How to create the Custom Policy in Azure
I did not have a chance to work on Custom Policy in Azure, Thanks one of the clients that came to me with error message that they could not deploy / modify one their database. From the Activity logs we observed the error message like ‘Policies attempted to append some fields which already exist in the request with different values.’ So, in this scenario they checked their Policy in subscription level and after putting the right value they could deploy the new resource in their environment.
Firstly, let me share how you can check more details if you get similar issue or if you like to check and review the policy in your environment, There are some great reports in Policy’s overview see the below screenshots:
How ‘Custom Policy in Azure’ works in Azure?
I found ‘customer policy’ very useful and interesting feature in Azure, specifically for a customer with different team and environments.
Custom policies in Azure allow customers to define their own rules for using Azure. These rules often enforce various aspects, such as: Security Practices, Cost Management or so on. You can see good details in Microsoft official documentation Tutorial: Create a custom policy definition - Azure Policy | Microsoft Learn
How can I create a Policy in Azure for my environment?
To create a policy in the Azure Portal, you need to follow these steps:
1- Sign in to the Azure portal and Search for Policy and select it from the list.
2- Click on Definitions under the Authoring section.
3-In the first place you can create the definitions with details like location, name. as you see I have created ‘TagPolicy’, from the second tab ‘Policy’ you can choose many built-in policies, for this example I want to force the user to have two tags once they’re trying to create new resource.
Then I want to force the user for add the below Tags details for new resource.
4- Then Click on Assign policy, here you’ll be able to assign the definitions that you created before assigning to the resources, there are many options you can have Exclusions, or you can choose locations you also will be able to create the message for your users.
5- Save it and review if everything is correct, lets test this in Azure SQL resource. So I tried to create new database without any tags and I got the below error message ‘Validation failed’
You also see the error message in Activity logs
And after I put the right tags as we expected I could create the database as expected!