Azure Resource Policy to Restrict ALL ASM Resources

I needed to find a way to restrict ALL Azure Service Manager (ASM, aka Classic) resources on the subscription level. Azure Resource Policy seems to be a logical choice. So I quickly developed a very simple Policy Definition: View the code on Gist. Once I have deployed the definition and assigned it to the subscription level (using PowerShell commands listed below), I could no longer deploy ASM resources:

i.e. when I tried to create a classic VNet, I could not pass the validation:

New PowerShell Module For Azure Automation: AzureServicePrincipalAccount

I’m currently working on a project where there has been a lot of discussion on how to use Azure AD Service Principals in Azure Automation and other solutions that involves any automated processes (i.e. VSTS pipelines). When signing in to Azure using a Service Principal, you can use either a key (password) or a certificate associated to the Service Principal. When using the Add-AzureRMAccount cmdlet, you can use one of the following parameter set: Key (password) based: Azure AD Tenant ID Azure Subscription Name or ID PS Credential object User name: Azure AD Application ID Password: Service Principal key Certificate

%d bloggers like this: