A solid governance is the foundation of a successful Azure implementation. I often refer to it as “freedom within the frame”. As an organization, you configure the rules of the game, e.g. allowed locations, no public IPs, restricted service tiers… Within that ruleset, the teams get the freedom to rollout their innovative Azure solutions. Azure Policy is a great Azure service that allows you to implement these rules of the game!
Default behavior
As an example, I take a policy that requires a mandatory tag on a resource group. If the tag is not present, the resource group deployment will be denied.
- Assign the policy to a scope
- Configure the parameter that defines the name of the tag
- When you want to create a resource group, without the applicationName tag, you get this exception message:
- The raw error looks like this:
You notice that it is not always easy to figure out what’s going wrong and which tag is required. This can typically result in people being blocked, no knowing exactly what’s going on.
Improved user experience
Luckily, we can improve the user experience.
- When assigning a policy, you can provide a non-compliance message. This is a user-friendly exception message
- This results in a much better to understand raw error.
Conclusion
This is just one way to make the life of your customer or colleagues a bit more enjoyable 🙂 And probably also your life, because you will get fewer complaints!
Remember: sharing is caring!
Toon