The names of the definition JSON files don't matter, the Policy and Initiative definitions are registered based on the name attribute. It is recommended that you use a GUID as the name. The solution also allows the use of JSON with comments by using .jsonc instead of .json for the file extension.
NOTE: When authoring policy/initiative definitions, check out the Maximum count of Azure Policy objects
The Policy definition files are structured based on the official Azure Policy definition structure published by Microsoft. There are numerous definition samples available on Microsoft's GitHub repository for azure-policy.
"name"should be a GUID - see https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/new-guid?view=powershell-7.2."category"should be one of the standard ones defined in built-in Policy definitions.- Do not specify an
id. - Make the
effectparameterized. - Whenever feasible, provide a
defaultValuefor parameters, especially for aneffectparameter. - Policy aliases are used by Azure Policy to refer to resource type properties in the
ifcondition and inexistenceCondition: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/definition-structure#aliases.
{
"name": "Newly created GUID",
"properties": {
"displayName": "Policy Display Name",
"policyType": "Custom",
"mode": "All",
"description": "Policy Description",
"metadata": {
"version": "1.0.0",
"category": "Your Category"
},
"parameters": {
"YourParameter": {
"type": "String",
"metadata": {
"displayName": "YourParameter",
"description": "Your Parameter Description"
}
}
},
"policyRule": {
"if": {
"Insert Logic Here"
},
"then": {
"effect": "Audit, Deny, Modify, etc.",
"details": {
"roleDefinitionIds": [],
"operations": []
}
}
}
}
}