Recently, I started working with Azure Policies. In that, am able to create Azure Policy through portal successfully and now am trying to do same with the help of Azure DevOps. According to documentation there is a chance to integrate Azure Policy with Azure DevOps, but there is no more information regarding to that.25 votes
Thanks for your feedback. We currently have a partnership with the Azure DevOps team to better improve this experience. We do have some built-in tasks and compliance gates and are working on reamp them. We recently publish documentation on Designing Policy as Code workflows and will add more documentation as our improvements develop.
Azure Policy Team
Since there are lots of configuration things that ARM Templates cannot do, it would be extremely helpful if it was possible to include a custom script, preferably PowerShell, in an Azure Blueprint. If including custom scripts is not possible, having the ability to execute an Automation Runbook would also be a good way to solve this problem.22 votes
We are working to release the ability to run a custom script in Azure Blueprint
When developping Policies, testing is a very time consuming process as Policy evaluation takes place once every 30 minutes. You can trigger an on-demand scan, but it still takes a lot more time and effort than I'd like to be able to try filters and logic fast.16 votes
We are working on a VS code extension for Azure Policy that evaluates a resource in seconds.
Developing policy is a nightmare, missing efficient debugging tools, information on the way they are calculated, etc. We need authoring tool to be able to efficiently develop and test policies.14 votes
We are working on releasing a Visual Studio Code extension that helps in developing policies by having a alias lookup, syntax highlighting and autocomplete functionality. We are hoping to expand the extension to support compliance testing after that release.
It would be great for companies who are working across the major cloud vendors and on AKS if Azure Policy supported the use of OPA and rego policy syntax in addition to the current json format. This would allow companies to adopt a single policy language and use it in multiple contexts.8 votes
Azure Policy uses Rego language for its AKS Policy (in limited public preview today): https://docs.microsoft.com/en-us/azure/aks/support-policies
It does not support custom policy definitions yet, as we plan to move to Gatekeeper v.3 which has breaking change in its policy language.
Currently, Azure storage allows for the public sharing of blobs. It would be great to be able to use Azure policy to detect (and remediate) this feature.7 votes
Azure Storage team will introduce a property on Storage Accounts that can override the container-level settings.
We will soon support auditing or denying storage accounts that are open to public network. Remediation will be coming further down the road.
When using an ARM template artifact within a resource group artifact, allow us to use the resourceGroup() functions, like respourceGroup().location. Currently, we receive the error: Error: 'The function 'resourceGroup' is not valid.'4 votes
We are working on a fix to make sure all ARM template functions work if they are deployed by a blueprint
- Don't see your idea?