Azure Policy helps to enforce organization standards for tagging requirements.
It can automatically apply, inherit, replace or delete tags across the entire organization to enforce standards.
For example, Policy can inherit the tags from the resource group to its resources, or replace Env: Prod tag with Environment: Production for consistent tagging convention.
Azure Policy also supports remediating existing resources to bring them to 100% compliance.
To monitor the health of your services, you can couple integrated health checks with these region by region rollouts, or as part of multiple phases within regions. We’re happy to announce that health integration features are now available in the Azure Deployment Manager preview.
ARM templates now support the condition property on outputs, the copy() function will support non-object string inputs to produce an array, the newGuid() function will generate a new GUID each time a template is deployed and the utcNow() function will return the dateTime() in UTC.
Azure Policy is the best way to codify company policies into the core of Azure, reducing the time taken with external approval processes and documentation.
New functionalities have been added to Azure Policy, including root cause analysis and change tracking features. This means that you’ll be able to see why a resource evaluated as non-complaint and what changes were implemented directly by a policy.
Azure Blueprints allows you to deploy fully governed environments from the beginning. It’s now even easier for you to make compliant environments by releasing built-in blueprints for compliance certifications like ISO-27001.
Today, we are revealing a new Resource Provider called Microsoft.SqlVirtualMachine, a management service running internally on Azure clusters to handle SQL Server-specific configurations and deployments on Azure VMs. SQL VM resource provider enables dynamic updates of SQL Server metadata and orchestrates multi-VM deployments required for SQL Server HADR architectures. SQL VM resource provider also enables SQL Server specific browse and monitoring experiences.
Azure Policy Guest Configuration provides the capability to audit settings inside VMs on Azure. The newest policy offers the ability to check for installed applications.
There are three Guest Configuration policies in preview. The first policy, which audits password security settings for both Windows and Linux, was released at Ignite 2018.
We have added a policy to audit the encryption protocol in use by Windows Server IIS. The VM will be compliant if TLS version 1.1 or 1.2 is enabled and other protocols are disabled. The policy is named “[Preview]: Audit web server security settings inside Windows VMs.”
We recently published the third policy that audits whether an application is installed inside Windows VMs. The policy is named “[Preview]: Audit applications inside Windows VMs.”