Two of the predominant approaches to managing systems at scale in the cloud are:
Infrastructure as Code: The practice of treating the content that defines your environments, everything from Resource Manager templates to Azure Policy definitions to Azure Blueprints, as source code.
DevOps: The union of people, process, and products to enable continuous delivery of value to our end users.
Policy as Code is the combination of these ideas. Essentially, keep your policy definitions in source control and whenever a change is made, test and validate that change. However, that shouldn't be the extent of policies involvement with Infrastructure as Code or DevOps.
The validation step should also be a component of other continuous integration or continuous deployment workflows. Examples include deploying an application environment or virtual infrastructure. By making Azure Policy validation an early component of the build and deployment process the application and operations teams discover if their changes are non-complaint, long before it's too late and they're attempting to deploy in production.
For more information, please refer this document.