Implementing and assigning Azure policies

To implement Azure policies, you have to assign them. In this demonstration, we are going to assign an Allowed location policy to an Azure resource group. Therefore, you have to perform the following steps:

1. Navigate to the Azure portal by opening https://portal.azure.com.
2. Open the PacktNetworkWatcher resource group.
3. Then, under Settings, select Policies:

1. Click on the Getting started menu item. You will see a page that is similar to the following:

1. The first step is to view and select the policy definition. Select the View Definitions link on the page.

1. You will go to the available built-in and custom policies inside your subscription. On the right-hand side, type Locations in the search bar:

1. Then, select the Allowed locations policy; you will be redirected to the blade where you can see the policy definition in JSON and assign the policy:

1. Click on Assign in the top menu.
2. To assign the policy, you have to fill in the following values:
   • Scope: Select a subscription, and, optionally, a resource group. I've selected the PacktNetworkWatcher resource group for this demonstration.
   • Allowed locations: Only select West Europe, as demonstrated in the following screenshot:

1. Click on Assign. The policy will be assigned to the resource group. 

1. Now, when we add a new resource to the resource group (such as a new VM, for instance) and set the location to East US, we will notice a validation error on the top-left of the screen. When you click on it, you will see the following details on the right-hand side of the screen:

In this section, we covered how to assign a policy in Azure.