Azure Enable “Not Allowed Resource Types” Policy Assignment

Rule Description

Rule Code: Azure-POL-01

Ensure that a "Not Allowed Resource Types" policy is assigned to your Azure subscriptions.

This policy gives you the ability to specify which resources cannot be created to avoid unexpected deployment causing cost in your subscription.

Recommendation

Step 01. Sign in to Azure Management Console. Choose the Azure subscription and navigate to Policy .

Step 02. In the navigation panel, choose Assignments, perform the following:

  1. Choose the Azure cloud subscription that you want to examine from the Scope field.
  2. Select Policy from the Definition type dropdown list to display only the policy assignments created for the selected subscription.

Step 03. Click on the name of the policy assignment that you need to check.

  • On the Edit Policy Assignment page, select the Basics tab. Under Policy definition verify if the policy definition name is matched with Not allowed resource types.
  • If the policy definition name is different than Not allowed resource types, the selected policy assignment does not let you specify the resource types that your organization cannot deploy within the selected Azure subscription.

Step 04. Repeat steps 3 to check other policy assignments created within the selected subscription.

Step 05. Repeat steps 3-4 for each subscription available in your Microsoft Azure cloud account.