Check policy compliance with gates
Azure Policy helps you manage and prevent IT issues by using policy definitions that enforce rules and effects for your resources. When you use Azure Policy, resources stay compliant with your corporate standards and service level agreements. Policies can be applied to an entire subscription, a management group, or a resource group.
This tutorial guides you in enforcing compliance policies on your resources before and after deployment during the release process through Azure Pipelines.
In Azure DevOps create a release pipeline that contains at least one stage, or open an existing release pipeline.
Add a pre- or post-deployment condition that includes the Security and compliance assessment task as a gate. More details.
Validate for any violation(s) during a release
Use the AzurePolicyCheckGate task to check for policy compliance in YAML. This task can only be used as a gate and not in a build or a release pipeline.
Navigate to your team project in Azure DevOps.
In the Pipelines section, open the Releases page and create a new release.
Choose the In progress link in the release view to open the live logs page.
When the release is in progress and attempts to perform an action disallowed by the defined policy, the deployment is marked as Failed. The error message contains a link to view the policy violations.
An error message is written to the logs and displayed in the stage status panel in the releases page of Azure Pipelines.
When the policy compliance gate passes the release, a Succeeded status is displayed.
Choose the successful deployment to view the detailed logs.