- Azure Policy is used to create, assign, and manage policies.
- These policies enforce different rules and effects over your resources so those resources stay compliant with your corporate standards and service level agreements.
- Azure Policy does this by running evaluations of your resources and scanning for those not compliant with the policies you have created.
- For example, you can have a policy to allow only a specific SKU size of virtual machines in your environment.
- Once this policy has been implemented, it will be evaluated when creating and updating resources and over your already existing resources.
Differences from RBAC
- RBAC focuses on user actions at different scopes.
- For example, you might be added to the contributor role for a resource group at the desired scope.
- The role allows you to make changes to that resource group.
- Policy focuses on resource properties during deployment and for already existing resources.
- For example, through policies, you can control the types of resources that can be provisioned.
- Or, you can restrict the locations in which the resources can be provisioned.
- Unlike RBAC, policy is a default allow and explicit deny system.