# Overview Azure Policy is a [[Govern]] tool in Microsoft Azure that helps enforce standards and assess compliance at scale. It allows administrators to create, assign, and manage policies across Azure resources.  - **Key Features:** - **Policy and Initiative Definitions:** Includes built-in policies and groups of related policies (initiatives). - **Inheritance:** Policies are inherited down the organizational hierarchy. - **Evaluation:** Evaluates all Azure and Arc-enabled resources, highlighting noncompliant ones. - **Remediation:** Prevents creation of noncompliant resources and automatically remediates existing ones. - **Integration:** Works with Azure Pipelines for pre- and post-deployment policies. - **Considerations:** - **Compliance Dashboard:** Analyzes the overall state and provides bulk remediation. - **Evaluation Triggers:** Evaluations occur during resource changes, policy assignments, and standard cycles. - **Handling Noncompliance:** Options include denying changes, logging, altering resources, or deploying compliant ones. - **Automatic Remediation:** Useful for tagging and ensuring resources meet specific criteria. - **Difference from RBAC:** Azure Policy focuses on resource state compliance, while RBAC manages user actions. ## Resources [List of built-in policy definitions - Azure Policy | Microsoft Learn](https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-policies) [List of built-in policy initiatives - Azure Policy | Microsoft Learn](https://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-initiatives) [AzAdvertizer](https://www.azadvertizer.net/)