Azure Policy Visual Studio Code Extension

Azure Policy enforces standards and evaluates compliance at scale for your Azure environment. This extension is for authoring and managing policy definitions and assignments.

Overview

Azure Policy Visual Studio Code extension simplifies the experience of authoring policies by enabling alias property look-up inline with the resource or policy definition.

To use

On the top left in the 'Resources' tree view, under each subscription there are two folders: 'Resource Providers' and 'Resource Groups'. Under 'Resource Providers', resources are divided by resource provider such as 'Microsoft.Compute' or 'Microsoft.Network' that are registered to the selected subscription. This view shows all resources, including proxy resources, organized by Resource Provider namespace and resource type. Under 'Resource Groups', resources are divided by resource group. The Resource Groups view shows only tracked resources (resources that are members of a resource group).

At the bottom left, in the 'Policies' tree view, under each subscription there are four folders: 'Built-in Policies', 'Custom Policies', 'Policy Assignments', and 'Policy Initiatives'. This view shows all of the policy objects for the given subscription divided by those types.

Features

• View resource and policy contents
  • Select a tree view node to view the contents of the resource or policy in a tab on the right.
• Quick view of aliases
  • Hover over resource property or values to discover a property's alias.
• Tree view
  • View resources, definitions, and assignments at subscription level.
  • Search for resources and policies in the Command Palette.
• Settings to select four different filtered views for resources
  • Filter By Any Aliases: Under 'Resource Providers' show only namespaces and resource types that have published policy aliases.
  • Filter By Existing Resources: In the 'Resources' tree view show only namespaces, resource types, and resource groups that actually contain resources (no empty folders). When only this setting is enabled, opening the 'Resource Providers' folder the first time in a session will take a long time, since each resource type must be queried to determine whether the subscription contains any resources of that type.
  • Both filters combined together: This is the default setting, and will typically result in taking much less time to open the 'Resource Providers' folder, since fewer resource types must be queried.
  • Neither of the above filters: With all filtering disabled, the 'Resource Providers' folder will open quickly, but will contain many empty folders. This may be preferrable when looking for a few known namespaces and resource types.

Notes

• This extension only displays the objects shown in the tree view, it does not support creating objects or updating existing objects. In some cases, the contents displayed can be used in other Azure interfaces to create or modify resources. For example, policy definition contents can be pasted into the Azure portal or a command line with some modification to create or update existing policies.
• Nodes that refer to a resource will open in a tab when selected. Others are structural and can be expanded or closed. Below the 'Resource Providers' folder, many nodes do both, since they represent a resource, but also have sub types.
• If you haven’t previously signed into Azure from Visual Studio Code, you will need to sign in. After signing in, you may also filter by subscriptions. To sign in, select 'View' -> 'Command Palette' and select 'Azure: Sign in'. To filter subscriptions select 'Azure: Select Subscriptions' command.

Compatibility

Visual Studio Code version 1.39.2 and higher

Operating system:

• Windows (x64)
• Mac (x64)
• Ubuntu (x64)

Related links

Visual Studio Code extension documentation: https://docs.microsoft.com/azure/governance/policy/how-to/extension-for-vscode

What's coming...

• Policy structure syntax highlighting
• Policy and alias validation
• Policy compliance state testing

Ideas, feature requests and bugs: Email authorpolicy@microsoft.com! We are open to all ideas and we want to get rid of bugs!

Release History

See the changelog for this extension

Telemetry

Visual Studio Code collects usage data and sends it to Microsoft to help improve our products and services. Read our privacy statement to learn more. If you don’t wish to send usage data to Microsoft, you can set the telemetry.enableTelemetry setting to false. Learn more in our FAQ.

License

This extension is licensed under the MIT license. By downloading and using the Visual Studio Azure Policy extension and its related components, you agree to the product license terms and privacy statement.