AzPolicyAdvertizer

last sync: 2021-Jan-25 16:07:05 UTC

Azure Policy definition

Allowed locations for resource groups

Name Allowed locations for resource groups
Azure Portal
Id e765b5de-1225-4ba3-bd56-1ac6695af988
Version 1.0.0
details on versioning
Category General
Microsoft docs
Description This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: deny
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f Regulatory Compliance GA
Json 
{
  "properties": {
    "displayName": "Allowed locations for resource groups",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "This policy enables you to restrict the locations your organization can create resource groups in. Use to enforce your geo-compliance requirements.",
    "metadata": {
      "version": "1.0.0",
      "category": "General"
    },
    "parameters": {
      "listOfAllowedLocations": {
        "type": "Array",
        "metadata": {
          "description": "The list of locations that resource groups can be created in.",
          "strongType": "location",
          "displayName": "Allowed locations"
        }
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Resources/subscriptions/resourceGroups"
          },
          {
            "field": "location",
          "notIn": "[parameters('listOfAllowedLocations')]"
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "e765b5de-1225-4ba3-bd56-1ac6695af988"
}