Initiative Definition
Azure Initiative Definition
The structure of an Azure Policy initiative definition allows you to group multiple related policy definitions into a single entity, making it easier to manage and apply policies to your resources. Here's a detailed breakdown of the key elements involved in creating and managing a policy initiative definition:
1. Display Name and Description
Display Name: A human-readable name that identifies the initiative in the Azure portal.
Description: A brief explanation of the initiative’s purpose.
2. Metadata
The metadata field provides additional information about the initiative. Common properties include:
Version: Tracks the version of the initiative definition.
Category: Specifies where the initiative is categorized within the Azure portal (e.g., Security, Networking, etc.).
Preview: Boolean value indicating if the initiative is in preview.
Deprecated: Boolean value indicating if the initiative is deprecated.
3. Version (Preview)
Initiatives can have multiple versions (like policies). Versioning allows you to track and use different iterations of an initiative and its underlying policies.
Major Version: Indicates significant changes that may affect the initiative's behavior.
Minor Version: Represents smaller changes like additional parameters or logic adjustments.
Patch Version: Covers bug fixes, text changes, or emergency security patches.
4. Parameters
Parameters in initiatives allow you to customize the policies within the initiative when applying them to different scopes. They help reduce the need for duplicating policy definitions.
Properties include:
Name: The name of the parameter.
Type: The type of data expected (e.g., string, array, object, boolean, integer, etc.).
Metadata: Contains sub-properties like
descriptionanddisplayNamefor portal display.defaultValue: A default value if none is specified.
allowedValues: A list of acceptable values for the parameter during assignment.
Example:
5. Policy Definitions
The
policyDefinitionssection defines which policies are part of the initiative. Each policy can receive parameters defined at the initiative level.Properties include:
policyDefinitionId: The full path to the policy definition (custom or built-in).
policyDefinitionReferenceId: A short identifier for the policy within the initiative.
Parameters: (Optional) The parameters passed to the individual policy definition.
definitionVersion: (Optional) The version of the policy definition being referenced.
groupNames: (Optional) Allows grouping policies for easier management.
Example:
6. Policy Groups
Policy groups allow you to categorize policies within an initiative, which is particularly useful for regulatory compliance. Grouping helps organize related policies into a logical structure, such as by security controls or compliance domains.
Example:
Putting It All Together: Example of Initiative Definition
Here’s a sample JSON that groups tagging policies using initiative parameters:
Key Takeaways
Initiatives simplify policy management by grouping multiple policy definitions into a single entity.
Parameters are critical in ensuring reusability and flexibility.
Versioning allows you to manage different iterations of policies within initiatives.
Policy Groups help structure the policies within the initiative, especially useful for regulatory compliance.
Last updated