# AZ-104 - Governance and Compliance - Understanding Azure Policy

#### **[Control and organize Azure resources with Azure Resource Manager](https://learn.microsoft.com/en-us/training/modules/control-and-organize-with-azure-resource-manager/)**

#### **Understanding Azure Policy**

- Define Azure Policy
- Components of a Policy
- Policy Examples

Enforce Compliance and enable auditing

Organization need to implement enterprise-level governance and compliance capabilities.

##### <span style="background-color: rgb(0, 0, 0); color: rgb(236, 240, 241);">Prohibit resources</span>

- control costs
- Restrict service access

##### <span style="background-color: rgb(0, 0, 0); color: rgb(236, 240, 241);">Allowed Locations</span>

- Geographical compliance

![image.png](https://wiki.tinod.net/uploads/images/gallery/2024-02/scaled-1680-/rq6fMYZ0dbkUWO2i-image.png)

##### <span style="background-color: rgb(0, 0, 0); color: rgb(236, 240, 241);">Policy Definition</span>

<span style="color: rgb(236, 240, 241);">Defines the evaluation criteria for compliance, and defines the actions that take place. Either audit or deny should be something outside of compliance.</span>

##### <span style="color: rgb(236, 240, 241); background-color: rgb(0, 0, 0);">Policy Assignment</span>

<span style="color: rgb(236, 240, 241);">The scope at which we will assign our policy. The scope could be a management group, subscription, resource group, or resource.</span>

##### <span style="color: rgb(236, 240, 241); background-color: rgb(0, 0, 0);">Initiative Definition</span>

<span style="color: rgb(236, 240, 241);"> A collection of policies that are tailored to achieving a singular high-level goal together (e.g., ensuring that VMs meet standards).</span>

![image.png](https://wiki.tinod.net/uploads/images/gallery/2024-02/scaled-1680-/Mv0XVLqFubS1eaEx-image.png)

<table border="1" id="bkmrk-policy-definition-ev" style="border-collapse: collapse; width: 111.111%;"><colgroup><col style="width: 19.6505%;"></col><col style="width: 80.3495%;"></col></colgroup><tbody><tr><td><span style="color: rgb(236, 240, 241);">Policy Definition</span></td><td><span style="color: rgb(236, 240, 241);">Evaluate if a VM is being created with our tag Project:az104. if the VM is missing the tag, then deny creation of the resource.</span>

</td></tr><tr><td><span style="color: rgb(236, 240, 241);">Policy assignment </span></td><td><span style="color: rgb(236, 240, 241);">Assign the policy at the scope of the resource where the VMs will be created</span></td></tr></tbody></table>

![image.png](https://wiki.tinod.net/uploads/images/gallery/2024-02/scaled-1680-/vR7SrV855zZVsYyF-image.png)

[![image.png](https://wiki.tinod.net/uploads/images/gallery/2024-02/scaled-1680-/SAoyLC7QAEOA7iRZ-image.png)](https://wiki.tinod.net/uploads/images/gallery/2024-02/SAoyLC7QAEOA7iRZ-image.png)