Custom Policies

Azure Policy is a powerful governance tool that helps you enforce organizational standards and assess compliance at scale. The Azure Landing Zones Terraform module provides full support for creating and managing custom policies, policy initiatives, and policy assignments through your custom library.

With Azure Landing Zones Terraform module, you can:

• Create custom policy definitions - Define your own policies to enforce specific organizational requirements that aren’t covered by built-in policies
• Build policy initiatives (policy sets) - Group multiple policies together for easier management, assignment, and compliance tracking
• Assign policies and initiatives - Apply policies to your management group hierarchy to enforce governance controls across your Azure estate

There are 5 high level combinations of policy resources you can create and assign:

• ALZ policy or policy initiative assignment
• Built-in policy or policy initiative assignment
• Single custom policy assignment
• Custom policy initiative (policy set) with built-in policies and associated assignment
• Custom policy initiative (policy set) custom policies (and built-in policies) and associated assignment

This option allows you to assign a single built-in ALZ policy or policy initiative to a management group.

The high level steps to follow are:

1. Identify the ALZ policy or policy initiative you want to assign from the ALZ Policy Library.
2. Follow the steps in Creating an Azure Policy Assignment to create and assign the policy or initiative.

This option allows you to assign a single built-in Azure policy or policy initiative to a management group.

The high level steps to follow are:

1. Identify the built-in policy or policy initiative you want to assign from the Azure documentation.
2. Follow the steps in Creating an Azure Policy Assignment to create and assign the policy or initiative.

This option allows you to create a custom policy definition and assign it to a management group.

The high level steps to follow are:

1. Follow the steps in Creating a Custom Azure Policy Definition to create your custom policy definition.
2. Follow the steps in Creating an Azure Policy Assignment to assign the custom policy to a management group.

This option allows you to create a custom policy initiative that includes built-in policies, and assign it to a management group.

The high level steps to follow are:

1. Follow the steps in Creating an Azure Policy Initiative to create your custom policy initiative that includes built-in policies.
2. Follow the steps in Creating an Azure Policy Assignment to assign the custom policy initiative to a management group.

This option allows you to create a custom policy initiative that includes both custom and built-in policies, and assign it to a management group.

The high level steps to follow are:

1. Follow the steps in Creating a Custom Azure Policy Definition to create your custom policy definitions.
2. Follow the steps in Creating an Azure Policy Initiative to create your custom policy initiative that includes both custom and built-in policies.
3. Follow the steps in Creating an Azure Policy Assignment to assign the custom policy initiative to a management group.

Choose the guide that matches what you want to accomplish:

Tip

Recommended reading order: If you’re new to custom policies, start with the policy definition guide, then learn about initiatives, and finally understand how to assign them.

Before creating custom policies, you need to have a custom library configured. The custom library is where you store your policy definitions, initiatives, and assignments.