last sync: 2020-Aug-07 14:05:09 UTC

Azure Policy

Allowed locations for resource groups

Policy DisplayName Allowed locations for resource groups
Policy Id e765b5de-1225-4ba3-bd56-1ac6695af988
Policy Category General
Policy Description This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.
Policy Mode All
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Fixed: deny
Roles used none
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f
Policy Rule
{
  "properties": {
    "displayName": "Allowed locations for resource groups",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.",
    "metadata": {
      "version": "1.0.0",
      "category": "General"
    },
    "parameters": {
      "listOfAllowedLocations": {
        "type": "Array",
        "metadata": {
          "description": "The list of locations that resource groups can be created in.",
          "strongType": "location",
          "displayName": "Allowed locations"
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions/resourceGroups"
          },
          {
            "field": "location",
          "notIn": "[parameters('listOfAllowedLocations')]"
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "e765b5de-1225-4ba3-bd56-1ac6695af988"
}