Azure Resource Policy to Restrict ALL ASM Resources

I needed to find a way to restrict ALL Azure Service Manager (ASM, aka Classic) resources on the subscription level. Azure Resource Policy seems to be a logical choice. So I quickly developed a very simple Policy Definition: View the code on Gist. Once I have deployed the definition and assigned it to the subscription level (using PowerShell commands listed below), I could no longer deploy ASM resources: #Set the Subscription ID $subscriptionId = ‘7c6bd10f-ab0d-4a8b-9c32-548589e1142b’ Add-AzureRmAccount Select-AzureRmSubscription -Subscription $subscriptionId $definition = New-AzureRmPolicyDefinition -Name “restrict-all-asm-resources” -DisplayName “Restrict All ASM Resources” -description “This policy enables you to restrict ALL Azure Service Manager

Continue reading
%d bloggers like this: