Recommended policies for Azure services

Customers who are new to Azure Policy often look to find common policy definitions to manage and govern their resources. Azure Policy's Recommended policies provides a focused list of common policy definitions to start with. The Recommended policies experience for supported resources is embedded within the portal experience for that resource.

For more Azure Policy built-ins, see Azure Policy built-in definitions.

Azure Virtual Machines

The Recommended policies for Azure Virtual Machines are on the Overview page for virtual machines and under the Capabilities tab. In the Azure Policy card, select the "Not configured" or "# assigned" text to open a side pane with the recommended policies. Any policy definition already assigned to a scope the virtual machine is a member of is grayed-out. Select the recommended policies to apply to this virtual machine and select Assign policies to create an assignment for each.

As an organization reaches maturity with organizing their resources and resource hierarchy, it's recommended to transition these policy assignments from one per resource to the subscription or management group level.

Azure Virtual Machines recommended policies

Name (Azure portal)	Description	Effect(s)	Version (GitHub)
Audit virtual machines without disaster recovery configured	Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc.	auditIfNotExists	1.0.0
Audit VMs that do not use managed disks	This policy audits VMs that do not use managed disks	audit	1.0.0
Azure Backup should be enabled for Virtual Machines	Ensure protection of your Azure Virtual Machines by enabling Azure Backup. Azure Backup is a secure and cost effective data protection solution for Azure.	AuditIfNotExists, Disabled	1.0.1

Next steps

• Review examples at Azure Policy samples.
• Review Understanding policy effects.
• Learn how to remediate non-compliant resources.