Governance, security, and compliance in Azure

You can use tools and services like Azure Policy and Microsoft Defender for Cloud to establish corporate policy and plan your governance strategies. These tools and services enforce and automate your organization's governance decisions. Use the governance benchmark tool before you start your governance planning to identify potential gaps in your organization's cloud governance approach. For more information about how to develop governance processes, see Govern methodology.

Azure Policy helps you create, assign, and manage policies. These policies enforce rules on your resources so those resources stay compliant with your corporate standards and service-level agreements. Azure Policy scans your resources to identify resources that aren't compliant with corporate policies. For example, you can have a policy that lets only a specific virtual machine (VM) size to run in your environment. When you implement this policy, Azure Policy evaluates existing VMs in your environment and any new VMs that are deployed. The policy evaluation generates compliance events to use for monitoring and reporting.

Use common policies to:

  • Enforce tagging for resources and resource groups.
  • Restrict regions for deployed resources.
  • Restrict expensive SKUs for specific resources.
  • Audit the use of important optional features like Azure-managed disks.


Assign a built-in policy to a management group, subscription, or resource group.

Apply a policy

To apply a policy to a resource group:

  1. Go to Azure Policy.
  2. Select Assign a policy.

Learn more

To learn more, see: