Azure Policy Limits and Guidelines

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Azure Policies
Course
Time
1 hour 5 minutes
Difficulty
Beginner
CEU/CPE
1
Video Transcription
00:01
there are limits to the maximum counts of azure policy objects
00:05
as everything else in azure initiatives, policies and their elements are considered objects, and there are limitations of how many of those you can create.
00:14
The following table gives an overview of those limitations.
00:17
A few things to note here are first. The scope is either management group or subscription.
00:23
If your scope is a subscription, for example, you are limited to 500 policy definitions for this subscription, 100 initiatives and 100 assignments for the subscription.
00:34
Also note that you are limited to 1000 initiatives per tenant.
00:38
It doesn't mean that there is a limit to the policy definitions per tenant, but you are implicitly limited by the initiative limit.
00:45
Also, one important thing to remember is the limit of parameters for both the policy definition and the initiative definition.
00:56
You could have up to 20 parameters for a policy definition or Onley up to 100 foreign initiative.
01:03
This means that you need to carefully plan the parameters for your policies and initiatives.
01:08
Remember the C s initiative that had 84 policies in it.
01:12
If each policy has at least two parameters and you want to expose all these parameters as initiative parameters, you will exceed this 100 limit.
01:22
Let's look at some guidelines on how to manage your policies.
01:26
When you create your definitions and assignments, consider the organizational hierarchies.
01:32
It is better to create definitions at higher levels, for example, management group or subscription, and assigned them at the next child level.
01:40
For example, if you create a definition at a subscription level, you can scope the assignment down at the resource group level.
01:48
Create an assigned initiative definitions, even for a single policy definition.
01:53
If in the future you have a second policy that has similar goals, you could easily include it in the initiative and track both policies together.
02:00
Start with the audit effect instead of the deny effect
02:04
and track the impact of your policy on the resource is in your environment.
02:08
This way, you can learn how the resource is, are created and used, and will not hinder any manual or automated tasks.
02:15
Once you know what the impact of your policy is, you can start enforcing the policy
Up Next
View All
Instructed By
Toddy Mladenov

Toddy Mladenov

Instructor
Jacob Pelzman

Jacob Pelzman

Voice Over Artist
Similar Content
Implement Azure Policy Lab
Learn on Demand IT Pro Challenges
Implement Azure Policy Lab
The flexibility provided by the cloud is an amazing benefit until it results in unbounded ...
Implement IoT Hub Endpoints and Consumer Groups
Learn on Demand IT Pro Challenges
Implement IoT Hub Endpoints and Consumer Groups
This IT Pro Challenge hands-on lab shows learners how to implement and configure an Azure ...
AZ-500: Microsoft Azure Security Technologies
Course
AZ-500: Microsoft Azure Security Technologies
4.42
Azure Security Engineers are responsible for protecting against vulnerabiltieis, implementing threat protection, and responding to ...
9CEUs