Generally available: Secure critical infrastructure from accidental deletions at scale with Policy

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

We are thrilled to announce the general availability of DenyAction, a new effect in Azure Policy! With the introduction of Deny Action, policy enforcement now expands into blocking request based on actions to the resource. These deny action policy assignments can safeguard critical infrastructure by blocking unwarranted delete calls 


Azure Policy expands its at-scale enforcement capabilities to assess requests based on action. Previously, Policy only supported the ‘deny’ effect which blocks requests based on resource configurations or properties. Now a newly added effect, Deny Action, extends that functionality to block based on intended request.  


Deny Action effect can be leveraged in the existing policy definitions schema. This allows for the conditional flexibility that comes with the “If” structure of a policy definition. Further, by assigning these definitions at subscription or management group level, deny action can help block these actions at-scale. Applicable resources will show a “Protected” compliance state to signify that the resource is protected from an unwanted action.  



Get started  


Here’s a sample Custom Deny Action Definition:  





Related Resources 


To keep learning about this exciting new capability of Azure Policy: 


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.