Azure - Audit/Append Azure Hybrid Benefit using Azure Policy
Introduction
Hello All, Happy to see you again in this post.
I hope you all know about the Azure hybrid benefit so i'm not doing to deep dive into this. In simple words, If you've Software assurance for the Windows VMs & SQL Servers you can utilize the existing licesense into Azure or Any other cloud.
As there is no policy available, the following policy will help you to audit the Hybrid Benefit for the Azure VMs and SQL Managed Instances and we can easily figure out what is complaint and not.
So i worked on creating the policy and here is the code that can be used for achieving the AHB audit.
#Code stars here,
{
"mode": "All",
"policyRule": {
"if": {
"anyOf": [
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/imagePublisher",
"in": [
"MicrosoftWindowsServer",
"MicrosoftWindowsClient"
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/licenseType",
"notEquals": "Windows_Server"
},
{
"field": "Microsoft.Compute/licenseType",
"notEquals": "Windows_Client"
}
]
}
]
},
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
"equals": "Windows"
},
{
"allOf": [
{
"field": "Microsoft.Compute/licenseType",
"notEquals": "Windows_Server"
},
{
"field": "Microsoft.Compute/licenseType",
"notEquals": "Windows_Client"
}
]
}
]
},
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Sql/servers/databases"
},
{
"allOf": [
{
"field": "Microsoft.Sql/servers/databases/licenseType",
"notEquals": "BasePrice"
}
]
}
]
}
]
},
"then": {
"effect": "audit"
}
},
"parameters": {}
}
#Code ends
In case if you want AHB benefit to be applied or deny automatically while creating it, then use the below one,
{
"mode": "All",
"policyRule": {
"if": {
"anyOf": [
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/imagePublisher",
"in": [
"MicrosoftWindowsServer",
"MicrosoftWindowsClient"
]
},
{
"allOf": [
{
"field": "Microsoft.Compute/licenseType",
"notEquals": "Windows_Server"
},
{
"field": "Microsoft.Compute/licenseType",
"notEquals": "Windows_Client"
}
]
}
]
},
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
{
"field": "Microsoft.Compute/virtualMachines/storageProfile.osDisk.osType",
"equals": "Windows"
},
{
"allOf": [
{
"field": "Microsoft.Compute/licenseType",
"notEquals": "Windows_Server"
},
{
"field": "Microsoft.Compute/licenseType",
"notEquals": "Windows_Client"
}
]
}
]
},
{
"allOf": [
{
"field": "type",
"equals": "Microsoft.Sql/servers/databases"
},
{
"field": "Microsoft.Sql/servers/databases/sku.tier",
"notIn": "[parameters('NotApplicableSkuTiers')]"
},
{
"field": "Microsoft.Sql/servers/databases/sku.name",
"notLike": "GP_S*"
},
{
"allOf": [
{
"field": "Microsoft.Sql/servers/databases/licenseType",
"notEquals": "BasePrice"
}
]
}
]
}
]
},
"then": {
"effect": "append",
"details": [
{
"field": "Microsoft.Compute/licenseType",
"value": "Windows_Server"
},
{
"field": "Microsoft.Sql/servers/databases/licenseType",
"value": "BasePrice"
}
]
}
},
"parameters": {
"NotApplicableSkuTiers": {
"type": "Array",
"allowedValues": [
"Basic",
"Standard",
"Premium"
],
"defaultValue": [
"Basic",
"Standard",
"Premium"
]
}
}
}
Comments