Andrew Matveychuk andrewmatveychuk
☁️
andrewmatveychuk
/ tag-notIn-policy-rule.json
Last active
May 14, 2023 16:28
Sample Azure Policy rule for explicit list of allowed tag values
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "parameters": { | |
| "tagAllowedValues": { // List of allowed tag values | |
| "type": "Array", // An array of strings in the format like ["internal", "confidential", "restricted"] | |
| "metadata": { | |
| "displayName": "Tag allowed values", | |
| "description": "List of allowed options" | |
| } | |
| } | |
| // Other policy parameters... | |
| }, |
andrewmatveychuk
/ tag-like-email-policy-rule.json
Created
May 14, 2023 15:58
Sample Azure Policy rule to match the Email pattern
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "policyRule": { | |
| "if": { | |
| "field": "[[concat('tags[', parameters('tagName'), ']')]", // For example, 'owner' as the tag name | |
| "notLike": "*@contoso.com" // To match the corporate email address pattern | |
| // The 'notLike'operator doesn't support multiple wildcards, so '*.*@contoso.com' won't work if you want to use the pattern like 'Name.Surname@contoso.com'. | |
| }, | |
| "then": { | |
| // Some policy effect... | |
| } | |
| } |
andrewmatveychuk
/ tag-like-policy-rule.json
Last active
May 12, 2023 13:25
Sample Azure Policy rule to match the URL pattern
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "policyRule": { | |
| "if": { | |
| "field": "[[concat('tags[', parameters('tagName'), ']')]", // For example, 'documentation' as the tag name | |
| "notLike": "https://wiki.contoso.com/*" // To match the URL pattern to an internal Wiki | |
| // The 'notLike'operator doesn't support multiple wildcards, so 'https://*.contoso.com/*' won't work. | |
| // If your internal documentation is spread across different sources, then use 'https://*' as a pattern or provide a few possible patterns using logical operators | |
| }, | |
| "then": { | |
| // Some policy effect... | |
| } |
andrewmatveychuk
/ tag-match-policy-rule.json
Last active
May 12, 2023 13:26
Sample Azure Policy rule to match a specific tag pattern
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "policyRule": { | |
| "if": { | |
| "field": "[[concat('tags[', parameters('tagName'), ']')]", // For example, 'application' as the tag name | |
| "notMatch": "??##-??????????" // To match pattern like 'AC01-FinanceApp' | |
| }, | |
| "then": { | |
| // Some policy effect... | |
| } | |
| } |
andrewmatveychuk
/ GetWindowsServersWithAHUNByVMSize.kql
Created
January 5, 2023 12:10
Get the list of Windows Server Azure VMs with Azure Hybrid Benefit enabled and group them by VM size
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| resources | |
| | where type =~ 'microsoft.compute/virtualmachines' | |
| and tostring(properties.storageProfile.imageReference.publisher) =~ 'MicrosoftWindowsServer' | |
| and tostring(properties.['licenseType']) == 'Windows_Server' | |
| | summarize Count=count(type) by VMSize = tostring(properties.hardwareProfile.vmSize) |
andrewmatveychuk
/ policy-effect-as-a-parameter.json
Created
December 19, 2022 15:31
Defining Azure Policy effect as a parameter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //... | |
| "parameters": { | |
| "effect": { | |
| "type": "String", | |
| "metadata": { | |
| "displayName": "Effect", | |
| "description": "Enable or disable the execution of the policy" | |
| }, | |
| "allowedValues": [ | |
| "Audit", |
andrewmatveychuk
/ hardcoded-policy-effect.json
Created
December 19, 2022 15:25
Hardcoded Azure Policy effect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "policyRule": { | |
| "if": { | |
| // Rule conditions | |
| }, | |
| "then": { | |
| "effect": "Audit" | |
| } | |
| } |
andrewmatveychuk
/ audit-ahb-sql-server-vm-rule.json
Created
November 28, 2022 16:54
Sample Azure Policy rule to evaluate SQL Server VMs for Azure Hybrid Benefit usage
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "if": { | |
| "allOf": [ | |
| { | |
| "field": "type", | |
| "equals": "Microsoft.SqlVirtualMachine/SqlVirtualMachines" | |
| }, | |
| { | |
| "field": "Microsoft.SqlVirtualMachine/SqlVirtualMachines/sqlImageSku", | |
| "in": [ | |
| "Standard", |
andrewmatveychuk
/ audit-ahb-vm-windows-client-rule.json
Created
November 28, 2022 16:52
Sample Azure Policy rule to evaluate Windows Client VMs for Azure Hybrid Benefit usage
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "if": { | |
| "allOf": [ | |
| { | |
| "field": "type", | |
| "equals": "Microsoft.Compute/virtualMachines" | |
| }, | |
| { | |
| "field": "Microsoft.Compute/imagePublisher", | |
| "equals": "MicrosoftWindowsDesktop" | |
| }, |
andrewmatveychuk
/ configure-ahb-vm-windows-server-effect.json
Created
November 28, 2022 16:50
Sample Azure Policy effect to configure Azure Hybrid Benefit usage by Windows Server VMs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "then": { | |
| "effect": "Modify", | |
| "details": { | |
| "roleDefinitionIds": [ | |
| "/providers/Microsoft.Authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c" | |
| ], | |
| "conflictEffect": "Audit", | |
| "operations": [ | |
| { | |
| "operation": "addOrReplace", |