Hi, I'm Nicholas 👋

I'm a Senior Platform Engineer

About

Community-Events

Community-Sessions

Azure

Azure Devops

Devops

Kubernetes

Powershell

Terraform

Buy Me A Coffee
Welcome / Azures / Using Azure Policy to Restrict Virtual Machine Size and Location

Using Azure Policy to Restrict Virtual Machine Size and Location

Date published:

Introduction

Azure Policy is a powerful tool to enforce validation on your Azure resources. For example, you could create a policy limiting the size of VMs deployed in a subscription or limiting the scope of the Virtual machine.

Setting up Azure Policy to restrict VM Size

To create a policy that limits the size of VMs, follow these steps:

Search for the policy definition “Allowed virtual machine size SKUs” and click on it. This policy definition will allow you to specify the size of VMs. Select the policy and assign it to a scope, such as a subscription or a resource group.

Click on the assign option, select the scope, and give it an appropriate name. In this example, I will assign the policy to a subscription and name it “Limit VM Size”. Leave policy enforcement to default and click next, and in the parameters section, select the size of VMs you want to allow.

In this example, I will select all the Basic and all the Standard B series sizes, then click Review + Create. The policy can take up to 30 minutes to be applied.

Restrict VM Location

On the policy definition page, search for the policy definition “Allowed locations” and click on it. Select the policy, assign it to a scope, such as a subscription or a resource group, and give it a name. In this example, I set the policy to a subscription scope and named it “Allowed locations for Azure resources”.

Repeat the same steps as above to assign the policy, except this time, select the location that you want to allow. In this example, I will choose only the UK South location.

In the policy assignments, you should have two policies assigned to it. One called Limit VM size and one for the location known as Allowed locations for Azure resources.

Testing Policy

To test the Azure policy that you have created, go to the Azure portal and create a new VM. When you deploy a new Virtual Machine, put the location to North Europe and the size to Standard_D2s_v3, you will get an error message indicating two policies enforced.

To fix the issue, return to the virtual machine, change the location to UK South and the size to Standard_B1s, and click Review + Create. You should now be able to create the VM.

Conlusion

In this blog, I show you how to use Azure Policy to restrict the size of a Virtual Machine and a region. This is a great way to ensure that your VMs are manageable, which can lead to higher costs and slower performance if your organisation only uses one location. This blog has been helpful for you and will help you create more efficient VMs in the future.