{"id":193,"date":"2023-07-25T06:06:00","date_gmt":"2023-07-25T06:06:00","guid":{"rendered":"https:\/\/www.azuregovernanceguard.com\/?page_id=193"},"modified":"2023-11-13T14:33:21","modified_gmt":"2023-11-13T14:33:21","slug":"protecting-resources-from-deletion-with-denyaction-effect-using-azure-policy","status":"publish","type":"post","link":"https:\/\/www.azuregovernanceguard.com\/?p=193","title":{"rendered":"Safeguarding Cloud Resources with Azure Policy&#8217;s DenyAction Effect"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">In cloud environments like Azure, safeguarding resources from accidental or malicious deletion is of utmost importance. To ensure the integrity and security of your cloud infrastructure, Azure Policy provides a powerful feature called DenyAction Effect. In this blog article, we will explore the significance of protecting resources from deletion and how Azure Policy\u2019s DenyAction Effect can be utilized to enforce resource protection policies effectively.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"344\" height=\"124\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070058.png\" alt=\"\" class=\"wp-image-263\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070058.png 344w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070058-300x108.png 300w\" sizes=\"auto, (max-width: 344px) 100vw, 344px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Why Protecting Resources from Deletion is Crucial<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Accidental Deletion: Mistakes happen, even to the most experienced users. Unintentional deletion of critical resources, such as virtual machines, databases, or storage accounts, can lead to data loss and operational disruptions. Recovering or recreating these resources may involve significant effort, time, and cost.<\/li>\n\n\n\n<li>Malicious Actions: Unauthorized individuals may attempt to compromise your cloud environment and delete resources to cause harm, disrupt services, or steal sensitive information. Protecting resources from unauthorized deletion is essential for maintaining the confidentiality, integrity, and availability of your data and services.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">In this scenario, we have a VNet set up by the platform team, enabling communication outside the subscription through a hub-spoke configuration. To prevent accidental deletion of this VNet, we have implemented a specific policy that enforces its protection. While locks could serve a similar purpose, they can be removed by individuals with Owner permissions, potentially compromising the safeguarding measures. In contrast, this policy can be strategically placed at a higher level, providing enhanced security and offering more robust protection for the VNet.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Creating the policy:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Step 1: Sign in to the Azure Portal<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Open your web browser and navigate to the Azure Portal (https:\/\/portal.azure.com\/).<\/li>\n\n\n\n<li>Sign in with your Azure account credentials.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Step 2: Access the Azure Policy Service<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Once signed in, click on the &#8220;All services&#8221; option in the left-hand menu.<\/li>\n\n\n\n<li>In the search bar, type &#8220;Policy&#8221; and select &#8220;Policy&#8221; from the results. This will open the Azure Policy service.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Step 3: Create a New Policy<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the Azure Policy service, click on the &#8220;Definitions&#8221; tab on the left-hand menu.<\/li>\n\n\n\n<li>Click on the &#8220;+ Policy definition&#8221; button to start creating a new policy.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Step 4: Define Policy Settings<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In the &#8220;Basics&#8221; tab, provide the following information:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Name: Give your policy definition a descriptive name.<\/li>\n\n\n\n<li>Description: Add a brief description of the policy&#8217;s purpose and scope.<\/li>\n\n\n\n<li>Category: Choose an appropriate category for the policy (e.g., Security, Compliance, etc.).<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"910\" height=\"339\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-064930.png\" alt=\"\" class=\"wp-image-258\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-064930.png 910w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-064930-300x112.png 300w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-064930-768x286.png 768w\" sizes=\"auto, (max-width: 910px) 100vw, 910px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Step 5: Set Policy Rule<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the &#8220;Policy Rule&#8221; tab, you&#8217;ll define the specific rule that the policy will enforce. You can either:<\/li>\n<\/ul>\n\n\n\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"json\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">{\n  \"mode\": \"Indexed\",\n  \"policyRule\": {\n    \"if\": {\n        \"allOf\": [\n          {\n              \"field\": \"type\",\n              \"equals\": \"Microsoft.Network\/virtualNetworks\"\n          }\n        ]\n    },\n    \"then\": {\n        \"effect\": \"DenyAction\",\n        \"details\": {\n          \"actionNames\": [ \"delete\" ],\n          \"cascadeBehaviors\": { \"resourceGroup\": \"deny\" }\n        }\n    }\n  }\n}<\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">Step 6: Review and Create<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click on the &#8220;Review + create&#8221; tab to review the policy configuration.<\/li>\n\n\n\n<li>Ensure all the details are accurate, and the policy rule is correctly defined.<\/li>\n\n\n\n<li>Click on the &#8220;Create&#8221; button to create the Azure Policy.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Step 7: Assign the Policy<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>After creating the policy definition, go back to the &#8220;Policy&#8221; service.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"147\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065122-1024x147.png\" alt=\"\" class=\"wp-image-259\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065122-1024x147.png 1024w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065122-300x43.png 300w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065122-768x110.png 768w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065122-1536x220.png 1536w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065122.png 1833w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click on &#8220;Assignments&#8221; in the left-hand menu.<\/li>\n\n\n\n<li>Click on &#8220;+ Assign Policy&#8221; to assign the policy to a scope (Management Group, Subscription, Resource Group, or Resource).<\/li>\n\n\n\n<li>In the &#8220;Scope&#8221; dropdown, select the appropriate scope for the policy assignment.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"958\" height=\"890\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065145.png\" alt=\"\" class=\"wp-image-260\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065145.png 958w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065145-300x279.png 300w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065145-768x713.png 768w\" sizes=\"auto, (max-width: 958px) 100vw, 958px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Search and select the policy definition you created earlier.<\/li>\n\n\n\n<li>Generate messages for non-compliance<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"966\" height=\"313\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065214.png\" alt=\"\" class=\"wp-image-261\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065214.png 966w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065214-300x97.png 300w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-065214-768x249.png 768w\" sizes=\"auto, (max-width: 966px) 100vw, 966px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click on the &#8220;Review + create&#8221; button and then &#8220;Create&#8221; to assign the policy.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">After the policy has been assigned, we will attempt to delete one of the VNets that has been deployed. In this example, the VNet deployed is named &#8220;Vnet-test&#8221; and is part of the Resource Group &#8220;Vnet-test.&#8221;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"462\" height=\"127\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070038.png\" alt=\"\" class=\"wp-image-262\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070038.png 462w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070038-300x82.png 300w\" sizes=\"auto, (max-width: 462px) 100vw, 462px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">When we try to delete it, we encounter an error message stating:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"344\" height=\"124\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070058.png\" alt=\"\" class=\"wp-image-263\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070058.png 344w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070058-300x108.png 300w\" sizes=\"auto, (max-width: 344px) 100vw, 344px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Hooray! The policy has been successfully implemented, and it&#8217;s working as intended! &#x1f60a;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Removing the VNet<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">However, suppose we wish to delete only this specific VNet without removing the policy assignment. In that case, we must establish an exemption for this particular resource within the policy. To achieve this, we can return to the policy assignment and make the necessary adjustments.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Step 1: Identify the Policy to Exempt<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the Azure Policy service, click on the &#8220;Assignments&#8221; tab on the left-hand menu.<\/li>\n\n\n\n<li>Locate and select the policy assignment from which you want to create an exemption.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"234\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074045-1024x234.png\" alt=\"\" class=\"wp-image-264\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074045-1024x234.png 1024w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074045-300x68.png 300w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074045-768x175.png 768w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074045-1536x351.png 1536w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074045.png 1853w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Step 2: Initiate Policy Exemption<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the policy assignment details page, click on the &#8220;Exemptions&#8221; tab.<\/li>\n\n\n\n<li>Click on the &#8220;+ Add exemption&#8221; button to start creating a new exemption.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"154\" height=\"54\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074450.png\" alt=\"\" class=\"wp-image-265\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074450.png 154w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074450-150x54.png 150w\" sizes=\"auto, (max-width: 154px) 100vw, 154px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Step 3: Define Exemption Details<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the &#8220;Basics&#8221; tab, provide the following information:<\/li>\n\n\n\n<li>Name: Give your exemption a descriptive name.<\/li>\n\n\n\n<li>Description: Add a brief description of the exemption&#8217;s purpose and scope.<\/li>\n\n\n\n<li>Select the Exemption scope, in this case the resource we want to delete:<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"266\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074624-1024x266.png\" alt=\"\" class=\"wp-image-266\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074624-1024x266.png 1024w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074624-300x78.png 300w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074624-768x199.png 768w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074624-1536x398.png 1536w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074624.png 1847w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Step 4: Review and Create<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Click on the &#8220;Review + create&#8221; tab to review the exemption configuration.<\/li>\n\n\n\n<li>Click on the &#8220;Create&#8221; button to create the policy exemption.<\/li>\n<\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"731\" height=\"368\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074757.png\" alt=\"\" class=\"wp-image-267\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074757.png 731w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-074757-300x151.png 300w\" sizes=\"auto, (max-width: 731px) 100vw, 731px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">If you have created a policy exemption for the &#8220;Vnet-test&#8221; resource, you should be able to proceed with the deletion process without the policy blocking the action.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"335\" height=\"174\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070044.png\" alt=\"\" class=\"wp-image-268\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070044.png 335w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070044-300x156.png 300w\" sizes=\"auto, (max-width: 335px) 100vw, 335px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Since you have applied a policy exemption for the &#8220;Vnet-test&#8221; VNet, the deletion should go through successfully without any interference from the policy enforcement.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"895\" height=\"690\" src=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Untitled.png\" alt=\"\" class=\"wp-image-273\" srcset=\"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Untitled.png 895w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Untitled-300x231.png 300w, https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Untitled-768x592.png 768w\" sizes=\"auto, (max-width: 895px) 100vw, 895px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Utilizing the DenyAction feature from Azure policies is a powerful means of safeguarding your environment. By applying this feature, you can effectively enforce resource protection policies, prevent accidental or malicious deletions, and maintain the integrity and security of your cloud infrastructure. Additionally, policy exemptions offer a valuable tool to handle specific cases where certain resources need to be exempted from policy enforcement temporarily. These combined measures ensure a robust and secure cloud environment, allowing you to manage exceptions while upholding the overall effectiveness of Azure policies.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For more info <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/governance\/policy\/concepts\/effects#denyaction-preview\">Understand how effects work &#8211; Azure Policy | Microsoft Learn<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this blog article, we explore the significance of safeguarding cloud resources from accidental or malicious deletion in Azure environments. To ensure the integrity and security of your cloud infrastructure, Azure Policy&#8217;s DenyAction Effect provides a powerful feature. We discuss the importance of protecting resources due to accidental deletions, which can lead to data loss and disruptions. Additionally, safeguarding against malicious actions by unauthorized individuals is crucial for maintaining data confidentiality and availability. To illustrate the effectiveness of resource protection, a specific policy is implemented to prevent accidental deletion of a VNet set up by the platform team. Moreover, we highlight the benefits of policy exemptions, which allow for temporary exemptions from policy enforcement for specific resources. By leveraging these tools, Azure users can create a robust and secure cloud environment, effectively managing exceptions while upholding the overall effectiveness of Azure policies. &hellip; <a href=\"https:\/\/www.azuregovernanceguard.com\/?p=193\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\">Safeguarding Cloud Resources with Azure Policy&#8217;s DenyAction Effect<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[14],"tags":[],"class_list":["post-193","post","type-post","status-publish","format-standard","hentry","category-azure-policy"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"In this blog article, we explore the significance of safeguarding cloud resources from accidental or malicious deletion in Azure environments. To ensure the integrity and security of your cloud infrastructure, Azure Policy&#039;s DenyAction Effect provides a powerful feature. We discuss the importance of protecting resources due to accidental deletions, which can lead to data loss and disruptions. Additionally, safeguarding against malicious actions by unauthorized individuals is crucial for maintaining data confidentiality and availability. To illustrate the effectiveness of resource protection, a specific policy is implemented to prevent accidental deletion of a VNet set up by the platform team. Moreover, we highlight the benefits of policy exemptions, which allow for temporary exemptions from policy enforcement for specific resources. By leveraging these tools, Azure users can create a robust and secure cloud environment, effectively managing exceptions while upholding the overall effectiveness of Azure policies.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Eelco Labordus\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/www.azuregovernanceguard.com\/?p=193\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Azure Governance Guard -\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Safeguarding Cloud Resources with Azure Policy\u2019s DenyAction Effect - Azure Governance Guard\" \/>\n\t\t<meta property=\"og:description\" content=\"In this blog article, we explore the significance of safeguarding cloud resources from accidental or malicious deletion in Azure environments. To ensure the integrity and security of your cloud infrastructure, Azure Policy&#039;s DenyAction Effect provides a powerful feature. We discuss the importance of protecting resources due to accidental deletions, which can lead to data loss and disruptions. Additionally, safeguarding against malicious actions by unauthorized individuals is crucial for maintaining data confidentiality and availability. To illustrate the effectiveness of resource protection, a specific policy is implemented to prevent accidental deletion of a VNet set up by the platform team. Moreover, we highlight the benefits of policy exemptions, which allow for temporary exemptions from policy enforcement for specific resources. By leveraging these tools, Azure users can create a robust and secure cloud environment, effectively managing exceptions while upholding the overall effectiveness of Azure policies.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/www.azuregovernanceguard.com\/?p=193\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/logo-white-1.png?fit=10001000&#038;ssl=1\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/logo-white-1.png?fit=10001000&#038;ssl=1\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2023-07-25T06:06:00+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2023-11-13T14:33:21+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@EelcoLabordus\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Safeguarding Cloud Resources with Azure Policy\u2019s DenyAction Effect - Azure Governance Guard\" \/>\n\t\t<meta name=\"twitter:description\" content=\"In this blog article, we explore the significance of safeguarding cloud resources from accidental or malicious deletion in Azure environments. To ensure the integrity and security of your cloud infrastructure, Azure Policy&#039;s DenyAction Effect provides a powerful feature. We discuss the importance of protecting resources due to accidental deletions, which can lead to data loss and disruptions. Additionally, safeguarding against malicious actions by unauthorized individuals is crucial for maintaining data confidentiality and availability. To illustrate the effectiveness of resource protection, a specific policy is implemented to prevent accidental deletion of a VNet set up by the platform team. Moreover, we highlight the benefits of policy exemptions, which allow for temporary exemptions from policy enforcement for specific resources. By leveraging these tools, Azure users can create a robust and secure cloud environment, effectively managing exceptions while upholding the overall effectiveness of Azure policies.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@EelcoLabordus\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/logo-white-1.png?fit=10001000&amp;ssl=1\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#blogposting\",\"name\":\"Safeguarding Cloud Resources with Azure Policy\\u2019s DenyAction Effect - Azure Governance Guard\",\"headline\":\"Safeguarding Cloud Resources with Azure Policy&#8217;s DenyAction Effect\",\"author\":{\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?author=1#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/#person\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/Screenshot-2023-07-25-070058.png\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193\\\/#articleImage\",\"width\":344,\"height\":124},\"datePublished\":\"2023-07-25T06:06:00+00:00\",\"dateModified\":\"2023-11-13T14:33:21+00:00\",\"inLanguage\":\"en\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#webpage\"},\"articleSection\":\"Azure Policy\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.azuregovernanceguard.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?cat=14#listItem\",\"name\":\"Azure Policy\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?cat=14#listItem\",\"position\":2,\"name\":\"Azure Policy\",\"item\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?cat=14\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#listItem\",\"name\":\"Safeguarding Cloud Resources with Azure Policy&#8217;s DenyAction Effect\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#listItem\",\"position\":3,\"name\":\"Safeguarding Cloud Resources with Azure Policy&#8217;s DenyAction Effect\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?cat=14#listItem\",\"name\":\"Azure Policy\"}}]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/#person\",\"name\":\"Eelco Labordus\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#personImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e156d3802a198fc2a5ec87dfdd45a0822a113d40bc8e55917bb5b76065e8322c?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"Eelco Labordus\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?author=1#author\",\"url\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?author=1\",\"name\":\"Eelco Labordus\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e156d3802a198fc2a5ec87dfdd45a0822a113d40bc8e55917bb5b76065e8322c?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"Eelco Labordus\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#webpage\",\"url\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193\",\"name\":\"Safeguarding Cloud Resources with Azure Policy\\u2019s DenyAction Effect - Azure Governance Guard\",\"description\":\"In this blog article, we explore the significance of safeguarding cloud resources from accidental or malicious deletion in Azure environments. To ensure the integrity and security of your cloud infrastructure, Azure Policy's DenyAction Effect provides a powerful feature. We discuss the importance of protecting resources due to accidental deletions, which can lead to data loss and disruptions. Additionally, safeguarding against malicious actions by unauthorized individuals is crucial for maintaining data confidentiality and availability. To illustrate the effectiveness of resource protection, a specific policy is implemented to prevent accidental deletion of a VNet set up by the platform team. Moreover, we highlight the benefits of policy exemptions, which allow for temporary exemptions from policy enforcement for specific resources. By leveraging these tools, Azure users can create a robust and secure cloud environment, effectively managing exceptions while upholding the overall effectiveness of Azure policies.\",\"inLanguage\":\"en\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?p=193#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?author=1#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/?author=1#author\"},\"datePublished\":\"2023-07-25T06:06:00+00:00\",\"dateModified\":\"2023-11-13T14:33:21+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/#website\",\"url\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/\",\"name\":\"Azure Governance Guard\",\"inLanguage\":\"en\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.azuregovernanceguard.com\\\/#person\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Safeguarding Cloud Resources with Azure Policy\u2019s DenyAction Effect - Azure Governance Guard","description":"In this blog article, we explore the significance of safeguarding cloud resources from accidental or malicious deletion in Azure environments. To ensure the integrity and security of your cloud infrastructure, Azure Policy's DenyAction Effect provides a powerful feature. We discuss the importance of protecting resources due to accidental deletions, which can lead to data loss and disruptions. Additionally, safeguarding against malicious actions by unauthorized individuals is crucial for maintaining data confidentiality and availability. To illustrate the effectiveness of resource protection, a specific policy is implemented to prevent accidental deletion of a VNet set up by the platform team. Moreover, we highlight the benefits of policy exemptions, which allow for temporary exemptions from policy enforcement for specific resources. By leveraging these tools, Azure users can create a robust and secure cloud environment, effectively managing exceptions while upholding the overall effectiveness of Azure policies.","canonical_url":"https:\/\/www.azuregovernanceguard.com\/?p=193","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#blogposting","name":"Safeguarding Cloud Resources with Azure Policy\u2019s DenyAction Effect - Azure Governance Guard","headline":"Safeguarding Cloud Resources with Azure Policy&#8217;s DenyAction Effect","author":{"@id":"https:\/\/www.azuregovernanceguard.com\/?author=1#author"},"publisher":{"@id":"https:\/\/www.azuregovernanceguard.com\/#person"},"image":{"@type":"ImageObject","url":"https:\/\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/07\/Screenshot-2023-07-25-070058.png","@id":"https:\/\/www.azuregovernanceguard.com\/?p=193\/#articleImage","width":344,"height":124},"datePublished":"2023-07-25T06:06:00+00:00","dateModified":"2023-11-13T14:33:21+00:00","inLanguage":"en","mainEntityOfPage":{"@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#webpage"},"isPartOf":{"@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#webpage"},"articleSection":"Azure Policy"},{"@type":"BreadcrumbList","@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.azuregovernanceguard.com#listItem","position":1,"name":"Home","item":"https:\/\/www.azuregovernanceguard.com","nextItem":{"@type":"ListItem","@id":"https:\/\/www.azuregovernanceguard.com\/?cat=14#listItem","name":"Azure Policy"}},{"@type":"ListItem","@id":"https:\/\/www.azuregovernanceguard.com\/?cat=14#listItem","position":2,"name":"Azure Policy","item":"https:\/\/www.azuregovernanceguard.com\/?cat=14","nextItem":{"@type":"ListItem","@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#listItem","name":"Safeguarding Cloud Resources with Azure Policy&#8217;s DenyAction Effect"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.azuregovernanceguard.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#listItem","position":3,"name":"Safeguarding Cloud Resources with Azure Policy&#8217;s DenyAction Effect","previousItem":{"@type":"ListItem","@id":"https:\/\/www.azuregovernanceguard.com\/?cat=14#listItem","name":"Azure Policy"}}]},{"@type":"Person","@id":"https:\/\/www.azuregovernanceguard.com\/#person","name":"Eelco Labordus","image":{"@type":"ImageObject","@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#personImage","url":"https:\/\/secure.gravatar.com\/avatar\/e156d3802a198fc2a5ec87dfdd45a0822a113d40bc8e55917bb5b76065e8322c?s=96&d=mm&r=g","width":96,"height":96,"caption":"Eelco Labordus"}},{"@type":"Person","@id":"https:\/\/www.azuregovernanceguard.com\/?author=1#author","url":"https:\/\/www.azuregovernanceguard.com\/?author=1","name":"Eelco Labordus","image":{"@type":"ImageObject","@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/e156d3802a198fc2a5ec87dfdd45a0822a113d40bc8e55917bb5b76065e8322c?s=96&d=mm&r=g","width":96,"height":96,"caption":"Eelco Labordus"}},{"@type":"WebPage","@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#webpage","url":"https:\/\/www.azuregovernanceguard.com\/?p=193","name":"Safeguarding Cloud Resources with Azure Policy\u2019s DenyAction Effect - Azure Governance Guard","description":"In this blog article, we explore the significance of safeguarding cloud resources from accidental or malicious deletion in Azure environments. To ensure the integrity and security of your cloud infrastructure, Azure Policy's DenyAction Effect provides a powerful feature. We discuss the importance of protecting resources due to accidental deletions, which can lead to data loss and disruptions. Additionally, safeguarding against malicious actions by unauthorized individuals is crucial for maintaining data confidentiality and availability. To illustrate the effectiveness of resource protection, a specific policy is implemented to prevent accidental deletion of a VNet set up by the platform team. Moreover, we highlight the benefits of policy exemptions, which allow for temporary exemptions from policy enforcement for specific resources. By leveraging these tools, Azure users can create a robust and secure cloud environment, effectively managing exceptions while upholding the overall effectiveness of Azure policies.","inLanguage":"en","isPartOf":{"@id":"https:\/\/www.azuregovernanceguard.com\/#website"},"breadcrumb":{"@id":"https:\/\/www.azuregovernanceguard.com\/?p=193#breadcrumblist"},"author":{"@id":"https:\/\/www.azuregovernanceguard.com\/?author=1#author"},"creator":{"@id":"https:\/\/www.azuregovernanceguard.com\/?author=1#author"},"datePublished":"2023-07-25T06:06:00+00:00","dateModified":"2023-11-13T14:33:21+00:00"},{"@type":"WebSite","@id":"https:\/\/www.azuregovernanceguard.com\/#website","url":"https:\/\/www.azuregovernanceguard.com\/","name":"Azure Governance Guard","inLanguage":"en","publisher":{"@id":"https:\/\/www.azuregovernanceguard.com\/#person"}}]},"og:locale":"en_US","og:site_name":"Azure Governance Guard -","og:type":"article","og:title":"Safeguarding Cloud Resources with Azure Policy\u2019s DenyAction Effect - Azure Governance Guard","og:description":"In this blog article, we explore the significance of safeguarding cloud resources from accidental or malicious deletion in Azure environments. To ensure the integrity and security of your cloud infrastructure, Azure Policy's DenyAction Effect provides a powerful feature. We discuss the importance of protecting resources due to accidental deletions, which can lead to data loss and disruptions. Additionally, safeguarding against malicious actions by unauthorized individuals is crucial for maintaining data confidentiality and availability. To illustrate the effectiveness of resource protection, a specific policy is implemented to prevent accidental deletion of a VNet set up by the platform team. Moreover, we highlight the benefits of policy exemptions, which allow for temporary exemptions from policy enforcement for specific resources. By leveraging these tools, Azure users can create a robust and secure cloud environment, effectively managing exceptions while upholding the overall effectiveness of Azure policies.","og:url":"https:\/\/www.azuregovernanceguard.com\/?p=193","og:image":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/logo-white-1.png?fit=10001000&#038;ssl=1","og:image:secure_url":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/logo-white-1.png?fit=10001000&#038;ssl=1","article:published_time":"2023-07-25T06:06:00+00:00","article:modified_time":"2023-11-13T14:33:21+00:00","twitter:card":"summary_large_image","twitter:site":"@EelcoLabordus","twitter:title":"Safeguarding Cloud Resources with Azure Policy\u2019s DenyAction Effect - Azure Governance Guard","twitter:description":"In this blog article, we explore the significance of safeguarding cloud resources from accidental or malicious deletion in Azure environments. To ensure the integrity and security of your cloud infrastructure, Azure Policy's DenyAction Effect provides a powerful feature. We discuss the importance of protecting resources due to accidental deletions, which can lead to data loss and disruptions. Additionally, safeguarding against malicious actions by unauthorized individuals is crucial for maintaining data confidentiality and availability. To illustrate the effectiveness of resource protection, a specific policy is implemented to prevent accidental deletion of a VNet set up by the platform team. Moreover, we highlight the benefits of policy exemptions, which allow for temporary exemptions from policy enforcement for specific resources. By leveraging these tools, Azure users can create a robust and secure cloud environment, effectively managing exceptions while upholding the overall effectiveness of Azure policies.","twitter:creator":"@EelcoLabordus","twitter:image":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/logo-white-1.png?fit=10001000&ssl=1"},"aioseo_meta_data":{"post_id":"193","title":null,"description":null,"keywords":[],"keyphrases":{"focus":{"keyphrase":"","score":0,"analysis":{"keyphraseInTitle":{"score":0,"maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"featured","og_image_url":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/logo-white-1.png?fit=10001000&ssl=1","og_image_width":"0","og_image_height":"0","og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":[],"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2023-07-25 06:05:08","updated":"2025-06-04 04:20:34","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.azuregovernanceguard.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.azuregovernanceguard.com\/?cat=14\" title=\"Azure Policy\">Azure Policy<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tSafeguarding Cloud Resources with Azure Policy\u2019s DenyAction Effect\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/www.azuregovernanceguard.com"},{"label":"Azure Policy","link":"https:\/\/www.azuregovernanceguard.com\/?cat=14"},{"label":"Safeguarding Cloud Resources with Azure Policy&#8217;s DenyAction Effect","link":"https:\/\/www.azuregovernanceguard.com\/?p=193"}],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":323,"url":"https:\/\/www.azuregovernanceguard.com\/?p=323","url_meta":{"origin":193,"position":0},"title":"Mastering Azure Policy: Overrides &amp; Exemptions Explained","author":"Eelco Labordus","date":"November 22, 2023","format":false,"excerpt":"Azure Policy Overrides and Exemptions play integral roles in Azure management. Overrides allow alterations of policy effects during assignments, useful for assessing policy impact. Exemptions, on the other hand, permit certain resources to be excluded from policy assignments, accommodating necessary deviations. Both features provide flexibility while ensuring compliance, illustrating their\u2026","rel":"","context":"In &quot;Azure Policy&quot;","block_context":{"text":"Azure Policy","link":"https:\/\/www.azuregovernanceguard.com\/?cat=14"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/11\/image-1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/11\/image-1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/11\/image-1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/11\/image-1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/11\/image-1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/11\/image-1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":412,"url":"https:\/\/www.azuregovernanceguard.com\/?p=412","url_meta":{"origin":193,"position":1},"title":"How do I govern my Governance (policies)","author":"Eelco Labordus","date":"March 5, 2024","format":false,"excerpt":"In the dynamic tech landscape, Azure policies are critical for system security and operation, requiring regular updates and monitoring for changes using alerts.","rel":"","context":"In &quot;Azure Policy&quot;","block_context":{"text":"Azure Policy","link":"https:\/\/www.azuregovernanceguard.com\/?cat=14"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2024\/02\/image-9.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2024\/02\/image-9.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2024\/02\/image-9.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2024\/02\/image-9.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":112,"url":"https:\/\/www.azuregovernanceguard.com\/?p=112","url_meta":{"origin":193,"position":2},"title":"Maximizing Azure Policy: Leveraging Audit and Deny Modes for Development and Production Environments","author":"Eelco Labordus","date":"June 11, 2023","format":false,"excerpt":"Azure Policy is a powerful governance service offered by Microsoft Azure that helps organizations enforce compliance, security, and best practices across their cloud infrastructure. It provides a range of policy definitions that can be used to monitor and control resources, ensuring they adhere to specific rules and guidelines. In this\u2026","rel":"","context":"In &quot;Azure Policy&quot;","block_context":{"text":"Azure Policy","link":"https:\/\/www.azuregovernanceguard.com\/?cat=14"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/5bbefd999475d-b42b3cecb8c79693f9e3e09763126c06.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/5bbefd999475d-b42b3cecb8c79693f9e3e09763126c06.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/5bbefd999475d-b42b3cecb8c79693f9e3e09763126c06.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/5bbefd999475d-b42b3cecb8c79693f9e3e09763126c06.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":136,"url":"https:\/\/www.azuregovernanceguard.com\/?p=136","url_meta":{"origin":193,"position":3},"title":"Mastering Successful Deployments: Validating with What-If Deployment and Azure Policies","author":"Eelco Labordus","date":"June 30, 2023","format":false,"excerpt":"Explore the benefits of What-If deployment with Azure Policies for secure and compliant cloud operations. Preview changes, ensure policy alignment, and simplify cloud management for enhanced governance.","rel":"","context":"In &quot;Azure Policy&quot;","block_context":{"text":"Azure Policy","link":"https:\/\/www.azuregovernanceguard.com\/?cat=14"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/Screenshot-2023-06-30-095316.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/Screenshot-2023-06-30-095316.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/Screenshot-2023-06-30-095316.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/06\/Screenshot-2023-06-30-095316.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":363,"url":"https:\/\/www.azuregovernanceguard.com\/?p=363","url_meta":{"origin":193,"position":4},"title":"Microsoft\u2019s Framework Trio: Cloud Adoption Framework (CAF), Azure Well-Architected Framework (WAF) and Security Adoption Framework (SAF)","author":"Eelco Labordus","date":"December 17, 2023","format":false,"excerpt":"Intro\u00a0 I will be taking a closer look at Microsoft's Cloud Adoption Framework for Azure (CAF), the Azure Well-Architected Framework (WAF), and the Security Adoption Framework (SAF). These frameworks are like a trusty roadmap for a smooth, secure, and optimized cloud journey.\u00a0 Microsoft Cloud Adoption Framework for Azure (CAF)\u00a0 Imagine\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/12\/caf-overview-graphic.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/12\/caf-overview-graphic.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/12\/caf-overview-graphic.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2023\/12\/caf-overview-graphic.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":362,"url":"https:\/\/www.azuregovernanceguard.com\/?p=362","url_meta":{"origin":193,"position":5},"title":"The journey that is called Microsoft Azure Stack","author":"Eelco Labordus","date":"January 4, 2021","format":false,"excerpt":"A couple of years ago, I was present at TechEd Europe 2014 for the launch of Windows Azure Pack. This version was built to give the same experience as the first version of Azure (now known as the classic portal). A big challenge was getting started with the Windows Azure\u2026","rel":"","context":"In &quot;Microsoft Azure Stack Hub&quot;","block_context":{"text":"Microsoft Azure Stack Hub","link":"https:\/\/www.azuregovernanceguard.com\/?cat=118"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2021\/01\/Blog-eelco-labordus-azure-2.width-1118.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2021\/01\/Blog-eelco-labordus-azure-2.width-1118.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.azuregovernanceguard.com\/wp-content\/uploads\/2021\/01\/Blog-eelco-labordus-azure-2.width-1118.jpg?resize=525%2C300&ssl=1 1.5x"},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=\/wp\/v2\/posts\/193","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=193"}],"version-history":[{"count":11,"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=\/wp\/v2\/posts\/193\/revisions"}],"predecessor-version":[{"id":286,"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=\/wp\/v2\/posts\/193\/revisions\/286"}],"wp:attachment":[{"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=193"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=193"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.azuregovernanceguard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=193"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}