Azure virtual machine recommended policies
The recommended policies for Azure virtual machines are on the portal's Overview page for virtual machines and under the Capabilities tab. Select Azure Policy to open a pane that shows the recommended policies. Select the recommended policies to apply to this virtual machine and select Assign policies to create an assignment for each policy. Assign policies is unavailable, or greyed out, for any policy already assigned to a scope where the virtual machine is a member.
As an organization reaches maturity with organizing their resources and resource hierarchy, the recommendation is to transition these policy assignments from one per resource to the subscription or management group level.
| Name (Azure portal) |
Description | Effect | Version (GitHub) |
|---|---|---|---|
| Audit virtual machines without disaster recovery configured | Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc. | auditIfNotExists | 1.0.0 |
| Audit VMs that do not use managed disks | This policy audits VMs that do not use managed disks | audit | 1.0.0 |
| Azure Backup should be enabled for Virtual Machines | Ensure protection of your Azure Virtual Machines by enabling Azure Backup. Azure Backup is a secure and cost effective data protection solution for Azure. | AuditIfNotExists, Disabled | 3.0.0 |
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for