Check policy compliance with gates
Azure Pipelines
Azure Policy helps you manage and prevent IT issues by using policy definitions that enforce rules and effects for your resources. When you use Azure Policy, resources stay compliant with your corporate standards and service level agreements. Policies can be applied to an entire subscription, a management group, or a resource group.
This tutorial guides you in enforcing compliance policies on your resources before and after deployment during the release process through Azure Pipelines.
For more information, see What is Azure Policy? and Create and manage policies to enforce compliance.
Prepare
Create an Azure Policy in the Azure portal. There are several pre-defined sample policies that can be applied to a management group, subscription, and resource group.
In Azure DevOps create a release pipeline that contains at least one stage, or open an existing release pipeline.
Add a pre- or post-deployment condition that includes the Security and compliance assessment task as a gate. More details.
Validate for any violation(s) during a release
Navigate to your team project in Azure DevOps.
In the Pipelines section, open the Releases page and create a new release.
Choose the In progress link in the release view to open the live logs page.
When the release is in progress and attempts to perform an action disallowed by the defined policy, the deployment is marked as Failed. The error message contains a link to view the policy violations.
An error message is written to the logs and displayed in the stage status panel in the releases page of Azure Pipelines.
When the policy compliance gate passes the release, a Succeeded status is displayed.
Choose the successful deployment to view the detailed logs.
Help and support
- See our troubleshooting page
- Get advice on Stack Overflow, and feel free to post your questions, search for answers, or suggest a feature on our Azure DevOps Developer Community. Support page.