policies

A repo to develop Azure policies.

Least overhead would be when defining a restrciting tule (such as no netwrok peering), to add an exception when it is added.

Policies:

no public access to Azure SQL DBs
enforcing encryption on storage - https://docs.microsoft.com/en-us/azure/governance/policy/samples/require-storage-account-encryption
no on-prem data gateway ???
no vnet peering - done
no VPN Gateways,no ER Gateways - done (not allowed Type)
no Pips on VM - done - see samples
Enforce Route Tables: https://github.com/Azure/azure-policy/tree/master/samples/Network/enforce-route-table-on-subnet done

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
alerts		alerts
Not-allowed-resource-type.json		Not-allowed-resource-type.json
README.md		README.md
audit-sql-server-vnet-rule.json		audit-sql-server-vnet-rule.json
audit-storage-accessible-from-vnetonly.json		audit-storage-accessible-from-vnetonly.json
deny-all-peering.json		deny-all-peering.json
deny-all-public-ips.json		deny-all-public-ips.json
deny-nsg-inbound-allow-all.json		deny-nsg-inbound-allow-all.json
enforce-route-table.json		enforce-route-table.json

Provide feedback