Restrict allowed virtual machine sizes for labs
In this article, you learn how to restrict the list of allowed lab virtual machine sizes for creating new labs by using an Azure policy. As a platform administrator, you can use policies to lay out guardrails for teams to manage their own resources. Azure Policy helps audit and govern resource state.
This article references features available in lab plans, which replaced lab accounts.
Configure the policy
Sign in to the Azure portal, and then go to your subscription.
From the left menu, under Settings, select Policies.
Under Compliance, select Assign Policy.
Select the Scope which you would like to assign the policy to, and then select Select.
Select the subscription to apply the policy to all resources. You can also select a resource group if you need the policy to apply more granularly.
Select Policy definition.
In Available Definitions, search for Lab Services, select Lab Services should restrict allowed virtual machine SKU sizes, and then select Add.
On the Basics tab, select Next.
On the Parameters tab, clear Only show parameters that need input or review to show all parameters.
In Allowed SKU names, clear the check boxes for any SKU that you don't allow for creating labs.
By default all the available SKUs are allowed. Use the following table to determine which SKU names you want to allow.
SKU Name VM Size VM Size Details CLASSIC_FSV2_2_4GB_128_S_SSD Small 2vCPUs, 4 GB RAM, 128 GB, Standard SSD CLASSIC_FSV2_4_8GB_128_S_SSD Medium 4vCPUs, 8 GB RAM, 128 GB, Standard SSD CLASSIC_FSV2_8_16GB_128_S_SSD Large 8vCPUs, 16 GB RAM, 128 GB, Standard SSD CLASSIC_DSV4_4_16GB_128_P_SSD Medium (Nested virtualization) 4 vCPUs, 16 GB RAM, 128 GB, Premium SSD CLASSIC_DSV4_8_32GB_128_P_SSD Large (Nested virtualization) 8vCPUs, 32 GB RAM, 128 GB, Premium SSD CLASSIC_NCSV3_6_112GB_128_S_SSD Small GPU (Compute) 6vCPUs, 112 GB RAM, 128 GB, Standard SSD CLASSIC_NVV4_8_28GB_128_S_SSD Small GPU (Visualization) 8vCPUs, 28 GB RAM, 128 GB, Standard SSD CLASSIC_NVV3_12_112GB_128_S_SSD Medium GPU (Visualization) 12vCPUs, 112 GB RAM, 128 GB, Standard SSD
In Effect, select Deny to prevent a lab from being created when a VM SKU isn't allowed.
Optionally, on the Non-compliance messages tab, enter a noncompliance message.
On the Review + Create tab, select Create to create the policy assignment.
You've created a policy assignment to allow only specific virtual machine sizes for creating labs. If a lab creator attempts to create a lab with any other SKU, the creation fails.
New policy assignments can take up to 30 minutes to take effect.
When applying a built-in policy, you can choose to exclude certain resources, except for lab plans. For example, if the scope of your policy assignment is a subscription, you can exclude resources in a specified resource group.
You can configure exclusions when creating a policy definition by specifying the Exclusions property on the Basics tab.
Exclude a lab plan
You can exclude a lab plan from a policy assignment by specifying the lab plan ID in the policy definition.
To get the lab plan ID:
In the Azure portal, select your lab plan.
Under Setting, select Properties, and then copy the Id.
To exclude the lab plan from the policy assignment:
Assign a new policy definition.
On the Parameters tab, clear Only show parameters that need input or review.
For Lab Plan Id to exclude, enter the lab plan ID you copied earlier.