Azure 服务的推荐策略Recommended policies for Azure services

不熟悉 Azure Policy 的客户通常会寻找常见的策略定义来管理和治理其资源。Customers who are new to Azure Policy often look to find common policy definitions to manage and govern their resources. Azure Policy 的推荐策略提供了重要的常见策略定义列表以帮助你开始使用。Azure Policy's Recommended policies provides a focused list of common policy definitions to start with. 支持资源的门户体验中嵌入了该资源的推荐策略体验。The Recommended policies experience for supported resources is embedded within the portal experience for that resource.

有关其他 Azure Policy 内置定义,请参阅 Azure Policy 内置定义For additional Azure Policy built-ins, see Azure Policy built-in definitions.

Azure 虚拟机Azure Virtual Machines

Azure 虚拟机的推荐策略位于虚拟机“概述”页面的“功能”选项卡下方 。在 Azure Policy 卡中,选择“未配置”或“分配的编号”文本,以打开具有推荐策略的侧窗格。The Recommended policies for Azure Virtual Machines are on the Overview page for virtual machines and under the Capabilities tab. In the Azure Policy card, select the "Not configured" or "# assigned" text to open a side pane with the recommended policies. 已分配到虚拟机所属作用域的任何策略定义均呈灰显。选择推荐策略以应用于该虚拟机,然后选择“分配策略”以分配每一个策略。Any policy definition already assigned to a scope the virtual machine is a member of is grayed-out. Select the recommended policies to apply to this virtual machine and select Assign policies to create an assignment for each.

当组织可以成熟地组织其资源和资源层次结构时,建议将这些策略分配从每个资源分配一个策略转换为订阅或管理组级别。As an organization reaches maturity with organizing their resources and resource hierarchy, it's recommended to transition these policy assignments from one per resource to the subscription or management group level.

名称Name
(Azure 门户)(Azure portal)
说明Description 效果Effect(s) 版本Version
(GitHub)(GitHub)
审核未配置灾难恢复的虚拟机Audit virtual machines without disaster recovery configured 审核未配置灾难恢复的虚拟机。Audit virtual machines which do not have disaster recovery configured. 若要详细了解灾难恢复,请访问 https://aka.ms/asr-docTo learn more about disaster recovery, visit https://aka.ms/asr-doc. auditIfNotExistsauditIfNotExists 1.0.01.0.0
审核未使用托管磁盘的 VMAudit VMs that do not use managed disks 此策略审核未使用托管磁盘的 VMThis policy audits VMs that do not use managed disks 审核audit 1.0.01.0.0
应为虚拟机启用 Azure 备份Azure Backup should be enabled for Virtual Machines 启用 Azure 备份,确保对 Azure 虚拟机提供保护。Ensure protection of your Azure Virtual Machines by enabling Azure Backup. Azure 备份是一种安全且经济高效的 Azure 数据保护解决方案。Azure Backup is a secure and cost effective data protection solution for Azure. AuditIfNotExists、DisabledAuditIfNotExists, Disabled 1.0.11.0.1

后续步骤Next steps