Check policy compliance with gates

Azure Pipelines

Azure Policy helps you manage and prevent IT issues by using policy definitions that enforce rules and effects for your resources. When you use Azure Policy, resources stay compliant with your corporate standards and service level agreements. Policies can be applied to an entire subscription, a management group, or a resource group.

This tutorial guides you in enforcing compliance policies on your resources before and after deployment during the release process through Azure Pipelines.

For more information, see What is Azure Policy? and Create and manage policies to enforce compliance.

Prepare

  1. Create an Azure Policy in the Azure portal. There are several pre-defined sample policies that can be applied to a management group, subscription, and resource group.

  2. In Azure DevOps create a release pipeline that contains at least one stage, or open an existing release pipeline.

  3. Add a pre- or post-deployment condition that includes the Security and compliance assessment task as a gate. More details.

    Azure Policy Gate

Validate for any violation(s) during a release

  1. Navigate to your team project in Azure DevOps.

  2. In the Pipelines section, open the Releases page and create a new release.

  3. Choose the In progress link in the release view to open the live logs page.

  4. When the release is in progress and attempts to perform an action disallowed by the defined policy, the deployment is marked as Failed. The error message contains a link to view the policy violations.

    Azure Policy failure message

  5. An error message is written to the logs and displayed in the stage status panel in the releases page of Azure Pipelines.

    Azure Policy failure in log

  6. When the policy compliance gate passes the release, a Succeeded status is displayed.

    Policy Gates

  7. Choose the successful deployment to view the detailed logs.

    Policy Logs

Help and support