azure-policy

Expert knowledge for Azure Policy development including troubleshooting, best practices, decision making, security, configuration, integrations & coding patterns, and deployment. Use when building, debugging, or optimizing Azure Policy applications. Not for Azure Blueprints (use azure-blueprints), Azure Role-based access control (use azure-rbac), Azure Resource Manager (use azure-resource-manager), Azure Security (use azure-security).

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "azure-policy" with this command: npx skills add microsoftdocs/agent-skills/microsoftdocs-agent-skills-azure-policy

Azure Policy Skill

This skill provides expert guidance for Azure Policy. Covers troubleshooting, best practices, decision making, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.

How to Use This Skill

IMPORTANT for Agent: This file may be large. Use the Category Index below to locate relevant sections, then use read_file with specific line ranges (e.g., L136-L144) to read the sections needed for the user's question

IMPORTANT for Agent: If metadata.generated_at is more than 3 months old, suggest the user pull the latest version from the repository. If mcp_microsoftdocs tools are not available, suggest the user install it: Installation Guide

This skill requires network access to fetch documentation content:

  • Preferred: Use mcp_microsoftdocs:microsoft_docs_fetch with query string from=learn-agent-skill. Returns Markdown.
  • Fallback: Use fetch_webpage with query string from=learn-agent-skill&accept=text/markdown. Returns Markdown.

Category Index

CategoryLinesDescription
TroubleshootingL35-L41Diagnosing and fixing Azure Policy non-compliance, common policy evaluation/deployment errors, and Machine Configuration deployment and remediation issues.
Best PracticesL42-L57Designing effective Azure Policy definitions: effects, logical/value operators, arrays, tags, initiatives, parameters, and testing/behavior of Machine/Guest Configuration.
Decision MakingL58-L64Guidance for planning migrations from Azure Automation DSC, DSC extension, and Automanage Best Practices to Azure Policy/Machine Configuration, including mapping features and migration steps.
SecurityL65-L125Using Azure Policy and Machine Configuration for security baselines and mapping to compliance frameworks (CIS, NIST, ISO, PCI, FedRAMP, HIPAA, regional regs) across Azure and Azure Government.
ConfigurationL126-L141Authoring, assigning, storing, and securing Machine Configuration (guest configuration) packages and policies, plus prerequisites, networking, remediation, and compliance result analysis.
Integrations & Coding PatternsL142-L147Using Azure Resource Graph to query Azure Policy compliance data and guest configuration state across resources for reporting, auditing, and large-scale policy analysis
DeploymentL148-L157How to deploy and assign Machine Configuration packages via ARM/Bicep/Terraform/REST, publish packages to storage, and use safe deployment practices with Azure Policy.

Troubleshooting

TopicURL
Troubleshoot Azure Machine Configuration deploymentshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview/04-operations-troubleshooting
Diagnose causes of Azure Policy non-compliancehttps://learn.microsoft.com/en-us/azure/governance/policy/how-to/determine-non-compliance
Troubleshoot common Azure Policy errors and issueshttps://learn.microsoft.com/en-us/azure/governance/policy/troubleshoot/general

Best Practices

TopicURL
Test Machine Configuration packages with GuestConfiguration toolshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/3-test-package
Understand PSDSC behavior changes in Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/whats-new/psdsc-in-machine-configuration
Author Azure Policy rules for array propertieshttps://learn.microsoft.com/en-us/azure/governance/policy/how-to/author-policies-for-arrays
Count array members with Azure Policy count operatorhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-count-operator
Deploy resources using deployIfNotExists policieshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-deploy-resources
Choose and configure Azure Policy effectshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-effect-details
Apply field properties correctly in Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-fields
Group Azure Policy definitions into initiativeshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-group-with-initiative
Use logical operators effectively in Azure Policy ruleshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-logical-operators
Parameterize Azure Policy definitions for reusehttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-parameters
Enforce and inherit tags using Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-tags
Use the value operator safely in Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pattern-value-operator

Decision Making

TopicURL
Plan migration from Azure Automation DSC to Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/whats-new/migrating-from-azure-automation
Plan migration from DSC extension to Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/whats-new/migrating-from-dsc-extension
Plan migration from Automanage Best Practices to Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/how-to/migrate-from-automanage-best-practices

Security

TopicURL
Deploy Machine Configuration security baseline policieshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-security-baselines/deploy-a-baseline-policy-assignment
Customize Machine Configuration security baseline parametershttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-security-baselines/specify-custom-parameters-for-baseline-policy
Author JSON parameters for Machine Configuration baselineshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-security-baselines/understand-baseline-settings-parameter
Sign Machine Configuration packages and enforce signed contenthttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/6-sign-package
Map Azure Policy to Australian ISM PROTECTED controlshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/australia-ism
Apply Microsoft cloud security benchmark via Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/azure-security-benchmark
Use Azure Policy for Canada Federal PBMM compliancehttps://learn.microsoft.com/en-us/azure/governance/policy/samples/canada-federal-pbmm
Align Azure Policy with CIS Azure Benchmark 1.1.0https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-1-0
Align Azure Policy with CIS Azure Benchmark 1.3.0https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-3-0
Align Azure Policy with CIS Azure Benchmark 1.4.0https://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-1-4-0
Implement CIS Azure Benchmark 2.0.0 with Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-azure-2-0-0
Use CIS benchmarks for AlmaLinux via Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/alma-ado
Use CIS benchmarks for Debian via Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/debian-ado
Use CIS benchmarks for Oracle Linux via Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/oracle-ado
Use CIS benchmarks for RHEL via Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/rhel-ado
Use CIS benchmarks for Rocky Linux via Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/rocky-ado
Use CIS benchmarks for SUSE Linux via Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/suse-ado
Use CIS benchmarks for Ubuntu via Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/cis-linux/ubuntu-ado
Use Azure Policy to meet CMMC Level 3 controlshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/cmmc-l3
Map Azure Policy to FedRAMP High requirementshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/fedramp-high
Map Azure Policy to FedRAMP Moderate requirementshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/fedramp-moderate
Map Microsoft cloud security benchmark to Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-azure-security-benchmark
Align Azure Policy with CIS Azure Benchmark 1.1.0 (Gov)https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-cis-azure-1-1-0
Map CIS Azure 1.3.0 controls to Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-cis-azure-1-3-0
Use Azure Policy for CMMC Level 3 compliancehttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-cmmc-l3
Align Azure Government with FedRAMP High via Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-fedramp-high
Align Azure Government with FedRAMP Moderate via Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-fedramp-moderate
Implement IRS 1075 2016 controls with Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-irs-1075-sept2016
Use Azure Policy for ISO 27001:2013 compliancehttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-iso-27001
Use Azure Policy for NIST SP 800-171 R2https://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-171-r2
Implement NIST SP 800-53 R4 with Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-53-r4
Implement NIST SP 800-53 R5 with Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-nist-sp-800-53-r5
Support SOC 2 compliance in Azure Government with Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/gov-soc-2
Apply CIS Linux security baselines via Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-cis-linux
Apply Docker security baseline via guest configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-docker
Apply Linux security baseline via guest configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-linux
Apply Windows Server security baseline via guest configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-windows
Apply Windows Server 2025 security baseline via guest configurationhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/guest-configuration-baseline-windows-server-2025
Implement HIPAA HITRUST controls using Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/hipaa-hitrust
Use Azure Policy for IRS 1075 (2016) compliancehttps://learn.microsoft.com/en-us/azure/governance/policy/samples/irs-1075-sept2016
Align Azure Policy with ISO 27001:2013 controlshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/iso-27001
Use Azure Policy for Sovereignty Baseline Confidential compliancehttps://learn.microsoft.com/en-us/azure/governance/policy/samples/mcfs-baseline-confidential
Use Azure Policy for Sovereignty Baseline Global compliancehttps://learn.microsoft.com/en-us/azure/governance/policy/samples/mcfs-baseline-global
Use Azure Policy to meet NIST SP 800-171 R2https://learn.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-171-r2
Implement NIST SP 800-53 Rev. 4 with Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-53-r4
Implement NIST SP 800-53 Rev. 5 with Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/nist-sp-800-53-r5
Map Azure Policy to NL BIO Cloud Theme controlshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/nl-bio-cloud-theme
Implement PCI DSS 3.2.1 controls with Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pci-dss-3-2-1
Implement PCI DSS v4.0 controls with Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/pci-dss-4-0
Use Azure Policy for RBI IT Framework for Bankshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/rbi-itf-banks-2016
Use Azure Policy for RBI IT Framework for NBFChttps://learn.microsoft.com/en-us/azure/governance/policy/samples/rbi-itf-nbfc-2017
Map Azure Policy to RMIT Malaysia compliance controlshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/rmit-malaysia
Implement SOC 2 controls using Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/soc-2
Use Azure Policy for Spain ENS regulatory compliancehttps://learn.microsoft.com/en-us/azure/governance/policy/samples/spain-ens
Map Azure Policy to SWIFT CSP-CSCF v2021 controlshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/swift-csp-cscf-2021
Map Azure Policy to SWIFT CSP-CSCF v2022 controlshttps://learn.microsoft.com/en-us/azure/governance/policy/samples/swift-csp-cscf-2022
Use Azure Policy for UK OFFICIAL and NHS compliancehttps://learn.microsoft.com/en-us/azure/governance/policy/samples/ukofficial-uknhs

Configuration

TopicURL
Understand Machine Configuration assignment resources and metadatahttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/concepts/assignments
Configure remediation options for Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/concepts/remediation-options
Assign built-in Machine Configuration policieshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-built-in-policies
Create custom Machine Configuration policy definitionshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/create-policy-definition
Install GuestConfiguration authoring module for Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/1-set-up-authoring-environment
Create custom Machine Configuration package artifactshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/2-create-package
Configure access to Machine Configuration packages in Azure Storagehttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/5-access-package
Develop custom Machine Configuration packageshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/overview
View and analyze Machine Configuration compliance resultshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/view-compliance
Configure prerequisites for Azure Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview/02-setup-prerequisites
Configure network and endpoints for Machine Configurationhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/overview/03-network-requirements
Use built-in guest configuration packages in Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/built-in-packages

Integrations & Coding Patterns

TopicURL
Query Azure Policy data with Azure Resource Graphhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/resource-graph-samples
Query guest configuration state via Resource Graphhttps://learn.microsoft.com/en-us/azure/governance/policy/samples/resource-graph-samples-guest-configuration

Deployment

TopicURL
Deploy Machine Configuration assignments with ARM templateshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/azure-resource-manager
Deploy Machine Configuration assignments with Bicephttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/bicep
Assign Machine Configuration packages using templateshttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/overview
Create Machine Configuration assignments using REST APIhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/rest-api
Deploy Machine Configuration assignments using Terraformhttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/assign-configuration/terraform
Publish Machine Configuration packages to Azure storagehttps://learn.microsoft.com/en-us/azure/governance/machine-configuration/how-to/develop-custom-package/4-publish-package
Apply safe deployment practices to Azure Policyhttps://learn.microsoft.com/en-us/azure/governance/policy/how-to/policy-safe-deployment-practices

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

azure-security

No summary provided by upstream source.

Repository SourceNeeds Review
-7
microsoftdocs
Automation

azure-architecture

No summary provided by upstream source.

Repository SourceNeeds Review
-10
microsoftdocs
Automation

azure-logic-apps

No summary provided by upstream source.

Repository SourceNeeds Review
-8
microsoftdocs