Azure Policy issue

Hi Manuel,

Say that you're going to follow Microsoft naming convention best practice: ResourceType-BusinessUnit-Environment-Application-Region-Instance.

Here's a step-by-step guide to create and enforce this policy:

Step 1: Understand the Naming Convention Format

Say, you're going to follow Microsoft Your naming convention format can be broken down as follows:

• Resource Type: Type of the Azure resource.
• Business Unit: Identifier for the business unit.
• Environment: Such as prod, dev, test.
• Application: Name of the application.
• Region: Azure region, like useast, euwest.
• Instance: A unique instance identifier.

This will be reflected in a pattern like type-unit-env-app-region-instance.

Step 2: Create the Policy Definition

1. Go to Azure Policy in the Azure Portal:
   • Log into Azure Portal.
     • Search for “Policy” in “All services”.
2. Create a New Policy Definition:
   • Under “Authoring”, click “Definitions”.
     • Click “+ Policy definition”.
3. Configure the Policy Definition:
   • Name it appropriately, e.g., “Enforce Custom Naming Convention”.
     • Add a description.
       • Define the policy rule in JSON format. Here’s an example:

{
    "mode": "All",
    "policyRule": {
        "if": {
            "allOf": [
                {
                    "field": "type",
                    "notEquals": "Microsoft.Storage/storageAccounts"
                },
                {
                    "field": "name",
                    "notLike": "[concat(field('type'), '-', '[parameters('businessUnit')]', '-', '[parameters('environment')]', '-', '[parameters('application')]', '-', '[parameters('region')]', '-', '[parameters('instance')]')]"
                }
            ]
        },
        "then": {
            "effect": "deny"
        }
    },
    "parameters": {
        "businessUnit": {
            "type": "String"
        },
        "environment": {
            "type": "String"
        },
        "application": {
            "type": "String"
        },
        "region": {
            "type": "String"
        },
        "instance": {
            "type": "String"
        }
    }
}

This policy excludes storage accounts and enforces the naming convention on other resources.

Create the Policy:

• Assign it to the desired scope (subscription or resource group).

Step 3: Assign the Policy

Assign Your New Policy:

• In Azure Policy, go to “Assignments”.
• Click “+ Assign policy”.
• Select your policy and assign it to the appropriate scope.

Configure Parameters:

• You may need to define parameters like businessUnit, environment, application, region, and instance according to your organization’s specifics.

Step 4: Test the Policy

• Test by creating resources with both compliant and non-compliant names to ensure the policy is functioning as expected.

Also, note that Microsoft have naming restrictions not just for Azure Storage:

In Azure, different resources have specific naming restrictions, including limitations on the use of capital letters, dashes, underscores, and other characters. As of my last update, here's a summary of some Azure resources with such restrictions:

1. Storage Accounts:
   • Do not allow capital letters, dashes, or underscores.
     • Names must be 3-24 characters long, consisting only of lowercase letters and numbers.
2. Azure SQL Database Servers:
   • Server names do not allow underscores, dashes, or capital letters.
     • They must be globally unique within Azure.
3. Azure Blob Containers:
   • Do not allow capital letters or underscores.
     • Names must start with a letter or number, followed by lowercase letters, numbers, or hyphens, and be 3-63 characters long.
4. Cosmos DB Accounts:
   • Cannot have capital letters, dashes, or underscores.
     • Names must be 3-31 characters long, using only lowercase letters and numbers.
5. Azure Key Vault:
   • Do not allow underscores or capital letters.
     • Names must be 3-24 characters long, with only alphanumeric characters and hyphens.
6. Azure Event Hubs:
   • Namespace names cannot contain underscores or capital letters.
     • Names must be 6-50 characters long, with only letters, numbers, and hyphens.
7. Azure Virtual Networks and Subnets:
   • Do not allow underscores.
     • Names can be up to 80 characters long and consist of letters, numbers, and hyphens.
8. Azure Virtual Machines:
   • Do not allow underscores in their names.
     • Names can be up to 64 characters, including letters, numbers, and hyphens.
9. Azure Redis Cache:
   • Do not allow underscores, dashes, or capital letters.
     • Names must be 1-63 characters long, only containing letters or numbers.
10. Azure Logic Apps:

• Do not allow underscores in their names.
• Names can contain letters, numbers, and hyphens, and be up to 80 characters long.

Please review Microsoft documentation for "Naming rules and restrictions for Azure resources"

https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-name-rules

Kindly if you find the provided information helpful and it resolves your query, please consider accepting the answer. Your feedback is valuable and helps ensure the quality and relevance of the responses.