Each policy constantly monitors your resources and validates them against defined rules. When there is a validation error generated by a policy, you can click on it to reveal the details, which confirm that the action was blocked by the policy (see Figure 1.13):
Figure 1.13 - Policy validation error details
The results of the working policy may differ depending on its type. However, they mostly focus on enforcing or forbidding an action, which will result in an error displayed in either a portal or a command line. When you want to assign a policy, you must configure it using various available options. Here, you can find the description of the fields displayed:
- Scope: This field defines what resources the policy is assigned to. There is a possibility to select either a subscription or a resource group.
- Exclusions: If you find the scope a little bit too generic, you can add excluded resources that will not be covered by a policy.
- Policy definition: There are two types of supported policies—built-in and custom. Unfortunately, custom policies are out of the scope of this book (but if you find this topic interesting, you can find a link in the Further reading section to read more about it). A policy is a definition that includes a rule and an effect and is triggered when a rule is not satisfied.
- Assignment name: It is the display name of an assigned policy.
- Description and Assigned by: These are optional fields that gather extra information about a policy.
Let's look at some examples of Azure policies that are available.
