standard", |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"if": { | |
"allOf": [ | |
{ | |
"field": "type", | |
"equals": "Microsoft.Compute/virtualMachines" | |
}, | |
{ | |
"field": "Microsoft.Compute/imagePublisher", | |
"equals": "MicrosoftWindowsDesktop" | |
}, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"then": { | |
"effect": "Modify", | |
"details": { | |
"roleDefinitionIds": [ | |
"/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c" | |
], | |
"conflictEffect": "Audit", | |
"operations": [ | |
{ | |
"operation": "addOrReplace", |